===================== = End-of-Day report = =====================
Timeframe: Mittwoch 27-03-2024 18:00 − Donnerstag 28-03-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ New Darcula phishing service targets iPhone users via iMessage ∗∗∗ --------------------------------------------- A new phishing-as-a-service (PhaaS) named Darcula uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-darcula-phishing-service-...
∗∗∗ Cisco warns of password-spraying attacks targeting VPN services ∗∗∗ --------------------------------------------- Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-warns-of-password-spray...
∗∗∗ DinodasRAT Linux implant targeting entities worldwide ∗∗∗ --------------------------------------------- In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022. --------------------------------------------- https://securelist.com/dinodasrat-linux-implant/112284/
∗∗∗ From JavaScript to AsyncRAT, (Thu, Mar 28th) ∗∗∗ --------------------------------------------- It has been a while since I found an interesting piece of JavaScript. This one was pretty well obfuscated. It was called “_Rechnung_01941085434_PDF.js” (Invoice in German) with a low VT score. --------------------------------------------- https://isc.sans.edu/diary/rss/30788
∗∗∗ Android Malware Vultur Expands Its Wingspan ∗∗∗ --------------------------------------------- The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. [..] In this blog we provide a comprehensive analysis of Vultur, beginning with an overview of its infection chain. --------------------------------------------- https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-...
∗∗∗ Netz-digitalisierung.com eröffnet Konten in Ihrem Namen! ∗∗∗ --------------------------------------------- Verlockende Nebenjob-Angebote als App-Tester:in oder Studienteilnehmer:in über die Seite netz-digitalisierung.com führen zu Identitätsdiebstahl! Die Kriminellen eröffnen Konten in Ihrem Namen und verwenden diese möglicherweise für kriminelle Zwecke. --------------------------------------------- https://www.watchlist-internet.at/news/jobbetrug-netz-digitalisierungcom/
∗∗∗ Pre-Ransomware Aktivität: Schadakteure nutzen CitrixBleed (CVE-2023-4966) noch immer und verstärkt für Initialzugriff ∗∗∗ --------------------------------------------- Aktuell sind uns einige Ransomware-Vorfälle in Österreich bekannt, bei denen mit sehr hoher Wahrscheinlichkeit CitrixBleed (CVE-2023-4966) als primärer Angriffsvektor für den initialen Zugriff auf die Organisationsnetzwerke benutzt wurde. Ein Patch steht seit geraumer Zeit zur Verfügung. --------------------------------------------- https://cert.at/de/aktuelles/2024/3/pre-ransomware-aktivitat-schadakteure-nu...
∗∗∗ Schon wieder zu viel Schadcode: Keine neuen Projekte für Python-Registry PyPI ∗∗∗ --------------------------------------------- Ein Ansturm von Paketen mit Schadcode hat die Betreiber des Python Package Index dazu veranlasst, die Aufnahme neuer Projekte und User zu stoppen. --------------------------------------------- https://heise.de/-9670240
===================== = Vulnerabilities = =====================
∗∗∗ Nvidias newborn ChatRTX bot patched for security bugs ∗∗∗ --------------------------------------------- ChatRTX, formerly known as Chat with RTX, was launched in February to provide Nvidia GPU owners with an AI chatbot that could run locally on RTX 30 and 40-series hardware with at least 8 GB of VRAM. [..] CVE‑2024‑0083 could allow attackers to perform denial of service attacks, steal data, and even perform remote code execution (RCE). --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/03/28/nvidia_chatrt...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (perl-Data-UUID, python-pygments, and thunderbird), Mageia (clojure, grub2, kernel,kmod-xtables-addons,kmod-virtualbox, kernel-linus, nss firefox, nss, python3, python, tcpreplay, and thunderbird), Oracle (nodejs:18), Red Hat (.NET 6.0 and dnsmasq), SUSE (avahi and python39), and Ubuntu (curl, linux-intel-iotg, linux-intel-iotg-5.15, unixodbc, and util-linux). --------------------------------------------- https://lwn.net/Articles/966961/
∗∗∗ Splunk Patches Vulnerabilities in Enterprise Product ∗∗∗ --------------------------------------------- Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. --------------------------------------------- https://www.securityweek.com/splunk-patches-vulnerabilities-in-enterprise-pr...
∗∗∗ Neue SugarCRM-Versionen schließen kritische Lücken ∗∗∗ --------------------------------------------- Insgesamt 18, teils kritische Lücken schließen die neuen Versionen SugarCRM 13.03. und 12.05. --------------------------------------------- https://heise.de/-9670436
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/
∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2024/03/wordfence-intelligence-weekly-wordpre...
∗∗∗ Synology-SA-24:05 Synology Surveillance Station Client ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_24_05
∗∗∗ Synology-SA-24:04 Surveillance Station ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_24_04