[CERT-daily] Tageszusammenfassung - 19.01.2024

Fri Jan 19 18:08:54 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 18-01-2024 18:00 − Freitag 19-01-2024 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ TeamViewer abused to breach networks in new ransomware attacks ∗∗∗
---------------------------------------------
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/teamviewer-abused-to-breach-networks-in-new-ransomware-attacks/


∗∗∗ macOS Python Script Replacing Wallet Applications with Rogue Apps, (Fri, Jan 19th) ∗∗∗
---------------------------------------------
Still today, many people think that Apple and its macOS are less targeted by malware. But the landscape is changing and threats are emerging in this ecosystem too.
---------------------------------------------
https://isc.sans.edu/diary/rss/30572


∗∗∗ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software ∗∗∗
---------------------------------------------
Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines.
---------------------------------------------
https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html


∗∗∗ Taking over WhatsApp accounts by reading voicemails ∗∗∗
---------------------------------------------
The investigation is centered on a vulnerability related to the Personal Identification Number (PIN) required for authenticating WhatsApp’s account backup feature. I describe how this PIN could be compromised through a voice call backup delivery method, forcing the call to go voicemail, and spoofing the victims phone number to read their voicemail.
---------------------------------------------
https://medium.com/@rramgattie/taking-over-whatsapp-accounts-by-reading-voicemails-68ad70dc2499


∗∗∗ Recovery Scam: Kriminelle geben sich als blockchain.com aus und informieren über angeblich ruhende Bitcoin-Wallet ∗∗∗
---------------------------------------------
Opfer einer betrügerischen Trading-Plattform erleiden mitunter erhebliche finanzielle Verluste. Entsprechend groß ist die Verzweiflung und der Wunsch, das Geld zurückzubekommen. Kriminelle nutzen dies aus und kontaktieren die Opfer nach einiger Zeit erneut.
---------------------------------------------
https://www.watchlist-internet.at/news/recovery-scam-kriminelle-geben-sich-als-blockchaincom-aus-und-informieren-ueber-angeblich-ruhende-bitcoin-wallet/


∗∗∗ Virtual kidnapping: How to see through this terrifying scam ∗∗∗
---------------------------------------------
Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims.
---------------------------------------------
https://www.welivesecurity.com/en/scams/virtual-kidnapping-see-through-scam/


∗∗∗ Ivanti Connect Secure VPN Exploitation: New Observations ∗∗∗
---------------------------------------------
Volexity also recently learned of a potential issue that organizations may be facing when attempting to bring fresh Ivanti Connect Secure VPN appliances back online that leave them in a vulnerable state. These findings may partially account for why there has been an increase in compromised systems in subsequent scans.
---------------------------------------------
https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMware confirms critical vCenter flaw now exploited in attacks ∗∗∗
---------------------------------------------
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vmware-confirms-critical-vcenter-flaw-now-exploited-in-attacks/


∗∗∗ Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package ∗∗∗
---------------------------------------------
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines.
---------------------------------------------
https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html


∗∗∗ Smartphones und mehr: Auch Umgebungslichtsensoren können spionieren ∗∗∗
---------------------------------------------
Nicht nur Smartphone-Kameras können Personen ausspionieren, sondern auch Umgebungslichtsensoren. Das geht aus einer in "Science" veröffentlichen Studie hervor. 
---------------------------------------------
https://heise.de/-9601724


∗∗∗ Angreifer attackieren Ivanti EPMM und MobileIron Core ∗∗∗
---------------------------------------------
Angreifer nutzen derzeit eine kritische Sicherheitslücke in Ivanti EPMM und MobileIron Core aus.
---------------------------------------------
https://www.heise.de/news/Angreifer-attackieren-Ivanti-EPMM-und-MobileIron-Core-9602207.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (ImageMagick), Debian (chromium), Fedora (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), Mageia (tinyxml), Oracle (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), Red Hat (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), SUSE (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and Ubuntu (pam and zookeeper).
---------------------------------------------
https://lwn.net/Articles/958676/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), Oracle (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), Red Hat (java-11-openjdk, python-requests, and python-urllib3), SUSE (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and Ubuntu (filezilla and xerces-c).
---------------------------------------------
https://lwn.net/Articles/958760/


∗∗∗ Important Progress OpenEdge Critical Alert for Progress Application Server in OpenEdge (PASOE) - Arbitrary File Upload Vulnerability in WEB Transport ∗∗∗
---------------------------------------------
https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport


∗∗∗ ZDI Security Advisories ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily