[CERT-daily] Tageszusammenfassung - 29.11.2023
Daily end-of-shift report
team at cert.at
Wed Nov 29 18:26:02 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-11-2023 18:00 − Mittwoch 29-11-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability ∗∗∗
---------------------------------------------
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat thats capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) [...]
---------------------------------------------
https://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html
∗∗∗ DJVU Ransomwares Latest Variant Xaro Disguised as Cracked Software ∗∗∗
---------------------------------------------
A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," [...]
---------------------------------------------
https://thehackernews.com/2023/11/djvu-ransomwares-latest-variant-xaro.html
∗∗∗ Okta Breach Impacted All Customer Support Users—Not 1 Percent ∗∗∗
---------------------------------------------
Okta upped its original estimate of customer support users affected by a recent breach from 1 percent to 100 percent, citing a “discrepancy.”
---------------------------------------------
https://www.wired.com/story/okta-breach-disclosure-all-customer-support-users/
∗∗∗ Scans zu kritischer Sicherheitslücke in ownCloud-Plugin ∗∗∗
---------------------------------------------
Die Schwachstelle im GraphAPI-Plugin kann zur unfreiwilligen Preisgabe der Admin-Zugangsdaten führen. ownCloud-Admins sollten schnell reagieren.
---------------------------------------------
https://www.heise.de/-9542895.html
∗∗∗ Sicherheitslücke: Schadcode-Attacken auf Solarwinds Platform möglich ∗∗∗
---------------------------------------------
Die Solarwinds-Entwickler haben zwei Schwachstellen in ihrer Monitoringsoftware geschlossen.
---------------------------------------------
https://www.heise.de/-9543391.html
∗∗∗ New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher ∗∗∗
---------------------------------------------
An academic researcher demonstrates BLUFFS, six novel attacks targeting Bluetooth sessions’ forward and future secrecy.
---------------------------------------------
https://www.securityweek.com/new-bluffs-bluetooth-attacks-have-large-scale-impact-researcher/
∗∗∗ Deepfake-Videos mit Armin Assinger führen zu Investitionsbetrug! ∗∗∗
---------------------------------------------
Aktuell kursieren auf Facebook, Instagram, TikTok und YouTube Werbevideos mit betrügerischen Inhalten. Dabei wird insbesondere das Gesicht Armin Assingers für Deepfakes eingesetzt. Armin Assinger werden mithilfe von Künstlicher Intelligenz (KI) Worte in den Mund gelegt, sodass dadurch betrügerische Investitionsplattformen beworben werden. Vorsicht: Folgen Sie diesen Links nicht, denn hier sind sämtliche Investments verloren!
---------------------------------------------
https://www.watchlist-internet.at/news/deepfake-videos-mit-armin-assinger-fuehren-zu-investitionsbetrug/
∗∗∗ Spyware Employs Various Obfuscation Techniques to Bypass Static Analysis ∗∗∗
---------------------------------------------
A look at some deceptive tactics used by malware authors in an effort to evade analysis.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/spyware-obfuscation-static-analysis
∗∗∗ Exploitation of Unitronics PLCs used in Water and Wastewater Systems ∗∗∗
---------------------------------------------
CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations [...]
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
∗∗∗ CISA Releases First Secure by Design Alert ∗∗∗
---------------------------------------------
Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design (SbD) Alert series. This SbD Alert urges software manufacturers to proactively prevent the exploitation of vulnerabilities in web management interfaces by designing and developing their products using SbD principles: [...]
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/29/cisa-releases-first-secure-design-alert
=====================
= Vulnerabilities =
=====================
∗∗∗ Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability ∗∗∗
---------------------------------------------
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library.
---------------------------------------------
https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html
∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
* ICSA-23-331-01 Delta Electronics InfraSuite Device Master
* ICSA-23-331-02 Franklin Electric Fueling Systems Colibri
* ICSA-23-331-03 Mitsubishi Electric GX Works2
* ICSMA-23-331-01 BD FACSChorus
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/28/cisa-releases-four-industrial-control-systems-advisories
∗∗∗ SolarWinds Platform 2023.4.2 Release Notes ∗∗∗
---------------------------------------------
SolarWinds Platform 2023.4.2 is a service release providing bug and security fixes for release 2023.4.
CVE-2023-40056: SQL Injection Remote Code Execution Vulnerability Severity: 8.0 (high)
---------------------------------------------
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm
∗∗∗ Arcserve Unified Data Protection Multiple Vulnerabilities ∗∗∗
---------------------------------------------
* CVE-2023-41998 - UDP Unauthenticated RCE
* CVE-2023-41999 - UDP Management Authentication Bypass
* CVE-2023-42000 - UDP Agent Unauthenticated Path Traversal File Upload
Solution: Upgrade to Arcserve UDP version 9.2 or later.
---------------------------------------------
https://www.tenable.com/security/research/tra-2023-37
∗∗∗ Sicherheitslücke in Hikvision-Kameras und NVR ermöglicht unbefugten Zugriff ∗∗∗
---------------------------------------------
Verschiedene Modelle des chinesischen Herstellers gestatteten Angreifern den unbefugten Zugriff. Auch andere Marken sind betroffen, Patches stehen bereit.
---------------------------------------------
https://www.heise.de/-9543336.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib, ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler).
---------------------------------------------
https://lwn.net/Articles/953226/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list