End-of-Day report
Timeframe: Montag 23-01-2023 18:00 - Dienstag 24-01-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as DragonSpark was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia.
https://www.bleepingcomputer.com/news/security/hackers-use-golang-source-code-interpreter-to-evade-detection/
Microsoft 365 to block downloaded Excel XLL add-ins to boost security
Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet.
https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-block-downloaded-excel-xll-add-ins-to-boost-security/
Emotet Malware Makes a Comeback with New Evasion Techniques
The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.
https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html
Identitätsdiebstahl: Erste Hilfe bei Onlinebetrug unter Ihrem Namen
Kriminelle kaufen mit illegal erworbenen Login-Daten auf Ihre Rechnung ein oder posten Beschimpfungen in Ihrem Namen? Das sollten Sie jetzt tun.
https://heise.de/-7452745
A security audit of Git
The Open Source Technology Improvement Fund has announced the completion of a security audit of the Git source.
https://lwn.net/Articles/921067/
OSINT your OT suppliers
There is much talk about supply chain security and reviewing your suppliers for cyber security. But how much information do they intentionally and unintentionally leak about your organisation online?
https://www.pentestpartners.com/security-blog/osint-your-ot-suppliers/
Facebook: E-Bike-Gewinnspiele sind Fake
Mit -Danke- kommentieren und E-Bike gewinnen: Dieses Gewinnspiel macht gerade auf Facebook die Runde. Angeblich haben die Fahrräder kleine Kratzer, die Motoren funktionieren aber einwandfrei. Vorsicht: Das Gewinnspiel ist Fake.
https://www.watchlist-internet.at/news/facebook-e-bike-gewinnspiele-sind-fake/
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.
https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/
Vice Society Ransomware Group Targets Manufacturing Companies
In this blog entry, we-d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.
https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html
A step-by-step introduction to the use of ROP gadgets to bypass DEP
DEP (Data Execution Prevention) is a memory protection feature that allows the system to mark memory pages as non-executable. ROP (Return-oriented programming) is an exploit technique that allows an attacker to execute shellcode with protections such as DEP enabled.
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep/
Vulnerabilities
Sicherheitsupdate: Symantec Endpoint Protection als Sprungbrett für Angreifer
Aufgrund einer Schwachstelle könnten Angreifer Windows-PCs mit Sicherheitssoftware von Symantec attackieren.
https://heise.de/-7468961
iOS 16.3, iPadOS 16.3 und macOS 13.2: Welche Lücken Apple stopft
Erneut bekommen Macs, iPhones und iPads jede Menge Sicherheitsfixes. Zu den Details schweigt sich Apple teilweise mal wieder aus.
https://heise.de/-7469023
Security updates for Tuesday
Security updates have been issued by Debian (kernel and spip), Fedora (kernel), Mageia (chromium-browser-stable, docker, firefox, jpegoptim, nautilus, net-snmp, phoronix-test-suite, php, php-smarty, samba, sdl2, sudo, tor, viewvc, vim, virtualbox, and x11-server), Red Hat (bash, curl, dbus, expat, firefox, go-toolset, golang, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, kpatch-patch, libreoffice, libtasn1, libtiff, libxml2, libXpm, nodejs, nodejs-nodemon, pcs, postgresql-jdbc, [...]
https://lwn.net/Articles/921024/
Critical Vulnerabilities Patched in OpenText Enterprise Content Management System
Several vulnerabilities have been patched in OpenText-s enterprise content management (ECM) product.
https://www.securityweek.com/critical-vulnerabilities-patched-opentext-enterprise-content-management-system/
Pgpool-II vulnerable to information disclosure
https://jvn.jp/en/jp/JVN72418815/
pgAdmin 4 vulnerable to directory traversal
https://jvn.jp/en/jp/JVN01398015/
VMSA-2023-0001
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
XINJE XD
https://us-cert.cisa.gov/ics/advisories/icsa-23-024-01
SOCOMEC MODULYS GP
https://us-cert.cisa.gov/ics/advisories/icsa-23-024-02
IBM WebSphere Application Server traditional container is vulnerable to information disclosure (CVE-2022-43917)
https://www.ibm.com/support/pages/node/6857007
Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
https://www.ibm.com/support/pages/node/6857039
FileNet Content Manager GraphQL jackson-databind security vulnerabilities, affected but not vulnerable
https://www.ibm.com/support/pages/node/6857047
Multiple vulnerabilities in OpenSSL affect AIX
https://www.ibm.com/support/pages/node/6857295