[CERT-daily] Tageszusammenfassung - 16.05.2023
Daily end-of-shift report
team at cert.at
Tue May 16 19:18:59 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Montag 15-05-2023 18:00 − Dienstag 16-05-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ VirusTotal AI code analysis expands Windows, Linux script support ∗∗∗
---------------------------------------------
Google has added support for more scripting languages to VirusTotal Code Insight, a recently introduced artificial intelligence-based code analysis feature.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/virustotal-ai-code-analysis-expands-windows-linux-script-support/
∗∗∗ Open-source Cobalt Strike port Geacon used in macOS attacks ∗∗∗
---------------------------------------------
Geacon, a Go-based implementation of the beacon from the widely abused penetration testing suite Cobalt Strike, is being used more and more to target macOS devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/open-source-cobalt-strike-port-geacon-used-in-macos-attacks/
∗∗∗ Signals Defense With Faraday Bags & Flipper Zero, (Tue, May 16th) ∗∗∗
---------------------------------------------
There are situations where it is desired to block signals between devices. Commonly scenarios are when traveling, in a location of uncertain safety, or otherwise concerned with data privacy and geolocation. I was curious how well a faraday bags and similar products protected wireless communications.
---------------------------------------------
https://isc.sans.edu/diary/rss/29840
∗∗∗ Triple Threat: Breaking Teltonika Routers Three Ways ∗∗∗
---------------------------------------------
Comprehensive research was conducted on Teltonika Networks’ IIoT products, with a focus on industrial cellular devices widely used in various industries, specifically, the Teltonika Remote Management System, and RUT model routers.
---------------------------------------------
https://claroty.com/team82/research/triple-threat-breaking-teltonika-routers-three-ways
∗∗∗ You’ve been kept in the dark (web): exposing Qilin’s RaaS program ∗∗∗
---------------------------------------------
All you need to know about Qilin ransomware and its operations targeting critical sectors.
---------------------------------------------
https://www.group-ib.com/blog/qilin-ransomware/
∗∗∗ Seitenkanalangriff auf Cortex-M: Zugriff auf sensible Informationen ∗∗∗
---------------------------------------------
Auf der Blackhat Asia haben IT-Forscher Seitenkanalangriffe auf ARM-Cortex-M-Mikroprozessoren vorgestellt. Sie ermöglichen Zugriff auf sensible Informationen.
---------------------------------------------
https://heise.de/-9057108
∗∗∗ It’s always DNS, here’s why… ∗∗∗
---------------------------------------------
There’s an old adage in network and Internet support: When something breaks in any network “it was DNS”. Sadly it’s usually true.
---------------------------------------------
https://www.pentestpartners.com/security-blog/its-always-dns-heres-why/
∗∗∗ Vorsicht vor Anrufen von „austriamegachance.com“ ∗∗∗
---------------------------------------------
Ihr Telefon klingelt. Austria Mega Chance meldet sich, eine Lotto-Tipp-Dienstleistung. Ihnen werden hohe Gewinnchancen beim Lotto versprochen und eine Dienstleistung für Gemeinschaftstipps angeboten. Die aufdringliche Person entlockt Ihnen Kontodaten. Einige Zeit später werden Ihnen dann monatlich, ohne schriftliche Infos oder einen Vertrag unterschieben zu haben, knapp 70 Euro von Ihrem Konto abgebucht. Wir zeigen Ihnen, was Sie tun können!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-anrufen-von-austriamegachancecom/
∗∗∗ Microsoft SharePoint scannt Password-geschützte ZIP-Archive ∗∗∗
---------------------------------------------
Es sieht so aus, dass Microsoft in seinen Cloud-Speichern auch ZIP-Archive auf schädliche Inhalte (und ggf. weitere Inhalte) scannt – auch Archive, die vom Benutzer mit einem Kennwort vor der Einsichtnahme geschützt sind.
---------------------------------------------
https://www.borncity.com/blog/2023/05/16/microsoft-sharepoint-scannt-password-geschtzte-zip-archive/
∗∗∗ The Dragon Who Sold His Camaro: Analyzing Custom Router Implant ∗∗∗
---------------------------------------------
Through our investigation, we have gained a deeper comprehension of the ways in which attackers are employing malware to target edge devices, particularly routers. Our efforts have led us to uncover several of the tactics and tools utilized by Camaro Dragon in their attacks.
---------------------------------------------
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
∗∗∗ 8220 Gang Evolves With New Strategies ∗∗∗
---------------------------------------------
We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/e/8220-gang-evolution-new-strategies-adapted.html
∗∗∗ How to Write a PoC for an Uninitialized Smart Contract Vulnerability in BadgerDAO Using Foundry ∗∗∗
---------------------------------------------
In this post, we’re going to learn how Foundry can be used to write a proof of concept (PoC) for uninitialized smart contract vulnerabilities.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/how-to-write-a-poc-for-an-uninitialized-smart-contract-vulnerability-in-badgerdao-using-foundry
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM Cloud Pak for Network Automation, IBM Control Desk, IBM Maximo, IBM Edge Application Manager, IBM Cloud Automation Manager, Tivoli Monitoring, IBM Business Monitor, IBM Business Automation Workflow Enterprise Service Bus, WebSphere Application Server, Tivoli Application Dependency Discovery Manager, IBM Operations Analytics - Predictive Insights, IBM Security Verify Information Queue.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ CISA Releases Three Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
* ICSA-23-136-02 Rockwell ArmorStart
* ICSA-23-136-03 Rockwell Automation FactoryTalk Vantagepoint
* ICSA-23-136-01 Snap One OvrC Cloud
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/05/16/cisa-releases-three-industrial-control-systems-advisories
∗∗∗ JavaScript-Sandbox vm2: PoC zeigt neuen Sandbox-Ausbruch ∗∗∗
---------------------------------------------
Eine kritische Lücke in der JavaScript-Sandbox vm2 können Angreifer zum Ausbruch missbrauchen. Aktualisierte Software steht bereit, die die Lücken schließt.
---------------------------------------------
https://heise.de/-9056842
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (epiphany-browser, python-ipaddress, and sqlparse), Fedora (python-django3 and qemu), Red Hat (apr-util, autotrace, bind, bind9.16, container-tools:4.0, container-tools:rhel8, ctags, curl, device-mapper-multipath, dhcp, edk2, emacs, freeradius:3.0, freerdp, frr, gcc-toolset-12-binutils, git, git-lfs, go-toolset:rhel8, grafana, grafana-pcp, gssntlmssp, Image Builder, kernel, kernel-rt, libarchive, libreswan, libtar, libtiff, mingw-expat, mysql:8.0, net-snmp, pcs, php:7.4, poppler, postgresql-jdbc, python-mako, python27:2.7, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, samba, sysstat, tigervnc, unbound, virt:rhel and virt-devel:rhel, wayland, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (dmidecode, postgresql13, prometheus-sap_host_exporter, python-cryptography, rekor, and thunderbird), and Ubuntu (firefox, matrix-synapse, and mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/932033/
∗∗∗ D-Link DIR-2150 DIR-2150 Firmware Release Notes v1.06 ∗∗∗
---------------------------------------------
https://support.dlink.com.au/Download/download.aspx?product=DIR-2150
∗∗∗ XSA-431 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-431.html
∗∗∗ Zahlreiche Schwachstellen in Serenity and StartSharp Software ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstellen-in-serenity-and-startsharp-software/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list