===================== = End-of-Day report = =====================

Timeframe: Donnerstag 14-12-2023 18:00 − Freitag 15-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

===================== = News = =====================

∗∗∗ Ten new Android banking trojans targeted 985 bank apps in 2023 ∗∗∗ --------------------------------------------- This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ten-new-android-banking-troja...

∗∗∗ Fake-Werbeanzeige auf Facebook & Instagram: „Verlorenes Gepäck für nur 1,95 €!“ ∗∗∗ --------------------------------------------- Im Namen des „Vienna International Airport“ schalten Kriminelle aktuell betrügerische Anzeigen und behaupten, dass verloren gegangene Koffer für knapp 2 Euro verkauft werden. --------------------------------------------- https://www.watchlist-internet.at/news/fake-werbeanzeige-auf-facebook-instag...

∗∗∗ OilRig’s persistent attacks using cloud service-powered downloaders ∗∗∗ --------------------------------------------- ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cl...

∗∗∗ New Hacker Group GambleForce Hacks Targets with Open Source Tools ∗∗∗ --------------------------------------------- Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. --------------------------------------------- https://www.hackread.com/gambleforce-hacks-targets-open-source-tools/

∗∗∗ Mining The Undiscovered Country With GreyNoise EAP Sensors: F5 BIG-IP Edition ∗∗∗ --------------------------------------------- Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community. --------------------------------------------- https://www.greynoise.io/blog/mining-the-undiscovered-country-with-greynoise...

∗∗∗ Opening a new front against DNS-based threats ∗∗∗ --------------------------------------------- There are multiple ways in which threat actors can leverage DNS to carry out attacks. We will provide a an introduction to DNS threat landscape.The post Opening a new front against DNS-based threats appeared first on Avast Threat Labs. --------------------------------------------- https://decoded.avast.io/threatintel/opening-a-new-front-against-dns-based-t...

===================== = Vulnerabilities = =====================

∗∗∗ Ubiquiti: Nutzer konnten auf fremde Sicherheitskameras zugreifen ∗∗∗ --------------------------------------------- Teilweise erhielten Anwender sogar Benachrichtigungen auf ihre Smartphones, in denen Bilder der fremden Kameras enthalten waren. --------------------------------------------- https://www.golem.de/news/ubiquiti-nutzer-konnten-auf-fremde-sicherheitskame...

∗∗∗ New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now ∗∗∗ --------------------------------------------- Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. --------------------------------------------- https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.htm...

∗∗∗ Squid-Proxy: Denial of Service durch Endlosschleife ∗∗∗ --------------------------------------------- Schickt ein Angreifer einen präparierten HTTP-Header an den Proxy-Server, kann er ihn durch eine unkontrollierte Rekursion zum Stillstand bringen. --------------------------------------------- https://www.heise.de/news/Squid-Proxy-Denial-of-Service-durch-Endlosschleife...

∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, [...] --------------------------------------------- https://lwn.net/Articles/955336/

∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/

∗∗∗ Unitronics Vision Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-15