===================== = End-of-Day report = =====================

Timeframe: Montag 23-01-2023 18:00 − Dienstag 24-01-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

===================== = News = =====================

∗∗∗ Hackers use Golang source code interpreter to evade detection ∗∗∗ --------------------------------------------- A Chinese-speaking hacking group tracked as DragonSpark was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-golang-source-cod...

∗∗∗ Microsoft 365 to block downloaded Excel XLL add-ins to boost security ∗∗∗ --------------------------------------------- Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-block-downl...

∗∗∗ Emotet Malware Makes a Comeback with New Evasion Techniques ∗∗∗ --------------------------------------------- The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. --------------------------------------------- https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.htm...

∗∗∗ Identitätsdiebstahl: Erste Hilfe bei Onlinebetrug unter Ihrem Namen ∗∗∗ --------------------------------------------- Kriminelle kaufen mit illegal erworbenen Login-Daten auf Ihre Rechnung ein oder posten Beschimpfungen in Ihrem Namen? Das sollten Sie jetzt tun. --------------------------------------------- https://heise.de/-7452745

∗∗∗ A security audit of Git ∗∗∗ --------------------------------------------- The Open Source Technology Improvement Fund has announced the completion of a security audit of the Git source. --------------------------------------------- https://lwn.net/Articles/921067/

∗∗∗ OSINT your OT suppliers ∗∗∗ --------------------------------------------- There is much talk about supply chain security and reviewing your suppliers for cyber security. But how much information do they intentionally and unintentionally leak about your organisation online? --------------------------------------------- https://www.pentestpartners.com/security-blog/osint-your-ot-suppliers/

∗∗∗ Facebook: E-Bike-Gewinnspiele sind Fake ∗∗∗ --------------------------------------------- Mit „Danke“ kommentieren und E-Bike gewinnen: Dieses Gewinnspiel macht gerade auf Facebook die Runde. Angeblich haben die Fahrräder kleine Kratzer, die Motoren funktionieren aber einwandfrei. Vorsicht: Das Gewinnspiel ist Fake. --------------------------------------------- https://www.watchlist-internet.at/news/facebook-e-bike-gewinnspiele-sind-fak...

∗∗∗ Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats ∗∗∗ --------------------------------------------- We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek. --------------------------------------------- https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/

∗∗∗ Vice Society Ransomware Group Targets Manufacturing Companies ∗∗∗ --------------------------------------------- In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group...

∗∗∗ A step-by-step introduction to the use of ROP gadgets to bypass DEP ∗∗∗ --------------------------------------------- DEP (Data Execution Prevention) is a memory protection feature that allows the system to mark memory pages as non-executable. ROP (Return-oriented programming) is an exploit technique that allows an attacker to execute shellcode with protections such as DEP enabled. --------------------------------------------- https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadget...

===================== = Vulnerabilities = =====================

∗∗∗ Sicherheitsupdate: Symantec Endpoint Protection als Sprungbrett für Angreifer ∗∗∗ --------------------------------------------- Aufgrund einer Schwachstelle könnten Angreifer Windows-PCs mit Sicherheitssoftware von Symantec attackieren. --------------------------------------------- https://heise.de/-7468961

∗∗∗ iOS 16.3, iPadOS 16.3 und macOS 13.2: Welche Lücken Apple stopft ∗∗∗ --------------------------------------------- Erneut bekommen Macs, iPhones und iPads jede Menge Sicherheitsfixes. Zu den Details schweigt sich Apple teilweise mal wieder aus. --------------------------------------------- https://heise.de/-7469023

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and spip), Fedora (kernel), Mageia (chromium-browser-stable, docker, firefox, jpegoptim, nautilus, net-snmp, phoronix-test-suite, php, php-smarty, samba, sdl2, sudo, tor, viewvc, vim, virtualbox, and x11-server), Red Hat (bash, curl, dbus, expat, firefox, go-toolset, golang, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, kpatch-patch, libreoffice, libtasn1, libtiff, libxml2, libXpm, nodejs, nodejs-nodemon, pcs, postgresql-jdbc, [...] --------------------------------------------- https://lwn.net/Articles/921024/

∗∗∗ Critical Vulnerabilities Patched in OpenText Enterprise Content Management System ∗∗∗ --------------------------------------------- Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product. --------------------------------------------- https://www.securityweek.com/critical-vulnerabilities-patched-opentext-enter...

∗∗∗ Pgpool-II vulnerable to information disclosure ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN72418815/

∗∗∗ pgAdmin 4 vulnerable to directory traversal ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN01398015/

∗∗∗ VMSA-2023-0001 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0001.html

∗∗∗ XINJE XD ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-23-024-01

∗∗∗ SOCOMEC MODULYS GP ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-23-024-02

∗∗∗ IBM WebSphere Application Server traditional container is vulnerable to information disclosure (CVE-2022-43917) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6857007

∗∗∗ Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6857039

∗∗∗ FileNet Content Manager GraphQL jackson-databind security vulnerabilities, affected but not vulnerable ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6857047

∗∗∗ Multiple vulnerabilities in OpenSSL affect AIX ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6857295