[CERT-daily] Tageszusammenfassung - 09.01.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 08-01-2024 18:00 − Dienstag 09-01-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware ∗∗∗
---------------------------------------------
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023.
---------------------------------------------
https://thehackernews.com/2024/01/alert-water-curupira-hackers-actively.html


∗∗∗ Skrupel nur vorgeschoben? Ransomware-Banden attackieren Kliniken ∗∗∗
---------------------------------------------
Zwar zürnt der Lockbit-Betreiber öffentlich mit einem Handlanger, ist sich dennoch für Krankenhaus-Erpressung nicht zu schade. Andere bedrohen gar Patienten.
---------------------------------------------
https://www.heise.de/news/Skrupel-nur-vorgeschoben-Ransomware-Banden-attackieren-Kliniken-9591987.html


∗∗∗ Vorsicht vor Phishing-Mails im Namen der KingBill GmbH ∗∗∗
---------------------------------------------
In einem gefälschten E-Mail im Namen der „KingBill GmbH“ werden Sie gebeten, Ihre offenen Zahlungen an KingBill zu sperren. Angeblich werden ausstehende Rechnungen nun auf eine Nebenkontoverbindung verrechnet. Sie werden aufgefordert, umgehend auf das E-Mail zu antworten. Bei diesem E-Mail handelt es sich aber um Betrug, um Ihnen Geld zu stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-phishing-mails-im-namen-der-kingbill-gmbh/


∗∗∗ Roles allowing to abuse Entra ID federation for persistence and privilege escalation ∗∗∗
---------------------------------------------
Microsoft Entra ID (formerly known as Azure AD) allows delegation of authentication to another identity provider through the legitimate federation feature. However, attackers with elevated privileges can abuse this feature, leading to persistence and privilege escalation.
---------------------------------------------
https://medium.com/tenable-techblog/roles-allowing-to-abuse-entra-id-federation-for-persistence-and-privilege-escalation-df9ca6e58360


∗∗∗ New decryptor for Babuk Tortilla ransomware variant released ∗∗∗
---------------------------------------------
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.
---------------------------------------------
https://blog.talosintelligence.com/decryptor-babuk-tortilla/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SAP-Patchday: Teils kritische Lücken in Geschäftssoftware ∗∗∗
---------------------------------------------
Der Januar-Patchday von SAP behandelt teils kritische Sicherheitslücken. Zu insgesamt zehn Schwachstellen gibt es Sicherheitsnotizen.
---------------------------------------------
https://www.heise.de/news/SAP-Patchday-Teils-kritische-Luecken-in-Geschaeftssoftware-9591479.html


∗∗∗ Synology warnt vor Sicherheitslücke im DSM-Betriebssystem ∗∗∗
---------------------------------------------
Synology gibt eine Warnung vor einer Sicherheitslücke im DSM-Betriebssystem für NAS-Systeme heraus. Updates stehen länger bereit.
---------------------------------------------
https://www.heise.de/news/Synology-warnt-vor-Sicherheitsluecke-im-DSM-Betriebssystem-9591871.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (squid), Fedora (podman), Mageia (dropbear), SUSE (eclipse-jgit, jsch, gcc13, helm3, opusfile, qt6-base, thunderbird, and wireshark), and Ubuntu (clamav, libclamunrar, and qemu).
---------------------------------------------
https://lwn.net/Articles/957236/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ SSA-794653 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-794653.html


∗∗∗ SSA-786191 V1.0: Local Privilege Escalation Vulnerability in Spectrum Power 7 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-786191.html


∗∗∗ SSA-777015 V1.0: Multiple Vulnerabilities in SIMATIC CN 4100 before V2.7 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-777015.html


∗∗∗ SSA-702935 V1.0: Redfish Server Vulnerability in maxView Storage Manager ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-702935.html


∗∗∗ SSA-589891 V1.0: Multiple PAR File Parsing Vulnerabilities in Solid Edge ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-589891.html


∗∗∗ SSA-583634 V1.0: Command Injection Vulnerability in the CPCI85 Firmware of SICAM A8000 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-583634.html


∗∗∗ Open Port 8899 in BCC Thermostat Product ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-473852.html


∗∗∗ CVE-2023-48795 Impact of Terrapin SSH Attack (Severity: NONE) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2023-48795

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily