[CERT-daily] Tageszusammenfassung - 13.12.2023
Daily end-of-shift report
team at cert.at
Wed Dec 13 18:16:00 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 12-12-2023 18:00 − Mittwoch 13-12-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ FakeSG campaign, Akira ransomware and AMOS macOS stealer ∗∗∗
---------------------------------------------
In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS.
---------------------------------------------
https://securelist.com/crimeware-report-fakesg-akira-amos/111483/
∗∗∗ Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! ∗∗∗
---------------------------------------------
Wenn Sie auf willhaben über Kleinanzeigen Ware verkaufen oder kaufen wollen, dann sind Sie am besten vor Betrug geschützt, wenn Sie einige einfach Tipps beachten. Insbesondere sollten Sie sich aber nicht über den willhaben-Chat auf externe Kanäle leiten lassen.
---------------------------------------------
https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/
∗∗∗ A pernicious potpourri of Python packages in PyPI ∗∗∗
---------------------------------------------
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
∗∗∗ Web shell on a SonicWall SMA ∗∗∗
---------------------------------------------
Truesec Cybersecurity Incident Response Team (CSIRT) found a compromised SonicWall Secure Mobile Access (SonicWall SMA) device on which a threat actor (TA) had deployed a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades.
---------------------------------------------
https://www.truesec.com/hub/blog/web-shell-on-a-sonicwall-sma
∗∗∗ A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2 ∗∗∗
---------------------------------------------
This weakness enables attackers to remotely drop and call a web shell through a public interface.
---------------------------------------------
https://www.greynoise.io/blog/a-day-in-the-life-of-a-greynoise-researcher-the-path-to-understanding-the-remote-code-execution-vulnerability-apache-cve-2023-50164-in-apache-struts2
∗∗∗ Responding to CitrixBleed (CVE-2023-4966): Key Takeaways from Affected Companies ∗∗∗
---------------------------------------------
This critical security flaw has had a significant impact across various industries in the United States, including credit unions and healthcare services, marking it as one of the most critical vulnerabilities of 2023. Its relatively straightforward buffer overflow exploitability has raised major concerns.
---------------------------------------------
https://blog.morphisec.com/responding-to-citrixbleed
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft: OAuth apps used to automate BEC and cryptomining attacks ∗∗∗
---------------------------------------------
Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-oauth-apps-used-to-automate-bec-and-cryptomining-attacks/
∗∗∗ Final Patch Tuesday of 2023 goes out with a bang ∗∗∗
---------------------------------------------
Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Its the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/
∗∗∗ Patchday Microsoft: Outlook kann sich an Schadcode-E-Mail verschlucken ∗∗∗
---------------------------------------------
Microsoft hat wichtige Sicherheitsupdates für Azure, Defender & Co. veröffentlicht. Bislang soll es keine Attacken geben.
---------------------------------------------
https://www.heise.de/news/Patchday-Microsoft-Outlook-kann-sich-an-Schadcode-E-Mail-verschlucken-9573207.html
∗∗∗ Patchday: Adobe schließt 185 Sicherheitslücken in Experience Manager ∗∗∗
---------------------------------------------
Angreifer können Systeme mit Anwendungen von Adobe ins Visier nehmen. Nun hat der Softwarehersteller Schwachstellen geschlossen.
---------------------------------------------
https://www.heise.de/news/Patchday-Adobe-Adobe-schliesst-185-Sicherheitsluecken-in-Experience-Manager-9573244.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, [...]
---------------------------------------------
https://lwn.net/Articles/954921/
∗∗∗ Mal wieder Apache Struts: CVE-2023-50164 ∗∗∗
---------------------------------------------
Wir haben in der Vergangenheit ernsthaft schlechte Erfahrungen mit Schwachstellen in der Apache Struts Library gemacht. Etwa mit CVE-2017-5638 oder CVE-2017-9805. Insbesondere komplexe Webseiten/Portal, oft von größeren Firmen, wurden öfters in Java entwickelt und waren für eine Massenexploitation anfällig. Daher haben wir die Veröffentlichung einer neuen Schwachstelle in Struts CVE-2023-50164 mit dem CVSS Score von 9.8 initial als besorgniserregend eingestuft.
---------------------------------------------
https://cert.at/de/aktuelles/2023/12/mal-wieder-apache-struts-cve-2023-50164
∗∗∗ Apache Struts Vulnerability Affecting Cisco Products: December 2023 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-struts-C2kCMkmT
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Atos Unify Security Advisories ∗∗∗
---------------------------------------------
https://unify.com/en/support/security-advisories
∗∗∗ Fortiguard Security Advisories ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt
∗∗∗ Technical Advisory – Multiple Vulnerabilities in Nagios XI ∗∗∗
---------------------------------------------
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
∗∗∗ VMSA-2023-0027 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0027.html
∗∗∗ Command injection vulnerability in Bosch IP Cameras ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-638184-bt.html
∗∗∗ Denial of Service vulnerability in Bosch BT software products ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list