[CERT-daily] Tageszusammenfassung - 10.11.2023
Daily end-of-shift report
team at cert.at
Fri Nov 10 18:08:10 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 09-11-2023 18:00 − Freitag 10-11-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Ducktail fashion week ∗∗∗
---------------------------------------------
The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers.
---------------------------------------------
https://securelist.com/ducktail-fashion-week/111017/
∗∗∗ Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th) ∗∗∗
---------------------------------------------
The threat actor attempts to add my honeypot into a botnet so the threat actor can carry out DDoS attacks. The vulnerabilities used for the attack were default credentials and CVE-2017-17215. To prevent these attacks, make sure systems are patched and using strong credentials.
---------------------------------------------
https://isc.sans.edu/diary/rss/30390
∗∗∗ Malware: Mehr als 600 Millionen Downloads 2023 in Google Play ∗∗∗
---------------------------------------------
Kaspersky hat in diesem Jahr bereits mehr als 600 Millionen Malware-Downloads aus dem Google-Play-Store gezählt. Der bleibt aber sicherste Paketquelle.
---------------------------------------------
https://www.heise.de/news/Malware-Mehr-als-600-Millionen-Downloads-2023-in-Google-Play-9358247.html
∗∗∗ Demystifying Cobalt Strike’s “make_token” Command ∗∗∗
---------------------------------------------
Cobalt Strike provides the make_token command to achieve a similar result to runas /netonly.
---------------------------------------------
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
∗∗∗ High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites ∗∗∗
---------------------------------------------
Clickbait articles are highlighted in this article. A jump in compromised sites exploiting CVE-2023-3169 stresses the danger of web-based threats.
---------------------------------------------
https://unit42.paloaltonetworks.com/dangers-of-clickbait-sites/
∗∗∗ Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 ∗∗∗
---------------------------------------------
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), [...]
---------------------------------------------
https://lwn.net/Articles/951066/
∗∗∗ Multiple Vulnerabilities in QuMagie ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-50
∗∗∗ Vulnerability in QTS, QuTS hero, and QuTScloud ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-24
∗∗∗ AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7068084
∗∗∗ Multiple vulnerabilities in Eclipse Jetty affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7070298
∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7070548
∗∗∗ Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7070539
∗∗∗ IBM QRadar SIEM contains multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7070736
∗∗∗ Ivanti Secure Access Client security notifications ∗∗∗
---------------------------------------------
https://www.ivanti.com/blog/ivanti-secure-access-client-security-notifications
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list