[CERT-daily] Tageszusammenfassung - 26.02.2024
Daily end-of-shift report
team at cert.at
Mon Feb 26 18:17:36 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 23-02-2024 18:00 − Montag 26-02-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Hijacked subdomains of major brands used in massive spam campaign ∗∗∗
---------------------------------------------
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. [..] As these domains belong to trusted companies, they gain the benefit of being able to bypass spam filters and, in some cases, take advantage of configured SPF and DKIM email policies that tell secure email gateways that the emails are legitimate and not spam.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/
∗∗∗ New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT ∗∗∗
---------------------------------------------
Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader.
---------------------------------------------
https://thehackernews.com/2024/02/new-idat-loader-attacks-using.html
∗∗∗ Actively exploited open redirect in Google Web Light ∗∗∗
---------------------------------------------
An open redirect vulnerability exists in the remains of Google Web Light service, which is being actively exploited in multiple phishing campaigns. Google decided not to fix it, so it might be advisable to block access to the Web Light domain in corporate environments.
---------------------------------------------
https://untrustednetwork.net/en/2024/02/26/google-open-redirect/
∗∗∗ Webinar: Wie schütze ich mich vor Identitätsdiebstahl? ∗∗∗
---------------------------------------------
n diesem Webinar schauen wir uns aktuelle Betrugsmaschen an und besprechen Tools, mit denen man sicherer im Internet unterwegs ist.
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-wie-schuetze-ich-mich-vor-identitaetsdiebstahl/
∗∗∗ Mattermost: Support for Extended Support Release 8.1 is ending soon ∗∗∗
---------------------------------------------
As of May 15, 2024, Mattermost Extended Support Release (ESR) version 8.1 will no longer be supported. If any of your servers are not on ESR 9.5 or later, upgrading is recommended.
---------------------------------------------
https://mattermost.com/blog/support-for-extended-support-release-8-1-is-ending-soon/
∗∗∗ SVR Cyber Actors Adapt Tactics for Initial Cloud Access ∗∗∗
---------------------------------------------
This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a
∗∗∗ Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) ∗∗∗
---------------------------------------------
AhnLab SEcurity intelligence Center (ASEC) recently discovered that Nood RAT is being used in malware attacks. Nood RAT is a variant of Gh0st RAT that works in Linux. Although the number of Gh0st RAT for Linux is fewer compared to Gh0st RAT for Windows, the cases of Gh0st RAT for Linux are continuously being collected.
---------------------------------------------
https://asec.ahnlab.com/en/62144/
∗∗∗ Ransomware Roundup – Abyss Locker ∗∗∗
---------------------------------------------
FortiGuard Labs highlights the Abyss Locker ransomware group that steals information from victims and encrypts files for financial gain.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/ransomware-roundup-abyss-locker
∗∗∗ Ransomware: LockBit gibt Fehler zu, plant Angriffe auf staatliche Einrichtungen ∗∗∗
---------------------------------------------
Die Ransomware-Gruppe LockBit gesteht Fehler aus Faulheit ein, macht sich über das FBI lustig und will Angriffe auf staatliche Einrichtungen intensivieren.
---------------------------------------------
https://heise.de/-9638063
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gnutls28, iwd, libjwt, and thunderbird), Fedora (chromium, expat, mingw-expat, mingw-openexr, mingw-python3, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtquickcontrols2, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, mingw-qt5-qttranslations, mingw-qt5-qtwebchannel, mingw-qt5-qtwebsockets, mingw-qt5-qtwinextras, mingw-qt5-qtxmlpatterns, and thunderbird), Gentoo (btrbk, Glances, and GNU Aspell), Mageia (clamav and xen, qemu and libvirt), Oracle (firefox and postgresql), Red Hat (firefox, opensc, postgresql:10, postgresql:12, postgresql:13, postgresql:15, thunderbird, and unbound), SUSE (firefox, java-1_8_0-ibm, libxml2, and thunderbird), and Ubuntu (binutils, linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-oracle, linux-raspi, linux-starfive, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux-azure, linux-oem-6.1, and roundcube).
---------------------------------------------
https://lwn.net/Articles/963725/
∗∗∗ Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin ∗∗∗
---------------------------------------------
The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.
---------------------------------------------
https://www.securityweek.com/critical-flaw-in-popular-ultimate-member-wordpress-plugin/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Local Privilege Escalation via DLL Hijacking im Qognify VMS Client Viewer ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-via-dll-hijacking-im-qognify-vms-client-viewer/
∗∗∗ F5: K000138695 : OpenSSL vulnerability CVE-2024-0727 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000138695
∗∗∗ F5: K000138682 : libssh vulnerability CVE-2023-2283 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000138682
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list