===================== = End-of-Day report = =====================
Timeframe: Donnerstag 18-01-2024 18:00 − Freitag 19-01-2024 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ TeamViewer abused to breach networks in new ransomware attacks ∗∗∗ --------------------------------------------- Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. --------------------------------------------- https://www.bleepingcomputer.com/news/security/teamviewer-abused-to-breach-n...
∗∗∗ macOS Python Script Replacing Wallet Applications with Rogue Apps, (Fri, Jan 19th) ∗∗∗ --------------------------------------------- Still today, many people think that Apple and its macOS are less targeted by malware. But the landscape is changing and threats are emerging in this ecosystem too. --------------------------------------------- https://isc.sans.edu/diary/rss/30572
∗∗∗ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software ∗∗∗ --------------------------------------------- Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. --------------------------------------------- https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html
∗∗∗ Taking over WhatsApp accounts by reading voicemails ∗∗∗ --------------------------------------------- The investigation is centered on a vulnerability related to the Personal Identification Number (PIN) required for authenticating WhatsApp’s account backup feature. I describe how this PIN could be compromised through a voice call backup delivery method, forcing the call to go voicemail, and spoofing the victims phone number to read their voicemail. --------------------------------------------- https://medium.com/@rramgattie/taking-over-whatsapp-accounts-by-reading-voic...
∗∗∗ Recovery Scam: Kriminelle geben sich als blockchain.com aus und informieren über angeblich ruhende Bitcoin-Wallet ∗∗∗ --------------------------------------------- Opfer einer betrügerischen Trading-Plattform erleiden mitunter erhebliche finanzielle Verluste. Entsprechend groß ist die Verzweiflung und der Wunsch, das Geld zurückzubekommen. Kriminelle nutzen dies aus und kontaktieren die Opfer nach einiger Zeit erneut. --------------------------------------------- https://www.watchlist-internet.at/news/recovery-scam-kriminelle-geben-sich-a...
∗∗∗ Virtual kidnapping: How to see through this terrifying scam ∗∗∗ --------------------------------------------- Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims. --------------------------------------------- https://www.welivesecurity.com/en/scams/virtual-kidnapping-see-through-scam/
∗∗∗ Ivanti Connect Secure VPN Exploitation: New Observations ∗∗∗ --------------------------------------------- Volexity also recently learned of a potential issue that organizations may be facing when attempting to bring fresh Ivanti Connect Secure VPN appliances back online that leave them in a vulnerable state. These findings may partially account for why there has been an increase in compromised systems in subsequent scans. --------------------------------------------- https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitat...
===================== = Vulnerabilities = =====================
∗∗∗ VMware confirms critical vCenter flaw now exploited in attacks ∗∗∗ --------------------------------------------- VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vmware-confirms-critical-vcen...
∗∗∗ Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package ∗∗∗ --------------------------------------------- A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. --------------------------------------------- https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html
∗∗∗ Smartphones und mehr: Auch Umgebungslichtsensoren können spionieren ∗∗∗ --------------------------------------------- Nicht nur Smartphone-Kameras können Personen ausspionieren, sondern auch Umgebungslichtsensoren. Das geht aus einer in "Science" veröffentlichen Studie hervor. --------------------------------------------- https://heise.de/-9601724
∗∗∗ Angreifer attackieren Ivanti EPMM und MobileIron Core ∗∗∗ --------------------------------------------- Angreifer nutzen derzeit eine kritische Sicherheitslücke in Ivanti EPMM und MobileIron Core aus. --------------------------------------------- https://www.heise.de/news/Angreifer-attackieren-Ivanti-EPMM-und-MobileIron-C...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ImageMagick), Debian (chromium), Fedora (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), Mageia (tinyxml), Oracle (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), Red Hat (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), SUSE (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and Ubuntu (pam and zookeeper). --------------------------------------------- https://lwn.net/Articles/958676/
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), Oracle (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), Red Hat (java-11-openjdk, python-requests, and python-urllib3), SUSE (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and Ubuntu (filezilla and xerces-c). --------------------------------------------- https://lwn.net/Articles/958760/
∗∗∗ Important Progress OpenEdge Critical Alert for Progress Application Server in OpenEdge (PASOE) - Arbitrary File Upload Vulnerability in WEB Transport ∗∗∗ --------------------------------------------- https://community.progress.com/s/article/Important-Progress-OpenEdge-Critica...
∗∗∗ ZDI Security Advisories ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/