===================== = End-of-Day report = =====================
Timeframe: Donnerstag 09-11-2023 18:00 − Freitag 10-11-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Ducktail fashion week ∗∗∗ --------------------------------------------- The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers. --------------------------------------------- https://securelist.com/ducktail-fashion-week/111017/
∗∗∗ Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th) ∗∗∗ --------------------------------------------- The threat actor attempts to add my honeypot into a botnet so the threat actor can carry out DDoS attacks. The vulnerabilities used for the attack were default credentials and CVE-2017-17215. To prevent these attacks, make sure systems are patched and using strong credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/30390
∗∗∗ Malware: Mehr als 600 Millionen Downloads 2023 in Google Play ∗∗∗ --------------------------------------------- Kaspersky hat in diesem Jahr bereits mehr als 600 Millionen Malware-Downloads aus dem Google-Play-Store gezählt. Der bleibt aber sicherste Paketquelle. --------------------------------------------- https://www.heise.de/news/Malware-Mehr-als-600-Millionen-Downloads-2023-in-G...
∗∗∗ Demystifying Cobalt Strike’s “make_token” Command ∗∗∗ --------------------------------------------- Cobalt Strike provides the make_token command to achieve a similar result to runas /netonly. --------------------------------------------- https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_to...
∗∗∗ High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites ∗∗∗ --------------------------------------------- Clickbait articles are highlighted in this article. A jump in compromised sites exploiting CVE-2023-3169 stresses the danger of web-based threats. --------------------------------------------- https://unit42.paloaltonetworks.com/dangers-of-clickbait-sites/
∗∗∗ Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 ∗∗∗ --------------------------------------------- We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cv...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), [...] --------------------------------------------- https://lwn.net/Articles/951066/
∗∗∗ Multiple Vulnerabilities in QuMagie ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-23-50
∗∗∗ Vulnerability in QTS, QuTS hero, and QuTScloud ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-23-24
∗∗∗ AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7068084
∗∗∗ Multiple vulnerabilities in Eclipse Jetty affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7070298
∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7070548
∗∗∗ Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7070539
∗∗∗ IBM QRadar SIEM contains multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7070736
∗∗∗ Ivanti Secure Access Client security notifications ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/ivanti-secure-access-client-security-notificatio...