Tageszusammenfassung - 25.03.2022

End-of-Day report

Timeframe: Donnerstag 24-03-2022 18:00 - Freitag 25-03-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a


Phishing kits constantly evolve to evade security software

Modern phishing kits sold on cybercrime forums as off-the-shelve packages feature multiple and sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions wont mark them as a threat.


Malicious Microsoft Excel add-ins used to deliver RAT malware

Researchers report a new version of the JSSLoader remote access trojan being distributed via malicious Microsoft Excel addins.


Racing against the clock -- hitting a tiny kernel race window

This is a writeup of how I managed to hit the race on a normal Linux desktop kernel, with a hit rate somewhere around 30% if the proof of concept has been tuned for the specific machine.


XLSB Files: Because Binary is Stealthier Than XML, (Fri, Mar 25th)

In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one...


Linux-Malware bedroht Windows

Es taucht immer mehr Malware auf, die das Windows Subsytem for Linux (WSL) als Einfallstor nutzen. Die Gefahr steigt, warnen Sicherheitsforscher.


Mining data from Cobalt Strike beacons

Since we published about identifying Cobalt Strike Team Servers in the wild just over three years ago, we-ve collected over 128,000 beacons from over 24,000 active Team Servers.


E-Mails mit Anschuldigungen der Polizei sind Fake!

Auch Sie haben ein E-Mail von der Polizei oder dem Bundeskriminalamt erhalten, das Sie der Kinderpornografie, Pädophilie und des Exhibitionismus beschuldigt? Das E-Mail ist fake, die Anschuldigungen frei erfunden. Antworten Sie nicht und löschen Sie die Nachricht am besten.


Crypto malware in patched wallets targeting Android and iOS devices

ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets.



URL rendering trick enabled WhatsApp, Signal, iMessage phishing

A set of flaws affecting the worlds leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years.


Western Digital schließt Root-Schadcode-Lücke in My-Cloud-Netzwerkspeichern

Es gibt ein wichtiges Sicherheitsupdate für verschiedene NAS-Modelle von Western Digital.


Security updates for Friday

Security updates have been issued by Debian (tiff), Fedora (nicotine+ and openvpn), openSUSE (bind, libarchive, python3, and slirp4netns), Oracle (cyrus-sasl, httpd, httpd:2.4, and openssl), Red Hat (httpd and httpd:2.4), Scientific Linux (httpd), SUSE (bind, libarchive, python3, and slirp4netns), and Ubuntu (firefox).


ZDI-22-538: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability


ZDI-22-537: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability


ZDI-22-536: (0Day) Electronic Arts Origin Web Helper Service Link Following Privilege Escalation Vulnerability


ZDI-22-541: (0Day) Array Networks MotionPro Buffer Overflow Remote Code Execution Vulnerability


Security Bulletin: Vulnerability in AIX nimsh (CVE-2022-22351)


Security Bulletin: IBM QRadar Network Security is affected by denial of service vulnerabilities in OpenSSL (CVE-2021-23840, CVE-2021-23841)


Security Bulletin: IBM QRadar Network Security is affected by an OpenSSL vulnerability (CVE-2021-3712)


Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021


Atlassian Confluence: Schwachstelle ermöglicht Codeausführung