[CERT-daily] Tageszusammenfassung - 06.12.2022

Daily end-of-shift report team at cert.at
Tue Dec 6 18:13:54 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-12-2022 18:00 − Dienstag 06-12-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers hijack Linux devices using PRoot isolated filesystems ∗∗∗
---------------------------------------------
Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-hijack-linux-devices-using-proot-isolated-filesystems/


∗∗∗ Sneaky hackers reverse defense mitigations when detected ∗∗∗
---------------------------------------------
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/


∗∗∗ Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers., (Tue, Dec 6th) ∗∗∗
---------------------------------------------
Since 2014, self-replicating variants of DDoS attacks against routers and Linux-based IoT devices have been rampant. Gafgyt botnets target vulnerable IoT devices and use them to launch large-scale distributed denial-of-service attacks. SOHO and IoT devices are ubiquitous, less likely to have secure configurations or routine patches, and more likely to be at the internet edge.
---------------------------------------------
https://isc.sans.edu/diary/rss/29304


∗∗∗ Building A Virtual Machine inside ChatGPT ∗∗∗
---------------------------------------------
Did you know, that you can run a whole virtual machine inside of ChatGPT?
---------------------------------------------
https://www.engraved.blog/building-a-virtual-machine-inside/


∗∗∗ Exploring Prompt Injection Attacks ∗∗∗
---------------------------------------------
Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning.
---------------------------------------------
https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/


∗∗∗ Phishing-Mail „Erneut identifizieren“ im Namen der WKO ignorieren! ∗∗∗
---------------------------------------------
Unternehmerinnen und Unternehmer aufgepasst: Aktuell versenden Kriminelle Phishing-Mails im Namen der Wirtschaftskammer Österreich. Man spielt Ihnen vor, dass eine neuerliche Identifikation notwendig wäre. Ignorieren Sie die Nachricht, denn auf der verlinkten Website eingegebene Daten landen in den Händen Krimineller.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-mail-erneut-identifizieren-im-namen-der-wko-ignorieren/


∗∗∗ Vice Society: Profiling a Persistent Threat to the Education Sector ∗∗∗
---------------------------------------------
Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.
---------------------------------------------
https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/


∗∗∗ Tractors vs. threat actors: How to hack a farm ∗∗∗
---------------------------------------------
Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat.
---------------------------------------------
https://www.welivesecurity.com/2022/12/05/tractors-threat-actors-how-hack-farm/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NETGEAR Nighthawk WiFi6 Router Network Misconfiguration ∗∗∗
---------------------------------------------
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers.
---------------------------------------------
https://www.tenable.com/security/research/tra-2022-36


∗∗∗ Patchday: Schadcode über Bluetooth auf Android-Geräte schieben ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Android 10, 11, 12, 12L und 13. Google hat unter anderem vier kritische Lücken geschlossen.
---------------------------------------------
https://heise.de/-7367211


∗∗∗ Virenschutz: Rechteausweitung durch Schwachstelle in AVG und Avast ∗∗∗
---------------------------------------------
Die Virenscanner von AVG und Avast hätten Angreifern ermöglichen können, ihre Rechte im System auszuweiten. Updates zum Beheben des Fehlers sind verfügbar.
---------------------------------------------
https://heise.de/-7367529


∗∗∗ Schwachstelle in Trend Micros Apex One ermöglicht Rechteausweitung ∗∗∗
---------------------------------------------
Der Virenschutz Apex One von Trend Micro enthält Sicherheitslücken, durch die Angreifer ihre Rechte ausweiten oder Dateien auf dem System löschen lassen können.
---------------------------------------------
https://heise.de/-7367824


∗∗∗ Server-Wartung: Gefährliche BMC-Lücken könnte Supply-Chain-Attacken auslösen ∗∗∗
---------------------------------------------
Sicherheitsforscher sind unter anderem auf eine kritische Sicherheitslücke in Baseboard Management Controllern von American Megatrend gestoßen.
---------------------------------------------
https://heise.de/-7367963


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Ubuntu (binutils and ca-certificates).
---------------------------------------------
https://lwn.net/Articles/917080/


∗∗∗ Schwachstelle in Citrix Workspace App for Windows ermöglicht Passwort-Klau ∗∗∗
---------------------------------------------
Der Hersteller Citrix warnt seit September 2022 vor einiger Schwachstelle in seiner Citrix Workspace App.
---------------------------------------------
https://www.borncity.com/blog/2022/12/06/schwachstelle-in-citrix-workspace-app-for-windows-ermglicht-passwort-klau/


∗∗∗ Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered ∗∗∗
---------------------------------------------
Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-nvidia-driver-memory-corruption-vulnerabilities-discovered/


∗∗∗ Multiple critical vulnerabilities in ILIAS eLearning platform ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/


∗∗∗ XSA-424 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-424.html


∗∗∗ XSA-423 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-423.html


∗∗∗ Edge 108.0.1462.42 als Sicherheitsupdate ∗∗∗
---------------------------------------------
https://www.borncity.com/blog/2022/12/06/edge-108-0-1462-41-42-als-sicherheitsupdates/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list