Tageszusammenfassung - 01.12.2022

End-of-Day report

Timeframe: Mittwoch 30-11-2022 18:00 - Donnerstag 01-12-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

New Windows malware scans victims- mobile phones for data to steal

Security researchers found a previously unknown backdoor they call Dophin thats been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage.

https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-victims-mobile-phones-for-data-to-steal/


New DuckLogs malware service claims having thousands of -customers-

A new malware-as-a-service (MaaS) operation named DuckLogs has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host.

https://www.bleepingcomputer.com/news/security/new-ducklogs-malware-service-claims-having-thousands-of-customers-/


Making unphishable 2FA phishable

One of the huge benefits of WebAuthn is that it makes traditional phishing attacks impossible. But what if there was a mechanism for an attacker to direct a user to a legitimate login page, resulting in a happy WebAuthn flow, and obtain valid credentials for that user anyway?

https://mjg59.dreamwidth.org/62175.html


Whats the deal with these router vulnerabilities?, (Thu, Dec 1st)

Earlier today, I was browser recently made public vulnerabilities for tomorrow's version of our @Risk newsletter. What stuck out was a set of about twenty vulnerabilities in Netgear and DLink routers.

https://isc.sans.edu/diary/rss/29288


Sirius XM flaw unlocks so-called smart cars thanks to code flaw

Telematics program doesn't just give you music, but a big security flaw Sirius XMs Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN).

https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/


l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm

Wie ein Typo kriminellen Machenschaften das Handwerk legt.

https://heise.de/-7363007


Vorsicht, wenn Sie ein SMS von Amazon erhalten

Kriminelle geben sich als Amazon aus und versenden gefälschte Benachrichtigungen. Im SMS steht, dass Ihr Amazon-Konto vorübergehend gesperrt wurde und Sie Informationen aktualisieren müssen. Dafür sollten Sie auf einen Link klicken. Achtung: Der Link führt zu einer gefälschten Login-Seite. Kriminelle stehlen damit Ihre Benutzer- und Kreditkartendaten!

https://www.watchlist-internet.at/news/vorsicht-wenn-sie-ein-sms-von-amazon-erhalten/


LastPass-Kundendaten nach Hack eines Cloud-Speicherdiensts abgezogen (Nov. 2022)

Der Dienst LastPass informierte vor einigen Stunden seine Kunden, dass kürzlich "ungewöhnliche Aktivitäten" bei einem Cloud-Speicherdienst eines Drittanbieters entdeckt wurden.

https://www.borncity.com/blog/2022/12/01/lastpass-kundendaten-nach-hack-eines-cloud-speicherdiensts-abgezogen-nov-2022/


Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities

Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.

https://blog.talosintelligence.com/vulnerability-spotlight-lansweeper-directory-traversal-and-cross-site-scripting-vulnerabilities/

Vulnerabilities

Critical RCE bugs in Android remote keyboard apps with 2M installs

Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution.

https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android-remote-keyboard-apps-with-2m-installs/


IBM Security Bulletins 2022-11-30

IBM API Connect, IBM MQ Operator and Queue manager container images, IBM Security Guardium, IBM Sterling Control Center, IBM Watson Discovery for IBM Cloud Pak for Data, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data.

https://www.ibm.com/blogs/psirt/


Security updates for Thursday

Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd).

https://lwn.net/Articles/916443/


Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062

https://www.drupal.org/sa-contrib-2022-062


Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061

https://www.drupal.org/sa-contrib-2022-061


Social Base - Moderately critical - Access bypass - SA-CONTRIB-2022-060

https://www.drupal.org/sa-contrib-2022-060


Horner Automation Remote Compact Controller

https://us-cert.cisa.gov/ics/advisories/icsa-22-335-02


Replay Angriffe & Darstellung beliebiger Inhalte in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)

https://sec-consult.com/de/vulnerability-lab/advisory/replay-attacks-displaying-arbitrary-contents-in-zhuhai-suny-technology-esl-tag-etag-tech-protocol-electronic-shelf-labels/