[CERT-daily] Tageszusammenfassung - 23.02.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 22-02-2023 18:00 − Donnerstag 23-02-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New S1deload Stealer malware hijacks Youtube, Facebook accounts ∗∗∗
---------------------------------------------
An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-s1deload-stealer-malware-hijacks-youtube-facebook-accounts/


∗∗∗ Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries ∗∗∗
---------------------------------------------
Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.
---------------------------------------------
https://thehackernews.com/2023/02/python-developers-warned-of-trojanized.html


∗∗∗ Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products ∗∗∗
---------------------------------------------
Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers.
---------------------------------------------
https://thehackernews.com/2023/02/experts-sound-alarm-over-growing.html


∗∗∗ OffSec Tools ∗∗∗
---------------------------------------------
This repository is intended for pentesters and red teamers using a variety of offensive security tools during their assessments. The repository is a collection of useful tools suitable for assessments in internal environments.
---------------------------------------------
https://github.com/Syslifters/offsec-tools


∗∗∗ Technical Analysis of BlackBasta Ransomware 2.0 ∗∗∗
---------------------------------------------
Zscaler ThreatLabz has been tracking prominent ransomware families and their tactics, techniques and procedures (TTPs) including the BlackBasta ransomware family. On November 16, 2022, ThreatLabz identified new samples of the BlackBasta ransomware that had significantly lower antivirus detection rates.
---------------------------------------------
https://www.zscaler.com/blogs/security-research/back-black-basta


∗∗∗ Users looking for ChatGPT apps get malware instead ∗∗∗
---------------------------------------------
The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cyber criminals: they are exploiting the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visit phishing pages.
---------------------------------------------
https://www.helpnetsecurity.com/2023/02/23/chatgpt-windows-android/


∗∗∗ Stealthy Mac Malware Delivered via Pirated Apps ∗∗∗
---------------------------------------------
Cybercriminals are delivering stealthy cryptojacking malware to Macs using pirated apps and they could use the same method for other malware.
---------------------------------------------
https://www.securityweek.com/stealthy-mac-malware-delivered-via-pirated-apps/


∗∗∗ Anti-Forensic Techniques Used By Lazarus Group ∗∗∗
---------------------------------------------
Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group.
---------------------------------------------
https://asec.ahnlab.com/en/48223/


∗∗∗ ChromeLoader Disguised as Illegal Game Programs Being Distributed ∗∗∗
---------------------------------------------
Since the previous year, there has been a steady increase in cases where disk image files, such as ISO and VHD, have been used in malware distribution. These have been covered several times in previous ASEC blog posts. This post will cover a recent discovery of ChromeLoader being distributed using VHD files.
---------------------------------------------
https://asec.ahnlab.com/en/48211/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities ∗∗∗
---------------------------------------------
Two of the vulnerabilities are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10.
---------------------------------------------
https://blog.talosintelligence.com/vuln-spotlight-eip-stack-group-feb-2023/


∗∗∗ BIOS-Sicherheitsupdates: HP-Computer für Schadcode-Attacken anfällig ∗∗∗
---------------------------------------------
In aktualisierten BIOS-Versionen für HP-Computer haben die Entwickler mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-7524562


∗∗∗ Firewall-Distribution: pfSense 23.01 schließt Sicherheitslücken ∗∗∗
---------------------------------------------
In der Firewall-Distribution pfSense 23.01 haben die Entwickler mehrere Sicherheitslücken geschlossen. Die Basis haben sie auch auf aktuellen Stand gehievt.
---------------------------------------------
https://heise.de/-7525432


∗∗∗ Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023) ∗∗∗
---------------------------------------------
Last week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.
---------------------------------------------
https://www.wordfence.com/blog/2023/02/wordfence-intelligence-ce-weekly-vulnerability-report-feb-13-2023-to-feb-19-2023/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox and thunderbird), Debian (asterisk, git, mariadb-10.3, node-url-parse, python-cryptography, and sofia-sip), Fedora (c-ares, golang-github-need-being-tree, golang-helm-3, golang-oras, golang-oras-1, and golang-oras-2), Oracle (httpd:2.4, kernel, php:8.0, python-setuptools, python3, samba, systemd, tar, and webkit2gtk3), Red Hat (webkit2gtk3), SUSE (phpMyAdmin, poppler, and postgresql12), and Ubuntu (dcmtk and linux-hwe).
---------------------------------------------
https://lwn.net/Articles/924236/


∗∗∗ Case update: DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software ∗∗∗
---------------------------------------------
https://csirt.divd.nl/cases/DIVD-2022-00052/


∗∗∗ Vulnerability in sqlite affects IBM VM Recovery Manager HA GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957680


∗∗∗ Vulnerability in sqlite affects IBM VM Recovery Manager DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957708


∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957710


∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager HA GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957714


∗∗∗ CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957754


∗∗∗ CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957758


∗∗∗ CVE-2022-3509 and CVE-2022-3171 may affect IBM TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957764

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily