[CERT-daily] Tageszusammenfassung - 13.10.2023
Daily end-of-shift report
team at cert.at
Fri Oct 13 18:07:48 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 12-10-2023 18:00 − Freitag 13-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Ransomware attacks now target unpatched WS_FTP servers ∗∗∗
---------------------------------------------
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-attacks-now-target-unpatched-ws-ftp-servers/
∗∗∗ FBI shares AvosLocker ransomware technical details, defense tips ∗∗∗
---------------------------------------------
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-shares-avoslocker-ransomware-technical-details-defense-tips/
∗∗∗ An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit ∗∗∗
---------------------------------------------
In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link.
---------------------------------------------
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
∗∗∗ DarkGate Malware Spreading via Messaging Services Posing as PDF Files ∗∗∗
---------------------------------------------
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware.
---------------------------------------------
https://thehackernews.com/2023/10/darkgate-malware-spreading-via.html
∗∗∗ GNOME what Im sayin? - GNOME libcue 0-click vulnerability ∗∗∗
---------------------------------------------
Am 10. Oktober wurde CVE-2023-43641 veröffentlicht, eine 0-click out-of-bounds array access Schwachstelle in libcue. GNOME verwendet diese Library zum Parsen von cuesheets beim Indizieren von Dateien für die Suchfunktion. Wie schlimm ist es?
---------------------------------------------
https://cert.at/de/blog/2023/10/gnome-what-im-sayin-gnome-libcue-0-click-vulnerability
∗∗∗ WordPress 6.3.2 Security Release – What You Need to Know ∗∗∗
---------------------------------------------
WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities.
---------------------------------------------
https://www.wordfence.com/blog/2023/10/wordpress-6-3-2-security-release-what-you-need-to-know/
∗∗∗ Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malwares ∗∗∗
---------------------------------------------
Because the Lazarus threat group has been active since a long time ago, there are many attack cases and various malware strains are used in each case. In particular, there is also a wide variety of backdoors used for controlling the infected system after initial access. AhnLab Security Emergency response Center (ASEC) is continuously tracking and analyzing attacks by the Lazarus group, and in this post, we will analyze Volgmer and Scout, the two major malware strains used in their attacks.
---------------------------------------------
https://asec.ahnlab.com/en/57685/
=====================
= Vulnerabilities =
=====================
∗∗∗ Apple fixes iOS Kernel zero-day vulnerability on older iPhones ∗∗∗
---------------------------------------------
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/apple-fixes-ios-kernel-zero-day-vulnerability-on-older-iphones/
∗∗∗ Caching-Proxy: 35 Schwachstellen in Squid schon mehr als 2 Jahre ungepatcht ∗∗∗
---------------------------------------------
Anfang 2021 hatte ein Sicherheitsforscher 55 Schwachstellen an das Entwicklerteam von Squid gemeldet. Ein Großteil ist noch offen.
---------------------------------------------
https://www.golem.de/news/caching-proxy-35-schwachstellen-in-squid-schon-mehr-als-2-jahre-ungepatcht-2310-178469.html
∗∗∗ Schwere Sicherheitslücken in Monitoring-Software Zabbix behoben ∗∗∗
---------------------------------------------
In verschiedenen Komponenten der Monitoringsoftware Zabbix klafften kritische Sicherheitslücken, die Angreifern die Ausführung eigenen Codes ermöglichen.
---------------------------------------------
https://www.heise.de/news/Schwere-Sicherheitsluecken-in-Monitoring-Software-Zabbix-behoben-9333656.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, tomcat9, and webkit2gtk), Fedora (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), Oracle (kernel, libvpx, and thunderbird), Red Hat (bind and galera, mariadb), SUSE (exiv2, go1.20, go1.21, and kernel), and Ubuntu (ffmpeg).
---------------------------------------------
https://lwn.net/Articles/947710/
∗∗∗ cURL and libcurl Vulnerability Affecting Cisco Products: October 2023 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Nextcloud Security Advisory: Improper restriction of excessive authentication attempts on WebDAV endpoint ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9
∗∗∗ K000137229 : BIND vulnerability CVE-2022-38178 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137229
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list