End-of-Day report
Timeframe: Montag 05-12-2022 18:00 - Dienstag 06-12-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Hackers hijack Linux devices using PRoot isolated filesystems
Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.
https://www.bleepingcomputer.com/news/security/hackers-hijack-linux-devices-using-proot-isolated-filesystems/
Sneaky hackers reverse defense mitigations when detected
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.
https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/
Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers., (Tue, Dec 6th)
Since 2014, self-replicating variants of DDoS attacks against routers and Linux-based IoT devices have been rampant. Gafgyt botnets target vulnerable IoT devices and use them to launch large-scale distributed denial-of-service attacks. SOHO and IoT devices are ubiquitous, less likely to have secure configurations or routine patches, and more likely to be at the internet edge.
https://isc.sans.edu/diary/rss/29304
Building A Virtual Machine inside ChatGPT
Did you know, that you can run a whole virtual machine inside of ChatGPT?
https://www.engraved.blog/building-a-virtual-machine-inside/
Exploring Prompt Injection Attacks
Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning.
https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/
Phishing-Mail -Erneut identifizieren- im Namen der WKO ignorieren!
Unternehmerinnen und Unternehmer aufgepasst: Aktuell versenden Kriminelle Phishing-Mails im Namen der Wirtschaftskammer Österreich. Man spielt Ihnen vor, dass eine neuerliche Identifikation notwendig wäre. Ignorieren Sie die Nachricht, denn auf der verlinkten Website eingegebene Daten landen in den Händen Krimineller.
https://www.watchlist-internet.at/news/phishing-mail-erneut-identifizieren-im-namen-der-wko-ignorieren/
Vice Society: Profiling a Persistent Threat to the Education Sector
Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.
https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/
Tractors vs. threat actors: How to hack a farm
Forget pests for a minute. Modern farms also face another - and more insidious - breed of threat.
https://www.welivesecurity.com/2022/12/05/tractors-threat-actors-how-hack-farm/
Vulnerabilities
NETGEAR Nighthawk WiFi6 Router Network Misconfiguration
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers.
https://www.tenable.com/security/research/tra-2022-36
Patchday: Schadcode über Bluetooth auf Android-Geräte schieben
Es gibt wichtige Sicherheitsupdates für Android 10, 11, 12, 12L und 13. Google hat unter anderem vier kritische Lücken geschlossen.
https://heise.de/-7367211
Virenschutz: Rechteausweitung durch Schwachstelle in AVG und Avast
Die Virenscanner von AVG und Avast hätten Angreifern ermöglichen können, ihre Rechte im System auszuweiten. Updates zum Beheben des Fehlers sind verfügbar.
https://heise.de/-7367529
Schwachstelle in Trend Micros Apex One ermöglicht Rechteausweitung
Der Virenschutz Apex One von Trend Micro enthält Sicherheitslücken, durch die Angreifer ihre Rechte ausweiten oder Dateien auf dem System löschen lassen können.
https://heise.de/-7367824
Server-Wartung: Gefährliche BMC-Lücken könnte Supply-Chain-Attacken auslösen
Sicherheitsforscher sind unter anderem auf eine kritische Sicherheitslücke in Baseboard Management Controllern von American Megatrend gestoßen.
https://heise.de/-7367963
Security updates for Tuesday
Security updates have been issued by Ubuntu (binutils and ca-certificates).
https://lwn.net/Articles/917080/
Schwachstelle in Citrix Workspace App for Windows ermöglicht Passwort-Klau
Der Hersteller Citrix warnt seit September 2022 vor einiger Schwachstelle in seiner Citrix Workspace App.
https://www.borncity.com/blog/2022/12/06/schwachstelle-in-citrix-workspace-app-for-windows-ermglicht-passwort-klau/
Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered
Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver.
https://blog.talosintelligence.com/vulnerability-spotlight-nvidia-driver-memory-corruption-vulnerabilities-discovered/
Multiple critical vulnerabilities in ILIAS eLearning platform
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/
XSA-424
https://xenbits.xen.org/xsa/advisory-424.html
XSA-423
https://xenbits.xen.org/xsa/advisory-423.html
Edge 108.0.1462.42 als Sicherheitsupdate
https://www.borncity.com/blog/2022/12/06/edge-108-0-1462-41-42-als-sicherheitsupdates/