===================== = End-of-Day report = =====================
Timeframe: Donnerstag 02-11-2023 18:00 − Freitag 03-11-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ New macOS KandyKorn malware targets cryptocurrency engineers ∗∗∗ --------------------------------------------- A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-t...
∗∗∗ Atlassian warns of exploit for Confluence data wiping bug, get patching ∗∗∗ --------------------------------------------- Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. --------------------------------------------- https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-fo...
∗∗∗ Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons ∗∗∗ --------------------------------------------- Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users. --------------------------------------------- https://www.darkreading.com/dr-global/spyware-designed-for-telegram-mods-als...
∗∗∗ Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments ∗∗∗ --------------------------------------------- The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. --------------------------------------------- https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
∗∗∗ 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems ∗∗∗ --------------------------------------------- A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said. --------------------------------------------- https://thehackernews.com/2023/11/48-malicious-npm-packages-found.html
∗∗∗ Prioritising Vulnerabilities Remedial Actions at Scale with EPSS ∗∗∗ --------------------------------------------- In this article, I’m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System. --------------------------------------------- https://itnext.io/prioritising-vulnerabilities-remedial-actions-at-scale-wit...
∗∗∗ Einstufung von Sicherheitslücken: Der CVSS-4.0-Standard ist da ∗∗∗ --------------------------------------------- Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen. --------------------------------------------- https://www.heise.de/-9352555
∗∗∗ Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand ∗∗∗ --------------------------------------------- Eigentlich soll es helfen, verlorene Dinge aufzuspüren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten. --------------------------------------------- https://www.heise.de/-9342791
∗∗∗ Lücke in VMware ONE UEM ermöglicht Login-Klau ∗∗∗ --------------------------------------------- Durch eine unsichere Weiterleitung können Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren Zugänge übernehmen. VMware stellt Updates bereit. --------------------------------------------- https://www.heise.de/-9352599
∗∗∗ Should you allow your browser to remember your passwords? ∗∗∗ --------------------------------------------- It’s very convenient to store your passwords in your browser. But is it a good idea? --------------------------------------------- https://www.malwarebytes.com/blog/news/2023/11/should-you-allow-your-browser...
∗∗∗ You’d be surprised to know what devices are still using Windows CE ∗∗∗ --------------------------------------------- Windows CE — an operating system that, despite being out for 27 years, never had an official explanation for why it was called “CE” — finally reached its official end-of-life period this week. This was Microsoft’s first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime. --------------------------------------------- https://blog.talosintelligence.com/threat-source-newsletter-nov-2-2023/
===================== = Vulnerabilities = =====================
∗∗∗ QNAP Security Advisories 2023-11-04 ∗∗∗ --------------------------------------------- QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on. --------------------------------------------- https://www.qnap.com/en-us/security-advisories
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile). --------------------------------------------- https://lwn.net/Articles/950061/
∗∗∗ Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7066311
∗∗∗ Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7066400