End-of-Day report
Timeframe: Mittwoch 30-11-2022 18:00 - Donnerstag 01-12-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
New Windows malware scans victims- mobile phones for data to steal
Security researchers found a previously unknown backdoor they call Dophin thats been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage.
https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-victims-mobile-phones-for-data-to-steal/
New DuckLogs malware service claims having thousands of -customers-
A new malware-as-a-service (MaaS) operation named DuckLogs has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host.
https://www.bleepingcomputer.com/news/security/new-ducklogs-malware-service-claims-having-thousands-of-customers-/
Making unphishable 2FA phishable
One of the huge benefits of WebAuthn is that it makes traditional phishing attacks impossible. But what if there was a mechanism for an attacker to direct a user to a legitimate login page, resulting in a happy WebAuthn flow, and obtain valid credentials for that user anyway?
https://mjg59.dreamwidth.org/62175.html
Whats the deal with these router vulnerabilities?, (Thu, Dec 1st)
Earlier today, I was browser recently made public vulnerabilities for tomorrow's version of our @Risk newsletter. What stuck out was a set of about twenty vulnerabilities in Netgear and DLink routers.
https://isc.sans.edu/diary/rss/29288
Sirius XM flaw unlocks so-called smart cars thanks to code flaw
Telematics program doesn't just give you music, but a big security flaw Sirius XMs Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN).
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm
Wie ein Typo kriminellen Machenschaften das Handwerk legt.
https://heise.de/-7363007
Vorsicht, wenn Sie ein SMS von Amazon erhalten
Kriminelle geben sich als Amazon aus und versenden gefälschte Benachrichtigungen. Im SMS steht, dass Ihr Amazon-Konto vorübergehend gesperrt wurde und Sie Informationen aktualisieren müssen. Dafür sollten Sie auf einen Link klicken. Achtung: Der Link führt zu einer gefälschten Login-Seite. Kriminelle stehlen damit Ihre Benutzer- und Kreditkartendaten!
https://www.watchlist-internet.at/news/vorsicht-wenn-sie-ein-sms-von-amazon-erhalten/
LastPass-Kundendaten nach Hack eines Cloud-Speicherdiensts abgezogen (Nov. 2022)
Der Dienst LastPass informierte vor einigen Stunden seine Kunden, dass kürzlich "ungewöhnliche Aktivitäten" bei einem Cloud-Speicherdienst eines Drittanbieters entdeckt wurden.
https://www.borncity.com/blog/2022/12/01/lastpass-kundendaten-nach-hack-eines-cloud-speicherdiensts-abgezogen-nov-2022/
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
https://blog.talosintelligence.com/vulnerability-spotlight-lansweeper-directory-traversal-and-cross-site-scripting-vulnerabilities/
Vulnerabilities
Critical RCE bugs in Android remote keyboard apps with 2M installs
Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution.
https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android-remote-keyboard-apps-with-2m-installs/
IBM Security Bulletins 2022-11-30
IBM API Connect, IBM MQ Operator and Queue manager container images, IBM Security Guardium, IBM Sterling Control Center, IBM Watson Discovery for IBM Cloud Pak for Data, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data.
https://www.ibm.com/blogs/psirt/
Security updates for Thursday
Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd).
https://lwn.net/Articles/916443/
Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062
https://www.drupal.org/sa-contrib-2022-062
Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061
https://www.drupal.org/sa-contrib-2022-061
Social Base - Moderately critical - Access bypass - SA-CONTRIB-2022-060
https://www.drupal.org/sa-contrib-2022-060
Horner Automation Remote Compact Controller
https://us-cert.cisa.gov/ics/advisories/icsa-22-335-02
Replay Angriffe & Darstellung beliebiger Inhalte in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)
https://sec-consult.com/de/vulnerability-lab/advisory/replay-attacks-displaying-arbitrary-contents-in-zhuhai-suny-technology-esl-tag-etag-tech-protocol-electronic-shelf-labels/