[CERT-daily] Tageszusammenfassung - 22.12.2023
Daily end-of-shift report
team at cert.at
Fri Dec 22 18:50:54 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-12-2023 18:00 − Freitag 22-12-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Microsoft: Hackers target defense firms with new FalseFont malware ∗∗∗
---------------------------------------------
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/
∗∗∗ Europol warns 443 online shops infected with credit card stealers ∗∗∗
---------------------------------------------
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/europol-warns-443-online-shops-infected-with-credit-card-stealers/
∗∗∗ Have your data and hide it too: An introduction to differential privacy ∗∗∗
---------------------------------------------
Providing software and web services that deliver value for users often requires measuring user behavior. In this blog we discuss emerging cryptographic and statistical techniques that enable collecting such measurements without violating user privacy
---------------------------------------------
https://blog.cloudflare.com/have-your-data-and-hide-it-too-an-introduction-to-differential-privacy
∗∗∗ Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware ∗∗∗
---------------------------------------------
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer.
---------------------------------------------
https://thehackernews.com/2023/12/multi-million-dollar-predator-spyware.html
∗∗∗ Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware ∗∗∗
---------------------------------------------
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers unfamiliarity can hamper their investigation," [...]
---------------------------------------------
https://thehackernews.com/2023/12/decoy-microsoft-word-documents-used-to.html
∗∗∗ Cyber sleuths reveal how they infiltrate the biggest ransomware gangs ∗∗∗
---------------------------------------------
How do you break into the bad guys ranks? Master the lingo and research, research, research
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/12/22/how_to_infiltrate_ransomware_gangs/
∗∗∗ Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher ∗∗∗
---------------------------------------------
A researcher has shown how malicious actors can create custom GPTs that can phish for credentials and exfiltrate them to external servers.
---------------------------------------------
https://www.securityweek.com/malicious-gpt-can-phish-credentials-exfiltrate-them-to-external-server-researcher/
∗∗∗ CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool ∗∗∗
---------------------------------------------
CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/12/21/cisa-releases-microsoft-365-secure-configuration-baselines-and-scubagear-tool
∗∗∗ Python Packages Leverage GitHub to Deploy Fileless Malware ∗∗∗
---------------------------------------------
In early December, a number of malicious Python packages captured our attention, not just because of their malicious nature, but for the cleverness of their deployment strategy.
---------------------------------------------
https://checkmarx.com/blog/python-packages-leverage-github-to-deploy-fileless-malware/
=====================
= Vulnerabilities =
=====================
∗∗∗ ZDI Security Advisories ∗∗∗
---------------------------------------------
BlueZ, Kofax Power PDF
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bluez, chromium, gst-plugins-bad1.0, openssh, and thunderbird), Fedora (chromium, firefox, kernel, libssh, nss, opensc, and thunderbird), Gentoo (Arduino, Exiv2, LibRaw, libssh, NASM, and QtWebEngine), Mageia (gstreamer), and SUSE (gnutls, gstreamer-plugins-bad, libcryptopp, libqt5-qtbase, ppp, tinyxml, xorg-x11-server, and zbar).
---------------------------------------------
https://lwn.net/Articles/956012/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list