[CERT-daily] Tageszusammenfassung - 06.10.2023
Daily end-of-shift report
team at cert.at
Fri Oct 6 18:09:52 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 05-10-2023 18:00 − Freitag 06-10-2023 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Exploits released for Linux flaw giving root on major distros ∗∗∗
---------------------------------------------
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Librarys dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploits-released-for-linux-flaw-giving-root-on-major-distros/
∗∗∗ Jetzt patchen! Exploits für glibc-Lücke öffentlich verfügbar ∗∗∗
---------------------------------------------
Nachdem der Bug in der Linux-Bibliothek glibc am vergangenen Dienstag bekannt wurde, sind nun zuverlässig funktionierende Exploits aufgetaucht.
---------------------------------------------
https://www.heise.de/-9326518
∗∗∗ Finanzbetrug per Telefon: Ignorieren Sie Anrufer:innen, die Sie zu Investitionen überreden wollen ∗∗∗
---------------------------------------------
Finanzbetrug ist ein lukratives Geschäft. Der finanzielle Schaden für die Betroffenen ist oft enorm. Gleichzeitig ist der Finanzmarkt streng reguliert, um Betrug in diesem Bereich zu erschweren. Das ist mit ein Grund, wieso Betrüger:innen immer wieder neue Wege finden, um an ihre Opfer zu kommen. Aktuell berichten unsere Leser:innen vermehrt davon, dass sie von Kriminellen angerufen und direkt am Telefon zu Investments überredet werden.
---------------------------------------------
https://www.watchlist-internet.at/news/finanzbetrug-per-telefon-ignorieren-sie-anruferinnen-die-sie-zu-investitionen-ueberreden-wollen/
∗∗∗ Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform ∗∗∗
---------------------------------------------
In this article, we will discuss this issue of how malware authors use obfuscation to make analyzing their Android malware more challenging. We will review two such case studies to illustrate those obfuscation techniques in action. Finally, we’ll cover some overall techniques researchers can use to address these obstacles.
---------------------------------------------
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
∗∗∗ Microsoft: Human-operated ransomware attacks tripled over past year ∗∗∗
---------------------------------------------
Human-operated ransomware attacks are up more than 200% since September 2022, according to researchers from Microsoft, who warned that it could represent a shift in the cybercrime underground.
---------------------------------------------
https://therecord.media/human-operated-ransomware-attacks-report-microsoft
∗∗∗ New tool: le-hex-to-ip.py, (Thu, Oct 5th) ∗∗∗
---------------------------------------------
So, this week it is my privilege to be TA-ing for Taz Wake for the beta run of his new class FOR577: Linux Incident Response and Threat Hunting. We were looking in the linux /proc filesystem and were noticing in the /proc//net/{tcp/udp/icmp/...} that the IP addresses were listed in hex, but little-endian. I immediately remembered Didier's Handler's Diary from last week about the IPs in the event logs that were in decimal and little endian.
---------------------------------------------
https://isc.sans.edu/diary/rss/30284
∗∗∗ NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations ∗∗∗
---------------------------------------------
The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitsupdate: Root-Lücke bedroht Dell SmartFabric Storage Software ∗∗∗
---------------------------------------------
Dell hat mehrere gefährliche Sicherheitslücken in SmartFabric Storage Software geschlossen.
---------------------------------------------
https://www.heise.de/-9326738
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (grub2, libvpx, libx11, libxpm, and qemu), Fedora (firefox, matrix-synapse, tacacs, thunderbird, and xrdp), Oracle (glibc), Red Hat (bind, bind9.16, firefox, frr, ghostscript, glibc, ImageMagick, libeconf, python3.11, python3.9, and thunderbird), Scientific Linux (ImageMagick), SUSE (kernel, libX11, and tomcat), and Ubuntu (linux-hwe-5.15, linux-oracle-5.15).
---------------------------------------------
https://lwn.net/Articles/946848/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list