===================== = End-of-Day report = =====================
Timeframe: Montag 26-02-2024 18:00 − Dienstag 27-02-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub ∗∗∗ --------------------------------------------- An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. --------------------------------------------- https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.htm...
∗∗∗ Achtung Betrug: Kriminelle locken mit gratis Spar-Geschenkkarten und Klimatickets ∗∗∗ --------------------------------------------- Aktuell kursieren gefälschte Gewinnspiele für kostenlose Spar-Geschenkkarten und Klimatickets. Die Angebote werden per E-Mail, in Sozialen Netzwerken oder per Direktnachricht auf Ihr Handy verbreitet. Die verlockenden Angebote dienen dazu, Ihnen persönliche Daten und Geld zu stehlen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-betrug-kriminelle-locken-mit-...
∗∗∗ Booking.com refund request? It might be an Agent Tesla malware attack ∗∗∗ --------------------------------------------- Always be wary of opening unsolicited attachments - they might harbour malware. --------------------------------------------- https://grahamcluley.com/booking-com-refund-request-it-might-be-an-agent-tes...
∗∗∗ Phishing Malware That Sends Stolen Information Using Telegram API ∗∗∗ --------------------------------------------- Recently, several phishing scripts using Telegram are being distributed indiscriminately through keywords such as remittance and receipts. --------------------------------------------- https://asec.ahnlab.com/en/62177/
∗∗∗ Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities ∗∗∗ --------------------------------------------- This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry. --------------------------------------------- https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including...
∗∗∗ Hunting PrivateLoader: The malware behind InstallsKey PPI service ∗∗∗ --------------------------------------------- Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more. --------------------------------------------- https://www.bitsight.com/blog/hunting-privateloader-malware-behind-installsk...
∗∗∗ Februar-Sicherheitsupdates für Windows 11 können fehlschlagen ∗∗∗ --------------------------------------------- Microsoft arbeitet an der Lösung eines Problems, das die Installation der Februar-Sicherheitsupdates in Windows 11 verhindert. --------------------------------------------- https://heise.de/-9639866
===================== = Vulnerabilities = =====================
∗∗∗ WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk ∗∗∗ --------------------------------------------- A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. --------------------------------------------- https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (engrampa and libgit2), Fedora (libxls, perl-Spreadsheet-ParseXLSX, and wpa_supplicant), Gentoo (PyYAML), Mageia (packages and thunderbird), Red Hat (firefox, kernel, linux-firmware, thunderbird, and unbound), Slackware (openjpeg), SUSE (golang-github-prometheus-prometheus, installation-images, kernel, python-azure-core, python-azure-storage-blob, salt and python-pyzmq, SUSE Manager 4.2.11, SUSE Manager 4.3, SUSE Manager Server 4.2, and wayland), [...] --------------------------------------------- https://lwn.net/Articles/963805/
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/
∗∗∗ XSA-451 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-451.html
∗∗∗ Zyxel Patches Remote Code Execution Bug in Firewall Products ∗∗∗ --------------------------------------------- https://www.securityweek.com/zyxel-patches-remote-code-execution-bug-in-fire...
∗∗∗ Festo: Multiple vulnerabilities affect MES PC shipped with Windows 10 ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-065/
∗∗∗ Nagios XI: Schwachstellen CVE-2024-24401 und CVE-2024-24402; PoC öffentlich ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2024/02/27/nagios-xi-schwachstellen-cve-2024-2...
∗∗∗ Mitsubishi Electric Multiple Factory Automation Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01
∗∗∗ Santesoft Sante DICOM Viewer Pro ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01
∗∗∗ VMSA-2024-0005 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2024-0005.html