Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 22.12.2023
by Daily end-of-shift report 22 Dec '23

22 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-12-2023 18:00 − Freitag 22-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Microsoft: Hackers target defense firms with new FalseFont malware ∗∗∗ --------------------------------------------- Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-def… ∗∗∗ Europol warns 443 online shops infected with credit card stealers ∗∗∗ --------------------------------------------- Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. --------------------------------------------- https://www.bleepingcomputer.com/news/security/europol-warns-443-online-sho… ∗∗∗ Have your data and hide it too: An introduction to differential privacy ∗∗∗ --------------------------------------------- Providing software and web services that deliver value for users often requires measuring user behavior. In this blog we discuss emerging cryptographic and statistical techniques that enable collecting such measurements without violating user privacy --------------------------------------------- https://blog.cloudflare.com/have-your-data-and-hide-it-too-an-introduction-… ∗∗∗ Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware ∗∗∗ --------------------------------------------- A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. --------------------------------------------- https://thehackernews.com/2023/12/multi-million-dollar-predator-spyware.html ∗∗∗ Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware ∗∗∗ --------------------------------------------- A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers unfamiliarity can hamper their investigation," [...] --------------------------------------------- https://thehackernews.com/2023/12/decoy-microsoft-word-documents-used-to.ht… ∗∗∗ Cyber sleuths reveal how they infiltrate the biggest ransomware gangs ∗∗∗ --------------------------------------------- How do you break into the bad guys ranks? Master the lingo and research, research, research --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/12/22/how_to_infil… ∗∗∗ Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher ∗∗∗ --------------------------------------------- A researcher has shown how malicious actors can create custom GPTs that can phish for credentials and exfiltrate them to external servers. --------------------------------------------- https://www.securityweek.com/malicious-gpt-can-phish-credentials-exfiltrate… ∗∗∗ CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool ∗∗∗ --------------------------------------------- CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/21/cisa-releases-microsoft-… ∗∗∗ Python Packages Leverage GitHub to Deploy Fileless Malware ∗∗∗ --------------------------------------------- In early December, a number of malicious Python packages captured our attention, not just because of their malicious nature, but for the cleverness of their deployment strategy. --------------------------------------------- https://checkmarx.com/blog/python-packages-leverage-github-to-deploy-filele… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI Security Advisories ∗∗∗ --------------------------------------------- BlueZ, Kofax Power PDF --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bluez, chromium, gst-plugins-bad1.0, openssh, and thunderbird), Fedora (chromium, firefox, kernel, libssh, nss, opensc, and thunderbird), Gentoo (Arduino, Exiv2, LibRaw, libssh, NASM, and QtWebEngine), Mageia (gstreamer), and SUSE (gnutls, gstreamer-plugins-bad, libcryptopp, libqt5-qtbase, ppp, tinyxml, xorg-x11-server, and zbar). --------------------------------------------- https://lwn.net/Articles/956012/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2023
by Daily end-of-shift report 21 Dec '23

21 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-12-2023 18:00 − Donnerstag 21-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ New phishing attack steals your Instagram backup codes to bypass 2FA ∗∗∗ --------------------------------------------- A new phishing campaign pretending to be a copyright infringement email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-y… ∗∗∗ Fake F5 BIG-IP zero-day warning emails push data wipers ∗∗∗ --------------------------------------------- The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warn… ∗∗∗ Android malware Chameleon disables Fingerprint Unlock to steal PINs ∗∗∗ --------------------------------------------- The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-malware-chameleon-di… ∗∗∗ Windows CLFS and five exploits used by ransomware operators ∗∗∗ --------------------------------------------- We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities. --------------------------------------------- https://securelist.com/windows-clfs-exploits-ransomware/111560/ ∗∗∗ Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518), (Wed, Dec 20th) ∗∗∗ --------------------------------------------- Attacks for the vulnerability started early in November, shortly after the vulnerability was announced. At the time, the attacks were more targeted to specific hosts. Now we are seeing more widespread scans typical for attackers trying to "clean up" instances earlier attacks may have missed. --------------------------------------------- https://isc.sans.edu/diary/rss/30502 ∗∗∗ Weaponizing DHCP DNS Spoofing — A Hands-On Guide ∗∗∗ --------------------------------------------- In this second blog post, we aim to elaborate on some of the technical details that are required to exploit this attack surface. We will detail the methods used to collect all the necessary information to conduct the attacks, describe some attack limitations, and explore how we can spoof multiple DNS records by abusing an interesting DHCP server behavior. --------------------------------------------- https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing… ∗∗∗ Kritische Lücken in Mobile-Device-Management-Lösung Ivanti Avalanche geschlossen ∗∗∗ --------------------------------------------- Angreifer können Ivanti Avalanche mit Schadcode attackieren. Eine reparierte Version steht zum Download bereit. --------------------------------------------- https://www.heise.de/-9580221 ∗∗∗ BSI veröffentlicht Studie zu Implementierungsangriffen auf QKD-Systeme ∗∗∗ --------------------------------------------- Das BSI hat eine wissenschaftliche Studie über Implementierungsangriffe auf Quantum Key Distribution (QKD)-Systeme veröffentlicht. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Spoofing: Spätestens im Herbst 2024 soll mit dem Betrug Schluss sein ∗∗∗ --------------------------------------------- Alle österreichischen Telefonnummern erhalten ein "Mascherl", das sie als echt ausweist. Provider haben bis 1. September Zeit, die neue Verordnung umzusetzen. --------------------------------------------- https://www.derstandard.at/story/3000000200615/spoofing-spaetestens-im-herb… ∗∗∗ security.txt: A Simple File with Big Value ∗∗∗ --------------------------------------------- Our team at CISA often receives questions about why creation of a “security.txt” file was included as one of the priority Cybersecurity Performance Goals (CPGs). Why is it so important? Well, it’s such a simple concept, but it provides great value to all of those involved in vulnerability management and disclosure. --------------------------------------------- https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI Security Advisories ∗∗∗ --------------------------------------------- Voltronic Power ViewPower, Hancom Office, Honeywell Saia PG5 Controls Suite --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ Google Chrome: Update schließt bereits angegriffene Zero-Day-Lücke ∗∗∗ --------------------------------------------- Googles Entwickler haben ein Update für Chrome veröffentlicht, das eine bereits angegriffene Sicherheitslücke abdichtet. --------------------------------------------- https://www.heise.de/-9580061 ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023) ∗∗∗ --------------------------------------------- Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 7 Vulnerability Researchers that contributed to WordPress Security last week. --------------------------------------------- https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (kernel), Mageia (bluez), Oracle (fence-agents, gstreamer1-plugins-bad-free, opensc, openssl, postgresql:10, and postgresql:12), Red Hat (postgresql:15 and tigervnc), Slackware (proftpd), and SUSE (docker, rootlesskit, firefox, go1.20-openssl, go1.21-openssl, gstreamer-plugins-bad, libreoffice, libssh2_org, poppler, putty, rabbitmq-server, wireshark, xen, xorg-x11-server, and xwayland). --------------------------------------------- https://lwn.net/Articles/955914/ ∗∗∗ ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature ∗∗∗ --------------------------------------------- ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted. --------------------------------------------- https://www.securityweek.com/eset-patches-high-severity-vulnerability-in-se… ∗∗∗ Drupal: Data Visualisation Framework - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-055 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-055 ∗∗∗ Foxit: Security Advisories for Foxit PDF Reader ∗∗∗ --------------------------------------------- https://www.foxit.com/support/security-bulletins.html ∗∗∗ NETGEAR: Security Advisory for Stored Cross Site Scripting on the NMS300, PSV-2023-0106 ∗∗∗ --------------------------------------------- https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Sc… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/21/cisa-adds-two-known-expl… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2023
by Daily end-of-shift report 20 Dec '23

20 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-12-2023 18:00 − Mittwoch 20-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Datenleckseite beschlagnahmt: Das FBI und die ALPHV-Hacker spielen Katz und Maus ∗∗∗ --------------------------------------------- Das FBI hat die Datenleckseite der Ransomwaregruppe ALPHV beschlagnahmt. Die Hacker haben jedoch auch noch Zugriff darauf. Sie drohen nun mit neuen Regeln. --------------------------------------------- https://www.golem.de/news/datenleckseite-beschlagnahmt-das-fbi-und-die-alph… ∗∗∗ Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster ∗∗∗ --------------------------------------------- Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns."Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," [...] --------------------------------------------- https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.h… ∗∗∗ Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla ∗∗∗ --------------------------------------------- First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office. --------------------------------------------- https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2… ∗∗∗ New MetaStealer malvertising campaigns ∗∗∗ --------------------------------------------- In recent malvertising campaigns, threat actors dropped the MetaStealer information stealer, more or less coinciding with a new version release. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metasteal… ∗∗∗ BSI und ANSSI veröffentlichen Publikation zu Remote Identity Proofing ∗∗∗ --------------------------------------------- Das BSI hat zusammen mit der französischen Behörde für IT-Sicherheit, ANSSI, eine gemeinsame Publikation veröffentlicht. Die diesjährige Veröffentlichung beschäftigt sich mit den Gefahren und möglichen Angriffsvektoren, die in den verschiedenen Phasen der videobasierten Identifikation entstehen. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets ∗∗∗ --------------------------------------------- Malicious JavaScript is used to steal PPI via survey sites, web chat APIs and more. We detail how JavaScript malware is implemented and evades detection. --------------------------------------------- https://unit42.paloaltonetworks.com/malicious-javascript-steals-sensitive-d… ∗∗∗ Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows ∗∗∗ --------------------------------------------- In recent developments, a sophisticated malware stealer strain crafted in the Go programming language has been discovered by AT&T Alien Labs, posing a severe threat to both Windows and macOS operating systems. As of the time of publishing of this article, traditional antivirus solutions have low or even non-existent detection rates, making it a stealthy and formidable adversary. --------------------------------------------- https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskago… ∗∗∗ Spike in Atlassian Exploitation Attempts: Patching is Crucial ∗∗∗ --------------------------------------------- In the blog we discuss the importance of securing your Atlassian products, provide valuable insights on various IP activities, and offer friendly advice on proactive measures to protect your organization. --------------------------------------------- https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patc… ∗∗∗ Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors ∗∗∗ --------------------------------------------- Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign presented to users in sponsored search engine results and social media posts, consistent with activity reported in From DarkGate to DanaBot. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and leveraged malicious advertisements to affect multiple organizations, which resulted in the delivery of the DANABOT and DARKGATE backdoors. --------------------------------------------- https://www.mandiant.com/resources/blog/detecting-disrupting-malvertising-b… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-1810: QEMU NVMe Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to disclose sensitive information on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-1810/ ∗∗∗ ZDI-23-1813: Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-1813/ ∗∗∗ Sitefinity Security Advisory for Addressing Security Vulnerability CVE-2023-6784, December 2023 ∗∗∗ --------------------------------------------- The Progress Sitefinity team recently discovered a MEDIUM CVSS vulnerability in the Sitefinity application available under # CVE-2023-6784. A fix has been developed and tested – and is now available for download. Below you can find information about the discoveries and version-specific product updates for supported versions. --------------------------------------------- https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-A… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (ansible and ansible-core), Gentoo (Minecraft Server and thunderbird), Mageia (fusiondirectory), Red Hat (gstreamer1-plugins-bad-free, opensc, and openssl), Slackware (libssh and mozilla), SUSE (avahi, firefox, ghostscript, gstreamer-plugins-bad, mariadb, openssh, openssl-1_1-livepatches, python-aiohttp, python-cryptography, xorg-x11-server, and xwayland), and Ubuntu (libssh and openssh). --------------------------------------------- https://lwn.net/Articles/955786/ ∗∗∗ Apple Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review Apple security releases and apply necessary updates. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/20/apple-releases-security-… ∗∗∗ New Ivanti Avalanche Vulnerabilities ∗∗∗ --------------------------------------------- As part of our ongoing strengthening of the security of our products we have discovered twenty new vulnerabilities in the Ivanti Avalanche on-premise product. We are reporting these vulnerabilities as the CVE numbers listed below. These vulnerabilities impact all supported versions of the products – Avalanche versions 6.3.1 and above. Older versions/releases are also at risk. This release corrects multiple memory corruption vulnerabilities, covered in these security advisories: [...] --------------------------------------------- https://www.ivanti.com/blog/new-ivanti-avalanche-vulnerabilities ∗∗∗ Multiple vulnerabilites in D-Link G416 routers ∗∗∗ --------------------------------------------- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name… ∗∗∗ K000137965 : Apache Tomcat vulnerability CVE-2023-45648 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137965 ∗∗∗ K000137966 : Apache Tomcat vulnerability CVE-2023-42794 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137966 ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities. [CVE-2022-42889, CVE-2023-35001, CVE-2023-32233] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7095693 ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7087688 ∗∗∗ IBM Maximo Application Suite - IoT Component uses Pygments-2.14.0-py3-none-any.whl which is vulnerable to CVE-2022-40896 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7099774 ∗∗∗ IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7099772 ∗∗∗ IBM Sterling B2B Integrator EBICs client affected by multiple issues due to Jettison ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7099862 ∗∗∗ IBM Security Guardium is affected by a guava-18.0.jar vulnerability (CVE-2023-2976) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7099896 ∗∗∗ Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7100525 ∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7100884 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2023
by Daily end-of-shift report 19 Dec '23

19 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Montag 18-12-2023 18:00 − Dienstag 19-12-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Akute Welle an DDoS Angriffen auf staatsnahe und kritische Infrastruktur in Österreich ∗∗∗ --------------------------------------------- Seit Kurzem sehen sich österreichische staatliche/staatsnahe Organisationen sowie Unternehmen der kritischen Infrastruktur vermehrt mit DDoS Angriffen konfrontiert. Die genauen Hintergründe der Attacken sind uns zurzeit nicht bekannt, Hinweise für eine hacktivistische Motivation liegen jedoch vor. In Anbetracht der aktuellen Geschehnisse empfehlen wir Unternehmen und Organisationen, die eigenen Prozesse und technischen Maßnahmen nochmals auf ihre Wirksamkeit zu überprüfen, um im Fall eines Angriffes bestmöglich gewappnet zu sein. Dies gilt insbesondere, da eine Intensivierung der Angriffe nicht ausgeschlossen werden kann. --------------------------------------------- https://cert.at/de/aktuelles/2023/12/akute-welle-an-ddos-angriffen-auf-staa… ∗∗∗ Neue Angriffstechnik: Terrapin schwächt verschlüsselte SSH-Verbindungen ∗∗∗ --------------------------------------------- Ein Angriff kann wohl zur Verwendung weniger sicherer Authentifizierungsalgorithmen führen. Betroffen sind viele gängige SSH-Implementierungen. --------------------------------------------- https://www.golem.de/news/neue-angriffstechnik-terrapin-schwaecht-verschlue… ∗∗∗ FBI disrupts Blackcat ransomware operation, creates decryption tool ∗∗∗ --------------------------------------------- The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operations servers to monitor their activities and obtain decryption keys. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-disrupts-blackcat-ransom… ∗∗∗ 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware ∗∗∗ --------------------------------------------- The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. --------------------------------------------- https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html ∗∗∗ Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts ∗∗∗ --------------------------------------------- Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. --------------------------------------------- https://thehackernews.com/2023/12/hackers-abusing-github-to-evade.html ∗∗∗ Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 ∗∗∗ --------------------------------------------- In this post, we have detailed the research process that led to the discovery of the two bypasses, including their root-cause analysis. As we’ve shown, Windows path parsing code is complex and often can lead to vulnerabilities. [..] Windows machines with the October 2023 software update installed are protected from these vulnerabilities. Additionally, Outlook clients that use Exchange servers patched with March 2023 software update are protected against the abused feature. --------------------------------------------- https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabili… ∗∗∗ Botnet: Qakbot wieder aktiv mit neuer Phishing-Kampagne ∗∗∗ --------------------------------------------- Im August haben internationale Strafverfolger das Quakbot-Botnetz außer Gefecht gesetzt. Jetzt hat Microsoft eine neue Phishing-Kampagne entdeckt. --------------------------------------------- https://www.heise.de/-9577963 ∗∗∗ Retro Gaming Vulnerability Research: Warcraft 2 ∗∗∗ --------------------------------------------- This blog post is part one in a short series on learning some basic game hacking techniques. [..] I leave it as an exercise to the reader to extend wc2shell further to add the first checksum byte and attempt to fuzz other traffic. --------------------------------------------- https://research.nccgroup.com/2023/12/19/retro-gaming-vulnerability-researc… ∗∗∗ Achtung Fake: „Ihr iCloud-Speicher ist voll. Erhalten Sie 50 GB KOSTENLOS !“ ∗∗∗ --------------------------------------------- Ihr iCloud-Speicher ist voll? Sie erhalten aber angeblich 50 GB kostenlos? Vorsicht, bei diesem E-Mail handelt es sich um Phishing. Tippen Sie nicht auf das Feld „Erhalten Sie 50 GB“. Sie würden auf einer gefälschten iCloud-Webseite landen, die Ihre Login-Daten stiehlt. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-ihr-icloud-speicher-ist… ∗∗∗ Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks ∗∗∗ --------------------------------------------- This post will cover the recent additional attacks that installed Ladon, NetCat, AnyDesk, and z0Miner. --------------------------------------------- https://asec.ahnlab.com/en/59904/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk), Fedora (rdiff-backup and xorg-x11-server-Xwayland), Mageia (cjose and ghostscript), Oracle (avahi), Red Hat (postgresql:10), and SUSE (avahi, freerdp, libsass, and ncurses). --------------------------------------------- https://lwn.net/Articles/955678/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ mozilla: Security Vulnerabilities fixed in Firefox 121 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/ ∗∗∗ mozilla: Security Vulnerabilities fixed in Thunderbird 115.6 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ ∗∗∗ mozilla: Security Vulnerabilities fixed in Firefox ESR 115.6 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/ ∗∗∗ EFACEC UC 500E ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03 ∗∗∗ Subnet Solutions Inc. PowerSYSTEM Center ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01 ∗∗∗ Open Design Alliance Drawing SDK ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-04 ∗∗∗ EFACEC BCU 500 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02 ∗∗∗ EuroTel ETL3100 Radio Transmitter ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 ∗∗∗ F5: K000137926 : Apache Tomcat vulnerability CVE-2023-46589 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137926 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2023
by Daily end-of-shift report 18 Dec '23

18 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-12-2023 18:00 − Montag 18-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Zwei Monate nach Meldung: SQL-Injection-Schwachstelle in 3CX noch immer ungepatcht ∗∗∗ --------------------------------------------- Statt einen Patch bereitzustellen, fordert 3CX seine Kunden nun dazu auf, aus Sicherheitsgründen ihre SQL-Datenbank-Integrationen zu deaktivieren. --------------------------------------------- https://www.golem.de/news/zwei-monate-nach-meldung-sql-injection-schwachste… ∗∗∗ SMTP Smuggling - Spoofing E-Mails Worldwide ∗∗∗ --------------------------------------------- Introducing a novel technique for e-mail spoofing --------------------------------------------- https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwi… ∗∗∗ SLP Denial of Service Amplification - Attacks are ongoing and rising ∗∗∗ --------------------------------------------- We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment. --------------------------------------------- https://www.bitsight.com/blog/slp-denial-service-amplification-attacks-are-… ∗∗∗ WordPress hosting service Kinsta targeted by Google phishing ads ∗∗∗ --------------------------------------------- WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-hosting-service-ki… ∗∗∗ Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds ∗∗∗ --------------------------------------------- Microsoft is warning of an uptick in malicious activity from an emerging threat cluster its tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. --------------------------------------------- https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html ∗∗∗ PikaBot distributed via malicious search ads ∗∗∗ --------------------------------------------- PikaBot, a stealthy malware normally distributed via malspam is now being spread via malicious ads. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distr… ∗∗∗ QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry ∗∗∗ --------------------------------------------- A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. --------------------------------------------- https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html ∗∗∗ iOS 17.2: Flipper Zero kann keine iPhones mehr crashen ∗∗∗ --------------------------------------------- Apple verhindert mit iOS 17.2 offenbar, dass iPhones mit einem Flipper-Zero-Bluetooth-Exploit ge-DoSt werden können. --------------------------------------------- https://www.heise.de/-9576526 ∗∗∗ Ransomware-Gruppen buhlen zunehmend um Medien-Aufmerksamkeit ∗∗∗ --------------------------------------------- Um sich von der Konkurrenz abzusetzen und die eigenen Leistungen gewürdigt zu wissen, suchen Ransomware-Gruppen zunehmend den direkten Kontakt zu Journalisten. --------------------------------------------- https://www.heise.de/-9576774 ∗∗∗ E-Mail vom Entschädigungsamt ist Fake ∗∗∗ --------------------------------------------- Kriminelle geben sich als „Entschädigungsamt“ aus und behaupten in einem E-Mail, dass Betrugsopfer mit einer Gesamtsumme von 3.500.000 Euro entschädigt werden. Antworten Sie nicht und schicken Sie keinesfalls persönliche Daten und Ausweiskopien. Sie werden erneut betrogen! --------------------------------------------- https://www.watchlist-internet.at/news/e-mail-vom-entschaedigungsamt-ist-fa… ∗∗∗ Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains ∗∗∗ --------------------------------------------- Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams. --------------------------------------------- https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains/ ∗∗∗ An Example of RocketMQ Exploit Scanner, (Sat, Dec 16th) ∗∗∗ --------------------------------------------- A few months ago, RocketMQ, a real-time message queue platform, suffered of a nasty vulnerability referred as cve:2023-33246. I found another malicious script in the wild a few weeks ago that exploits this vulnerability. It has still today a very low VirusTotal detection score: 2/60 --------------------------------------------- https://isc.sans.edu/diary/rss/30492 ∗∗∗ CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks ∗∗∗ --------------------------------------------- CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS. --------------------------------------------- https://www.securityweek.com/cisa-urges-manufacturers-to-eliminate-default-… ∗∗∗ CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector ∗∗∗ --------------------------------------------- Report provides recommended actions and mitigation strategies for HPH sector, critical infrastructure and software manufacturers --------------------------------------------- https://www.cisa.gov/news-events/news/cisa-releases-key-risk-and-vulnerabil… ∗∗∗ #StopRansomware: Play Ransomware ∗∗∗ --------------------------------------------- These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a ===================== = Vulnerabilities = ===================== ∗∗∗ Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server ∗∗∗ --------------------------------------------- Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update to version 2023.1/2513900. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-… ∗∗∗ ZDI-23-1799: Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-41726. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1799/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freeimage, ghostscript, intel-microcode, spip, and xorg-server), Fedora (chromium, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, PyDrive2, seamonkey, and vim), Gentoo (Leptonica), Mageia (audiofile, gimp, golang, and poppler), Oracle (buildah, containernetworking-plugins, gstreamer1-plugins-bad-free, kernel, kernel-container, libxml2, pixman, podman, postgresql, postgresql:15, runc, skopeo, tracker-miners, and webkit2gtk3), and SUSE (fish). --------------------------------------------- https://lwn.net/Articles/955566/ ∗∗∗ OpenSSH Security December 18, 2023 ∗∗∗ --------------------------------------------- penSSH 9.6 was released on 2023-12-18. It is available from the mirrors listed at https://www.openssh.com/. This release contains a number of security fixes, some small features and bugfixes. --------------------------------------------- https://www.openssh.com/security.html ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Nextcloud Security Advisories ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2023
by Daily end-of-shift report 15 Dec '23

15 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-12-2023 18:00 − Freitag 15-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ten new Android banking trojans targeted 985 bank apps in 2023 ∗∗∗ --------------------------------------------- This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ten-new-android-banking-troj… ∗∗∗ Fake-Werbeanzeige auf Facebook & Instagram: „Verlorenes Gepäck für nur 1,95 €!“ ∗∗∗ --------------------------------------------- Im Namen des „Vienna International Airport“ schalten Kriminelle aktuell betrügerische Anzeigen und behaupten, dass verloren gegangene Koffer für knapp 2 Euro verkauft werden. --------------------------------------------- https://www.watchlist-internet.at/news/fake-werbeanzeige-auf-facebook-insta… ∗∗∗ OilRig’s persistent attacks using cloud service-powered downloaders ∗∗∗ --------------------------------------------- ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-c… ∗∗∗ New Hacker Group GambleForce Hacks Targets with Open Source Tools ∗∗∗ --------------------------------------------- Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. --------------------------------------------- https://www.hackread.com/gambleforce-hacks-targets-open-source-tools/ ∗∗∗ Mining The Undiscovered Country With GreyNoise EAP Sensors: F5 BIG-IP Edition ∗∗∗ --------------------------------------------- Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community. --------------------------------------------- https://www.greynoise.io/blog/mining-the-undiscovered-country-with-greynois… ∗∗∗ Opening a new front against DNS-based threats ∗∗∗ --------------------------------------------- There are multiple ways in which threat actors can leverage DNS to carry out attacks. We will provide a an introduction to DNS threat landscape.The post Opening a new front against DNS-based threats appeared first on Avast Threat Labs. --------------------------------------------- https://decoded.avast.io/threatintel/opening-a-new-front-against-dns-based-… ===================== = Vulnerabilities = ===================== ∗∗∗ Ubiquiti: Nutzer konnten auf fremde Sicherheitskameras zugreifen ∗∗∗ --------------------------------------------- Teilweise erhielten Anwender sogar Benachrichtigungen auf ihre Smartphones, in denen Bilder der fremden Kameras enthalten waren. --------------------------------------------- https://www.golem.de/news/ubiquiti-nutzer-konnten-auf-fremde-sicherheitskam… ∗∗∗ New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now ∗∗∗ --------------------------------------------- Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. --------------------------------------------- https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.ht… ∗∗∗ Squid-Proxy: Denial of Service durch Endlosschleife ∗∗∗ --------------------------------------------- Schickt ein Angreifer einen präparierten HTTP-Header an den Proxy-Server, kann er ihn durch eine unkontrollierte Rekursion zum Stillstand bringen. --------------------------------------------- https://www.heise.de/news/Squid-Proxy-Denial-of-Service-durch-Endlosschleif… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, [...] --------------------------------------------- https://lwn.net/Articles/955336/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Unitronics Vision Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-15 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2023
by Daily end-of-shift report 14 Dec '23

14 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-12-2023 18:00 − Donnerstag 14-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Urteil des EuGH: Datenleck-Betroffene könnten doch Schadensersatz bekommen ∗∗∗ --------------------------------------------- Der Europäische Gerichtshof (EuGH) hat in einem neuen Urteil die Rechte der Betroffenen von Datenlecks gestärkt. Schon der Umstand, "dass eine betroffene Person infolge eines Verstoßes gegen die DSGVO befürchtet, dass ihre personenbezogenen Daten durch Dritte missbräuchlich verwendet werden könnten, kann einen 'immateriellen Schaden' darstellen", heißt es in dem Urteil, das am 14. Dezember 2023 veröffentlicht wurde. --------------------------------------------- https://www.golem.de/news/urteil-des-eugh-datenleck-betroffene-koennten-doc… ∗∗∗ Reverse, Reveal, Recover: Windows Defender Quarantine Forensics ∗∗∗ --------------------------------------------- Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defender quarantine folder that can be used for digital forensics and incident response. Existing scripts that extract quarantined files do not process this metadata, even though it could be useful for analysis. Fox-IT’s open-source digital forensics and incident response framework Dissect can now recover this metadata, in addition to recovering quarantined files from the Windows Defender quarantine folder. --------------------------------------------- https://blog.fox-it.com/2023/12/14/reverse-reveal-recover-windows-defender-… ∗∗∗ Mobile Sicherheit. Handlungsempfehlungen und präventive Maßnahmen für die sichere Nutzung von mobilen Endgeräten, 2023 ∗∗∗ --------------------------------------------- Wie so oft stehen aber auch in diesem Bereich Komfort und Sicherheit in einem permanenten Spannungsverhältnis. Ein Mehr an Sicherheit für Ihr Gerät und Ihre Daten kann auf der anderen Seite bedeuten, dass einige durchaus praktische Funktionen nur mehr eingeschränkt oder gar nicht mehr zur Verfügung stehen. Letztlich liegt es an Ihnen, den für Sie bestmöglichen Kompromiss zwischen Funktion, Komfort, Sicherheit und Privatsphäre zu finden. Die vorliegende Broschüre möchte Ihnen dabei helfen. --------------------------------------------- https://www.nis.gv.at/dam/jcr:8165f553-2769-4553-91c8-4b117c752f56/mobile_s… ∗∗∗ Ransomware: AlphV meldet sich zurück, Aufruhr in der Szene ∗∗∗ --------------------------------------------- In der Ransomware-Szene rumort es: Gruppen versuchen, einander Mitglieder abspenstig zu machen, ein Geldwäscher geht ins Netz und Betrüger betrügen einander. --------------------------------------------- https://www.heise.de/-9574446 ∗∗∗ Amazon-Händler:innen wollen über Telegram-Gruppen Bewertungen kaufen? Machen Sie nicht mit! ∗∗∗ --------------------------------------------- Auf Telegram gibt es Kanäle, die gratis Amazon-Produkte versprechen. Die Idee dahinter: Sie suchen sich ein Produkt aus, bestellen es über Ihren privaten Amazon-Account, schreiben eine 5-Sterne-Bewertung und bekommen als Dankeschön das Geld über PayPal zurückerstattet. Mit dieser Masche kaufen sich Marketplace-Händler:innen Bewertungen, um besser gerankt zu werden – eine nicht legale Praktik. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-haendlerinnen-wollen-ueber-te… ∗∗∗ Protecting the enterprise from dark web password leaks ∗∗∗ --------------------------------------------- The trade in compromised passwords in dark web markets is particularly damaging. Cybercriminals often exploit password leaks to access sensitive data, commit fraud or launch further attacks. Let’s explore the various ways passwords are leaked to the dark web and discuss strategies for using dark web data to protect your organization. --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/protecting-the-ente… ∗∗∗ Rhadamanthys v0.5.0 – a deep dive into the stealer’s components ∗∗∗ --------------------------------------------- In this article we do a deep dive into the functionality and cooperation between the modules. The first part of the article describes the loading chain that is used to retrieve the package with the stealer components. In the second part, we take a closer look at those components, their structure, abilities, and implementation. --------------------------------------------- https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-t… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-1773: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1773/ ∗∗∗ Paloalto released 7 Security Advisories ∗∗∗ --------------------------------------------- PAN-OS: CVE-2023-6790, CVE-2023-6791, CVE-2023-6794, CVE-2023-6792, CVE-2023-6795, CVE-2023-6793, CVE-2023-6789 --------------------------------------------- https://security.paloaltonetworks.com/ ∗∗∗ Zoom behebt Sicherheitslücken unter Windows, Android und iOS ∗∗∗ --------------------------------------------- Durch ungenügende Zugriffskontrolle, Verschlüsselungsprobleme und Pfadmanipulation konnten Angreifer sich zusätzliche Rechte verschaffen. --------------------------------------------- https://www.heise.de/-9574367 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and rabbitmq-server), Fedora (chromium, kernel, perl-CryptX, and python-jupyter-server), Mageia (curl), Oracle (curl and postgresql), Red Hat (gstreamer1-plugins-bad-free, linux-firmware, postgresql, postgresql:10, and postgresql:15), Slackware (xorg), SUSE (catatonit, containerd, runc, container-suseconnect, gimp, kernel, openvswitch, poppler, python-cryptography, python-Twisted, python3-cryptography, qemu, squid, tiff, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (xorg-server and xorg-server, xwayland). --------------------------------------------- https://lwn.net/Articles/955130/ ∗∗∗ Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products ∗∗∗ --------------------------------------------- Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches. --------------------------------------------- https://www.securityweek.com/dell-urges-customers-to-patch-vulnerabilities-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpr… ∗∗∗ Cambium ePMP 5GHz Force 300-25 Radio ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01 ∗∗∗ [R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202312.1 ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-44 ∗∗∗ Johnson Controls Kantech Gen1 ioSmart ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2023
by Daily end-of-shift report 13 Dec '23

13 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-12-2023 18:00 − Mittwoch 13-12-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ FakeSG campaign, Akira ransomware and AMOS macOS stealer ∗∗∗ --------------------------------------------- In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS. --------------------------------------------- https://securelist.com/crimeware-report-fakesg-akira-amos/111483/ ∗∗∗ Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! ∗∗∗ --------------------------------------------- Wenn Sie auf willhaben über Kleinanzeigen Ware verkaufen oder kaufen wollen, dann sind Sie am besten vor Betrug geschützt, wenn Sie einige einfach Tipps beachten. Insbesondere sollten Sie sich aber nicht über den willhaben-Chat auf externe Kanäle leiten lassen. --------------------------------------------- https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-… ∗∗∗ A pernicious potpourri of Python packages in PyPI ∗∗∗ --------------------------------------------- The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository --------------------------------------------- https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python… ∗∗∗ Web shell on a SonicWall SMA ∗∗∗ --------------------------------------------- Truesec Cybersecurity Incident Response Team (CSIRT) found a compromised SonicWall Secure Mobile Access (SonicWall SMA) device on which a threat actor (TA) had deployed a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades. --------------------------------------------- https://www.truesec.com/hub/blog/web-shell-on-a-sonicwall-sma ∗∗∗ A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2 ∗∗∗ --------------------------------------------- This weakness enables attackers to remotely drop and call a web shell through a public interface. --------------------------------------------- https://www.greynoise.io/blog/a-day-in-the-life-of-a-greynoise-researcher-t… ∗∗∗ Responding to CitrixBleed (CVE-2023-4966): Key Takeaways from Affected Companies ∗∗∗ --------------------------------------------- This critical security flaw has had a significant impact across various industries in the United States, including credit unions and healthcare services, marking it as one of the most critical vulnerabilities of 2023. Its relatively straightforward buffer overflow exploitability has raised major concerns. --------------------------------------------- https://blog.morphisec.com/responding-to-citrixbleed ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft: OAuth apps used to automate BEC and cryptomining attacks ∗∗∗ --------------------------------------------- Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-oauth-apps-used-to… ∗∗∗ Final Patch Tuesday of 2023 goes out with a bang ∗∗∗ --------------------------------------------- Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Its the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_202… ∗∗∗ Patchday Microsoft: Outlook kann sich an Schadcode-E-Mail verschlucken ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Azure, Defender & Co. veröffentlicht. Bislang soll es keine Attacken geben. --------------------------------------------- https://www.heise.de/news/Patchday-Microsoft-Outlook-kann-sich-an-Schadcode… ∗∗∗ Patchday: Adobe schließt 185 Sicherheitslücken in Experience Manager ∗∗∗ --------------------------------------------- Angreifer können Systeme mit Anwendungen von Adobe ins Visier nehmen. Nun hat der Softwarehersteller Schwachstellen geschlossen. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-Adobe-schliesst-185-Sicherheitslue… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, [...] --------------------------------------------- https://lwn.net/Articles/954921/ ∗∗∗ Mal wieder Apache Struts: CVE-2023-50164 ∗∗∗ --------------------------------------------- Wir haben in der Vergangenheit ernsthaft schlechte Erfahrungen mit Schwachstellen in der Apache Struts Library gemacht. Etwa mit CVE-2017-5638 oder CVE-2017-9805. Insbesondere komplexe Webseiten/Portal, oft von größeren Firmen, wurden öfters in Java entwickelt und waren für eine Massenexploitation anfällig. Daher haben wir die Veröffentlichung einer neuen Schwachstelle in Struts CVE-2023-50164 mit dem CVSS Score von 9.8 initial als besorgniserregend eingestuft. --------------------------------------------- https://cert.at/de/aktuelles/2023/12/mal-wieder-apache-struts-cve-2023-50164 ∗∗∗ Apache Struts Vulnerability Affecting Cisco Products: December 2023 ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Atos Unify Security Advisories ∗∗∗ --------------------------------------------- https://unify.com/en/support/security-advisories ∗∗∗ Fortiguard Security Advisories ∗∗∗ --------------------------------------------- https://www.fortiguard.com/psirt ∗∗∗ Technical Advisory – Multiple Vulnerabilities in Nagios XI ∗∗∗ --------------------------------------------- https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulner… ∗∗∗ VMSA-2023-0027 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0027.html ∗∗∗ Command injection vulnerability in Bosch IP Cameras ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-638184-bt.html ∗∗∗ Denial of Service vulnerability in Bosch BT software products ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2023
by Daily end-of-shift report 12 Dec '23

12 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Montag 11-12-2023 18:00 − Dienstag 12-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Counter-Strike 2 HTML injection bug exposes players’ IP addresses ∗∗∗ --------------------------------------------- Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players IP addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/counter-strike-2-html-inject… ∗∗∗ New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam ∗∗∗ --------------------------------------------- A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. --------------------------------------------- https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.ht… ∗∗∗ Intercepting MFA. Phishing and Adversary in The Middle attacks ∗∗∗ --------------------------------------------- In this post I’ll show you at a high level how attackers carry out such an attack. The main focus here is to understand what artefacts we look for when investigating these types of attacks in a DFIR capacity. I’ll also cover the steps you can take to increase your security to try and stop your team falling foul of them. --------------------------------------------- https://www.pentestpartners.com/security-blog/intercepting-mfa-phishing-and… ∗∗∗ MySQL 5.7 reached EOL. Upgrade to MySQL 8.x today ∗∗∗ --------------------------------------------- In October 2023, MySQL 5.7 reached its end of life. As such, it will no longer be supported and won’t receive security patches or bug fixes anymore. --------------------------------------------- https://mattermost.com/blog/mysql-5-7-reached-eol-upgrade-to-mysql-8-x-toda… ∗∗∗ CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment ∗∗∗ --------------------------------------------- Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/12/cisa-releases-scuba-goog… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: SAP behandelt mehr als 15 Schwachstellen ∗∗∗ --------------------------------------------- Am Dezember-Patchday hat SAP 15 neue Sicherheitsmitteilungen herausgegeben. Sie thematisieren teils kritische Lücken. --------------------------------------------- https://www.heise.de/-9571722 ∗∗∗ WordPress Elementor: Halbgarer Sicherheitspatch gefährdete Millionen Websites ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für die WordPress-Plug-ins Backup Migration und Elementor. --------------------------------------------- https://www.heise.de/-9571957 ∗∗∗ Sicherheitslücken: Apple-Patches auch für ältere Betriebssysteme – außer iOS 15 ∗∗∗ --------------------------------------------- Parallel zu iOS 17.2 und macOS 14.2 beseitigt der Hersteller auch manche Schwachstellen in früheren Versionen. Für ältere iPhones gibt es kein Update. --------------------------------------------- https://www.heise.de/news/-9572049 ∗∗∗ Xen Security Advisory CVE-2023-46837 / XSA-447 ∗∗∗ --------------------------------------------- A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-447.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice and webkit2gtk), Fedora (java-1.8.0-openjdk and seamonkey), Oracle (apr, edk2, kernel, and squid:4), Red Hat (postgresql:12, tracker-miners, and webkit2gtk3), SUSE (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and Ubuntu (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp, postfixadmin, python3.11, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/954706/ ∗∗∗ Beckhoff Security Advisory 2023-001: Open redirect in TwinCAT/BSD package “authelia-bhf” ∗∗∗ --------------------------------------------- https://download.beckhoff.com/download/document/product-security/Advisories… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732 ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-051/ ∗∗∗ Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-054/ ∗∗∗ Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-055/ ∗∗∗ Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-056/ ∗∗∗ Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-057/ ∗∗∗ Phoenix Contact: PLCnext Control prone to download of code without integrity check ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-058/ ∗∗∗ Schneider Electric Easy UPS Online Monitoring Software ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icaa-23-346-01 ∗∗∗ F5: K000137871 : Linux kernel vulnerability CVE-2023-35001 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137871 ∗∗∗ SSA-999588 V1.0: Multiple Vulnerabilities in User Management Component (UMC) before V2.11.2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-999588.html ∗∗∗ SSA-892915 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-892915.html ∗∗∗ SSA-887801 V1.0: Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-887801.html ∗∗∗ SSA-844582 V1.0: Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-844582.html ∗∗∗ SSA-693975 V1.0: Denial-of-Service Vulnerability in the Web Server of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-693975.html ∗∗∗ SSA-592380 V1.0: Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-592380.html ∗∗∗ SSA-480095 V1.0: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-480095.html ∗∗∗ SSA-398330 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-398330.html ∗∗∗ SSA-280603 V1.0: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-280603.html ∗∗∗ SSA-180704 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V8.0 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-180704.html ∗∗∗ SSA-118850 V1.0: Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-118850.html ∗∗∗ SSA-077170 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-077170.html ∗∗∗ SSA-068047 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V7.2.2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-068047.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2023
by Daily end-of-shift report 11 Dec '23

11 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-12-2023 18:00 − Montag 11-12-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ AutoSpill attack steals credentials from Android password managers ∗∗∗ --------------------------------------------- Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/autospill-attack-steals-cred… ∗∗∗ Over 30% of Log4J apps use a vulnerable version of the library ∗∗∗ --------------------------------------------- Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-30-percent-of-log4j-app… ∗∗∗ Sicherheitsupdate: WordPress unter bestimmten Bedingungen angreifbar ∗∗∗ --------------------------------------------- In der aktuellen WordPress-Version haben die Entwickler eine Sicherheitslücke geschlossen. --------------------------------------------- https://www.heise.de/-9567923 ∗∗∗ DoS-Schwachstellen: Angreifer können 714 Smartphone-Modelle vom 5G-Netz trennen ∗∗∗ --------------------------------------------- Forscher haben mehrere Schwachstellen in gängigen 5G-Modems offengelegt. Damit können Angreifer vielen Smartphone-Nutzern 5G-Verbindungen verwehren. --------------------------------------------- https://www.golem.de/news/dos-schwachstellen-angreifer-koennen-714-smartpho… ∗∗∗ 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager ∗∗∗ --------------------------------------------- In today’s post, we’ll take a look at some recent Google Tag Manager containers used in ecommerce malware, examine some newer forms of obfuscation techniques used in the malicious code, and track the evolution of the ATMZOW skimmer linked to widespread Magento website infections since 2015. --------------------------------------------- https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-f… ∗∗∗ Bluetooth-Lücke erlaubt Einschleusen von Tastenanschlägen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Bluetooth-Stacks erlaubt Angreifern, Tastenanschläge einzuschmuggeln. Unter Android, iOS, Linux und macOS. --------------------------------------------- https://www.heise.de/-9570583 ∗∗∗ Achtung Fake-Shop: fressnapfs.shop ∗∗∗ --------------------------------------------- Kriminelle schalten auf Facebook und Instagram Werbung für einen betrügerischen Fressnapf-Online-Shop. Der gefälschte Online-Shop sieht dem echten Shop zum Verwechseln ähnlich. Auch die Internetadresse „fressnapfs.shop“ scheint plausibel. Wenn Sie beim Fake-Shop bestellen, verlieren Sie Ihr Geld und erhalten keine Lieferung! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-shop-fressnapfsshop/ ∗∗∗ To tap or not to tap: Are NFC payments safer? ∗∗∗ --------------------------------------------- Contactless payments are quickly becoming ubiquitous – but are they more secure than traditional payment methods? --------------------------------------------- https://www.welivesecurity.com/en/cybersecurity/to-tap-or-not-to-tap-are-nf… ∗∗∗ Kaspersky entdeckt „hochkomplexen“ Proxy-Trojaner für macOS ∗∗∗ --------------------------------------------- Die Malware wird über raubkopierte Software verbreitet. Varianten für Android und Windows sind offenbar auch im Umlauf. --------------------------------------------- https://www.zdnet.de/88413363/kaspersky-entdeckt-hochkomplexen-proxy-trojan… ∗∗∗ Risiko Active Directory-Fehlkonfigurationen; Forest Druid zur Analyse ∗∗∗ --------------------------------------------- Fehlkonfigurationen und Standardeinstellungen des Active Directory können die IT-Sicherheit von Unternehmen gefährden. Bastien Bossiroy von den NVISO Labs hat sich Gedanken um dieses Thema gemacht und bereits Ende Oktober 2023 einen Beitrag zu den häufigsten Fehlkonfigurationen/Standardkonfigurationen des Active Directory, die Unternehmen gefährden, veröffentlicht. Zudem ist mir kürzlich ein Hinweis auf "Forest Druid" untergekommen, ein kostenloses Attack-Path-Management-Tool von Semperis. --------------------------------------------- https://www.borncity.com/blog/2023/12/09/risiko-active-directory-die-hufigs… ∗∗∗ Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang ∗∗∗ --------------------------------------------- Operation Blacksmith involved the exploitation of CVE-2021-44228, also known as Log4Shell, and the use of a previously unknown DLang-based RAT utilizing Telegram as its C2 channel. We’re naming this malware family “NineRAT.” NineRAT was initially built around May 2022 and was first used in this campaign as early as March 2023, almost a year later, against a South American agricultural organization. We then saw NineRAT being used again around September 2023 against a European manufacturing entity. --------------------------------------------- https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ ∗∗∗ 2023 Review: Reflecting on Cybersecurity Trends ∗∗∗ --------------------------------------------- With the season of ubiquitous year-ahead predictions around the corner, Trend Micro’s Greg Young and William Malik decided to look back at 2023 and see which forecasted cybersecurity trends came to pass and which, um, didn’t. --------------------------------------------- https://www.trendmicro.com/en_us/ciso/23/l/2023-review-reflecting-on-cybers… ∗∗∗ Analyzing AsyncRATs Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases ∗∗∗ --------------------------------------------- This blog entry delves into MxDRs unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-inje… ===================== = Vulnerabilities = ===================== ∗∗∗ Resolved RCE in Sophos Firewall (CVE-2022-3236) ∗∗∗ --------------------------------------------- The vulnerability was originally fixed in September 2022. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. --------------------------------------------- https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce ∗∗∗ Sicherheitslücken: Angreifer können Schadcode auf Qnap NAS schieben ∗∗∗ --------------------------------------------- Netzwerkspeicher von Qnap sind verwundbar. In aktuellen Versionen haben die Entwickler Sicherheitsprobleme gelöst. --------------------------------------------- https://www.heise.de/-9570375 ∗∗∗ New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) ∗∗∗ --------------------------------------------- The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). --------------------------------------------- https://www.helpnetsecurity.com/2023/12/08/cve-2023-50164/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium), Mageia (firefox, thunderbird, and vim), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container), and Ubuntu (freerdp2, glibc, and tinyxml). --------------------------------------------- https://lwn.net/Articles/954092/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium), Fedora (bluez, chromium, and curl), Red Hat (apr), Slackware (libxml2), and Ubuntu (squid3 and tar). --------------------------------------------- https://lwn.net/Articles/954449/ ∗∗∗ Edge 120.0.2210.61 mit Sicherheitsfixes und neuer Telemetriefunktion ∗∗∗ --------------------------------------------- Microsoft hat zum 7. Dezember 2023 den Edge 120.0.2210.61 im Stable-Channel veröffentlicht. Diese Version schließt gleich drei Schwachstellen (und zudem Chromium-Sicherheitslücken). Der neue Edge kommt zudem mit neuen Richtlinien. --------------------------------------------- https://www.borncity.com/blog/2023/12/08/edge-120-0-2210-61-mit-sicherheits… ∗∗∗ GarageBand 10.4.9 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT214042 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-049/ ∗∗∗ Local Privilege Escalation durch MSI installer in PDF24 Creator (geek Software GmbH) ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escal… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily