[CERT-daily] Tageszusammenfassung - 29.01.2024
Daily end-of-shift report
team at cert.at
Mon Jan 29 18:29:07 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 26-01-2024 18:00 − Montag 29-01-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Token-Leak: Quellcode von Mercedes-Benz lag wohl frei zugänglich im Netz ∗∗∗
---------------------------------------------
Ein Authentifizierungstoken von Mercedes-Benz lag wohl für mehrere Monate in einem öffentlichen Github-Repository - mit weitreichenden Zugriffsrechten.
---------------------------------------------
https://www.golem.de/news/token-leak-quellcode-von-mercedes-benz-lag-wohl-frei-zugaenglich-im-netz-2401-181606.html
∗∗∗ Exploit Flare Up Against Older Altassian Confluence Vulnerability, (Mon, Jan 29th) ∗∗∗
---------------------------------------------
Last October, Atlassian released a patch for CVE-2023-22515 [1]. This vulnerability allowed attackers to create new admin users in Confluence. Today, I noticed a bit a "flare up" in a specific exploit variant.
---------------------------------------------
https://isc.sans.edu/diary/rss/30600
∗∗∗ Trusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks ∗∗∗
---------------------------------------------
In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing attacks. Cybercriminals continue to adapt and employ more sophisticated methods to effectively deceive users and bypass detection measures. One of the most prevalent tactics nowadays involves exploiting legitimate platforms for redirection through deceptive links. In this blog post, well explore how trusted platforms are increasingly being exploited as redirectors, [...]
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trusted-domain-hidden-danger-deceptive-url-redirections-in-email-phishing-attacks/
∗∗∗ Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang ∗∗∗
---------------------------------------------
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said its being propagated by means of an infection that delivers a Microsoft Excel document (.XLAM) containing a VBA script.
---------------------------------------------
https://thehackernews.com/2024/01/albabat-kasseika-kuiper-new-ransomware.html
∗∗∗ Jetzt updaten! Exploits für kritische Jenkins-Sicherheitslücke im Umlauf ∗∗∗
---------------------------------------------
Für die in der vergangenen Woche bekanntgewordene kritische Sicherheitslücke in Jenkins ist Exploit-Code aufgetaucht. Höchste Zeit zum Aktualisieren!
---------------------------------------------
https://www.heise.de/-9611923.html
∗∗∗ Erpressung in Südwestfalen: Akira kam mit geratenem Passwort ins kommunale Netz ∗∗∗
---------------------------------------------
Ein nun vorliegender forensischer Bericht stellt dem kommunalen IT-Verbund ein mittelprächtiges Zeugnis aus. Die Krisenbewältigung läuft weiter.
---------------------------------------------
https://www.heise.de/-9610102.html
∗∗∗ 10 things to do to improve your online privacy ∗∗∗
---------------------------------------------
Its Data Privacy Week so here are 10 tips from our VP of Consumer Privacy, Oren Arar, about how to stay private online.
---------------------------------------------
https://www.malwarebytes.com/blog/personal/2024/01/10-things-to-do-to-improve-your-online-privacy
∗∗∗ So werden Sie bei der Wohnungssuche abgezockt ∗∗∗
---------------------------------------------
Zentrale Lage, frisch renoviert, hochwertige Möbel - und das vergleichsweise günstig. Wer auf Wohnungssuche ist, stößt früher oder später auf ein solches Angebot und ist überwältigt. Leider handelt es sich hierbei sehr wahrscheinlich um ein betrügerisches Inserat. Kriminelle versuchen Ihnen mit einmaligen Angeboten, Vorauszahlungen zu entlocken. Wir zeigen Ihnen, wie Sie bei der Wohnungssuche nicht betrogen werden.
---------------------------------------------
https://www.watchlist-internet.at/news/so-werden-sie-bei-der-wohnungssuche-abgezockt/
∗∗∗ Akira Ransomware and exploitation of Cisco Anyconnect vulnerability CVE-2020-3259 ∗∗∗
---------------------------------------------
In several recent incident response missions, the Truesec CSIRT team made forensic observations indicating that the old vulnerability CVE-2020-3259 is likely to be actively exploited
---------------------------------------------
https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, kernel, LibRaw, python-pillow, and xorg-x11-server), Debian (gst-plugins-bad1.0, libspreadsheet-parsexlsx-perl, mariadb-10.3, and slurm-wlm), Fedora (atril, dotnet8.0, gnutls, prometheus-podman-exporter, python-jinja2, sudo, and vips), Oracle (frr, kernel, php:8.1, python-urllib3, python3.9, rpm, sqlite, and tomcat), Slackware (pam), SUSE (cpio, rear23a, rear27a, sevctl, and xorg-x11-server), and Ubuntu (exim4 and firefox).
---------------------------------------------
https://lwn.net/Articles/959882/
∗∗∗ Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution ∗∗∗
---------------------------------------------
Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-in-watchguard-panda-security-products-lead-to-code-execution/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Trumpf: Multiple products contain WIBU CodeMeter vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2024-001/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list