[CERT-daily] Tageszusammenfassung - 14.03.2024
Daily end-of-shift report
team at cert.at
Thu Mar 14 18:10:40 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 13-03-2024 18:00 − Donnerstag 14-03-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ PixPirate Android malware uses new tactic to hide on phones ∗∗∗
---------------------------------------------
The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pixpirate-android-malware-uses-new-tactic-to-hide-on-phones/
∗∗∗ Increase in the number of phishing messages pointing to IPFS and to R2 buckets, (Thu, Mar 14th) ∗∗∗
---------------------------------------------
Interesting trends do emerge from time to time. One such recent trend seems to be connected with an increased use of IPFS and R2 buckets to host phishing pages.
---------------------------------------------
https://isc.sans.edu/diary/rss/30744
∗∗∗ Breaking Down APT29’s Latest Tactics and How to Defend Against Them ∗∗∗
---------------------------------------------
Recently, the US National Security Agency (NSA) joined United Kingdom’s National Cyber Security Center (NCSC) in releasing an advisory detailing the recent TTPs (or tactics, techniques, and procedures) of the group known as APT29 (or, in other taxonomies of threat actors, Midnight Blizzard, the Dukes, and Cozy Bear).
---------------------------------------------
https://orca.security/resources/blog/how-to-defend-against-apt29-cozy-bear-attacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ A patched Windows attack surface is still exploitable ∗∗∗
---------------------------------------------
In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.
---------------------------------------------
https://securelist.com/windows-vulnerabilities/112232/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium and openvswitch), Fedora (chromium, python-multipart, thunderbird, and xen), Mageia (java-17-openjdk and screen), Red Hat (.NET 7.0, .NET 8.0, kernel-rt, kpatch-patch, postgresql:13, and postgresql:15), Slackware (expat), SUSE (glibc, python-Django, python-Django1, sudo, and vim), and Ubuntu (expat, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-lowlatency, linux-raspi, python-cryptography, texlive-bin, and xorg-server).
---------------------------------------------
https://lwn.net/Articles/965470/
∗∗∗ Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints ∗∗∗
---------------------------------------------
A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints.
---------------------------------------------
https://www.securityweek.com/kubernetes-vulnerability-allows-remote-code-execution-on-windows-endpoints/
∗∗∗ Cisco schließt hochriskante Lücken in IOS XR ∗∗∗
---------------------------------------------
Cisco warnt vor SIcherheitslücken mit teils hohem Risiko im Router-Betriebssystem IOS XR. Updates stehen bereit.
---------------------------------------------
https://heise.de/-9654542
∗∗∗ Schnell upgraden: Problematische Sicherheitslücke in Apples GarageBand ∗∗∗
---------------------------------------------
Neue Funktionen liefert GarageBand 10.4.11 laut Apple nicht. Dafür steckt ein wichtiger Sicherheitsfix drin. Nutzer sollten die macOS-App schnell aktualisieren.
---------------------------------------------
https://heise.de/-9654638
∗∗∗ HP: Viele Laptops und PCs von Codeschmuggel-Lücke betroffen ∗∗∗
---------------------------------------------
Eine BIOS-Sicherheitsfunktion von HP-Laptops und -PCs kann von Angreifern umgangen werden. BIOS-Updates stehen bereit oder werden grad entwickelt.
---------------------------------------------
https://heise.de/-9654678
∗∗∗ VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/488902
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Softing edgeConnector ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
∗∗∗ Mitsubishi Electric MELSEC-Q/L Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
∗∗∗ Delta Electronics DIAEnergie ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list