Tageszusammenfassung - 06.12.2022

End-of-Day report

Timeframe: Montag 05-12-2022 18:00 - Dienstag 06-12-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Hackers hijack Linux devices using PRoot isolated filesystems

Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.

https://www.bleepingcomputer.com/news/security/hackers-hijack-linux-devices-using-proot-isolated-filesystems/


Sneaky hackers reverse defense mitigations when detected

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.

https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/


Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers., (Tue, Dec 6th)

Since 2014, self-replicating variants of DDoS attacks against routers and Linux-based IoT devices have been rampant. Gafgyt botnets target vulnerable IoT devices and use them to launch large-scale distributed denial-of-service attacks. SOHO and IoT devices are ubiquitous, less likely to have secure configurations or routine patches, and more likely to be at the internet edge.

https://isc.sans.edu/diary/rss/29304


Building A Virtual Machine inside ChatGPT

Did you know, that you can run a whole virtual machine inside of ChatGPT?

https://www.engraved.blog/building-a-virtual-machine-inside/


Exploring Prompt Injection Attacks

Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning.

https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/


Phishing-Mail -Erneut identifizieren- im Namen der WKO ignorieren!

Unternehmerinnen und Unternehmer aufgepasst: Aktuell versenden Kriminelle Phishing-Mails im Namen der Wirtschaftskammer Österreich. Man spielt Ihnen vor, dass eine neuerliche Identifikation notwendig wäre. Ignorieren Sie die Nachricht, denn auf der verlinkten Website eingegebene Daten landen in den Händen Krimineller.

https://www.watchlist-internet.at/news/phishing-mail-erneut-identifizieren-im-namen-der-wko-ignorieren/


Vice Society: Profiling a Persistent Threat to the Education Sector

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/


Tractors vs. threat actors: How to hack a farm

Forget pests for a minute. Modern farms also face another - and more insidious - breed of threat.

https://www.welivesecurity.com/2022/12/05/tractors-threat-actors-how-hack-farm/

Vulnerabilities

NETGEAR Nighthawk WiFi6 Router Network Misconfiguration

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers.

https://www.tenable.com/security/research/tra-2022-36


Patchday: Schadcode über Bluetooth auf Android-Geräte schieben

Es gibt wichtige Sicherheitsupdates für Android 10, 11, 12, 12L und 13. Google hat unter anderem vier kritische Lücken geschlossen.

https://heise.de/-7367211


Virenschutz: Rechteausweitung durch Schwachstelle in AVG und Avast

Die Virenscanner von AVG und Avast hätten Angreifern ermöglichen können, ihre Rechte im System auszuweiten. Updates zum Beheben des Fehlers sind verfügbar.

https://heise.de/-7367529


Schwachstelle in Trend Micros Apex One ermöglicht Rechteausweitung

Der Virenschutz Apex One von Trend Micro enthält Sicherheitslücken, durch die Angreifer ihre Rechte ausweiten oder Dateien auf dem System löschen lassen können.

https://heise.de/-7367824


Server-Wartung: Gefährliche BMC-Lücken könnte Supply-Chain-Attacken auslösen

Sicherheitsforscher sind unter anderem auf eine kritische Sicherheitslücke in Baseboard Management Controllern von American Megatrend gestoßen.

https://heise.de/-7367963


Security updates for Tuesday

Security updates have been issued by Ubuntu (binutils and ca-certificates).

https://lwn.net/Articles/917080/


Schwachstelle in Citrix Workspace App for Windows ermöglicht Passwort-Klau

Der Hersteller Citrix warnt seit September 2022 vor einiger Schwachstelle in seiner Citrix Workspace App.

https://www.borncity.com/blog/2022/12/06/schwachstelle-in-citrix-workspace-app-for-windows-ermglicht-passwort-klau/


Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver.

https://blog.talosintelligence.com/vulnerability-spotlight-nvidia-driver-memory-corruption-vulnerabilities-discovered/


Multiple critical vulnerabilities in ILIAS eLearning platform

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/


XSA-424

https://xenbits.xen.org/xsa/advisory-424.html


XSA-423

https://xenbits.xen.org/xsa/advisory-423.html


Edge 108.0.1462.42 als Sicherheitsupdate

https://www.borncity.com/blog/2022/12/06/edge-108-0-1462-41-42-als-sicherheitsupdates/