===================== = End-of-Day report = =====================
Timeframe: Donnerstag 25-05-2023 18:00 − Freitag 26-05-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Microsoft 365 phishing attacks use encrypted RPMSG messages ∗∗∗ --------------------------------------------- Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attack...
∗∗∗ Dark Frost Botnet targets the gaming sector with powerful DDoS ∗∗∗ --------------------------------------------- Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. The botnet borrows code from several popular bot families, including Mirai, Gafgyt, and Qbot. --------------------------------------------- https://securityaffairs.com/146683/malware/dark-frost-botnet.html
∗∗∗ New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids ∗∗∗ --------------------------------------------- A new strain of malicious software thats engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, [...] --------------------------------------------- https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html
∗∗∗ Sicherheitslücken in Gesundheits-App: Datendiebstahl wäre möglich gewesen ∗∗∗ --------------------------------------------- Lücken in Gesundheits-Apps haben den schlechten Zustand der Digitalisierung im Gesundheitswesen offengelegt. Es fehle eine "sichere Basisinfrastruktur". --------------------------------------------- https://heise.de/-9064935
∗∗∗ Cold as Ice: Unit 42 Wireshark Quiz for IcedID ∗∗∗ --------------------------------------------- IcedID is a known vector for ransomware. Analyze infection traffic from this banking trojan in our latest Wireshark tutorial. --------------------------------------------- https://unit42.paloaltonetworks.com/wireshark-quiz-icedid/
∗∗∗ Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight ∗∗∗ --------------------------------------------- During Pwn2Own Toronto 2022, three different teams successfully exploited the Sonos One Speaker. In total, $105,000 was awarded to the three teams, with the team of Toan Pham and Tri Dang from Qrious Secure winning $60,000 since their entry was first on the schedule. --------------------------------------------- https://www.thezdi.com/blog/2023/5/24/exploiting-the-sonos-one-speaker-three...
∗∗∗ What is a web shell? ∗∗∗ --------------------------------------------- What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog. --------------------------------------------- https://blog.talosintelligence.com/what-is-a-web-shell/
∗∗∗ New Info Stealer Bandit Stealer Targets Browsers, Wallets ∗∗∗ --------------------------------------------- This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-steal...
===================== = Vulnerabilities = =====================
∗∗∗ LibreOffice-Lücken: Risiko von Codeschmuggel mit präparierten Dokumenten ∗∗∗ --------------------------------------------- Neue LibreOffice-Versionen stopfen teils hochriskante Sicherheitslücken. Mit manipulierten Spreadsheets könnten Angreifer Schadcode einschleusen. --------------------------------------------- https://heise.de/-9066277
∗∗∗ Kritische Lücken in Netzwerkverwaltungssoftware D-Link D-View 8 geschlossen ∗∗∗ --------------------------------------------- D-Link hat offensichtlich knapp fünf Monate gebraucht, um einen Sicherheitspatch für D-View 8 zu entwickeln, der sich aber immer noch im Beta-Stadium befindet. --------------------------------------------- https://heise.de/-9066361
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sniproxy), Fedora (c-ares), Oracle (apr-util, curl, emacs, git, go-toolset and golang, go-toolset:ol8, gssntlmssp, libreswan, mysql:8.0, thunderbird, and webkit2gtk3), Red Hat (go-toolset-1.19 and go-toolset-1.19-golang and go-toolset:rhel8), Slackware (ntfs), SUSE (rmt-server), and Ubuntu (linux-raspi, linux-raspi-5.4 and python-django). --------------------------------------------- https://lwn.net/Articles/933071/
∗∗∗ K000134793 : OpenJDK vulnerability CVE-2018-2952 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000134793
∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl (CVE-2020-10543) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998419
∗∗∗ IBM MQ is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2023-30441) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998353
∗∗∗ : IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998677
∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998685
∗∗∗ IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998673
∗∗∗ IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998679
∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998675
∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998681
∗∗∗ Vulnerability in IBM Java (CVE-2022-21426) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998705
∗∗∗ Vulnerability in OpenSSL (CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286 ) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998707
∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998727
∗∗∗ IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998753
∗∗∗ AIX is vulnerable to security restrictions bypass due to curl (CVE-2022-32221) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998763