End-of-Day report
Timeframe: Donnerstag 05-10-2023 18:00 - Freitag 06-10-2023 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
News
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Librarys dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
https://www.bleepingcomputer.com/news/security/exploits-released-for-linux-flaw-giving-root-on-major-distros/
Jetzt patchen! Exploits für glibc-Lücke öffentlich verfügbar
Nachdem der Bug in der Linux-Bibliothek glibc am vergangenen Dienstag bekannt wurde, sind nun zuverlässig funktionierende Exploits aufgetaucht.
https://www.heise.de/-9326518
Finanzbetrug per Telefon: Ignorieren Sie Anrufer:innen, die Sie zu Investitionen überreden wollen
Finanzbetrug ist ein lukratives Geschäft. Der finanzielle Schaden für die Betroffenen ist oft enorm. Gleichzeitig ist der Finanzmarkt streng reguliert, um Betrug in diesem Bereich zu erschweren. Das ist mit ein Grund, wieso Betrüger:innen immer wieder neue Wege finden, um an ihre Opfer zu kommen. Aktuell berichten unsere Leser:innen vermehrt davon, dass sie von Kriminellen angerufen und direkt am Telefon zu Investments überredet werden.
https://www.watchlist-internet.at/news/finanzbetrug-per-telefon-ignorieren-sie-anruferinnen-die-sie-zu-investitionen-ueberreden-wollen/
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
In this article, we will discuss this issue of how malware authors use obfuscation to make analyzing their Android malware more challenging. We will review two such case studies to illustrate those obfuscation techniques in action. Finally, we-ll cover some overall techniques researchers can use to address these obstacles.
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
Microsoft: Human-operated ransomware attacks tripled over past year
Human-operated ransomware attacks are up more than 200% since September 2022, according to researchers from Microsoft, who warned that it could represent a shift in the cybercrime underground.
https://therecord.media/human-operated-ransomware-attacks-report-microsoft
New tool: le-hex-to-ip.py, (Thu, Oct 5th)
So, this week it is my privilege to be TA-ing for Taz Wake for the beta run of his new class FOR577: Linux Incident Response and Threat Hunting. We were looking in the linux /proc filesystem and were noticing in the /proc//net/{tcp/udp/icmp/...} that the IP addresses were listed in hex, but little-endian. I immediately remembered Didier's Handler's Diary from last week about the IPs in the event logs that were in decimal and little endian.
https://isc.sans.edu/diary/rss/30284
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
Vulnerabilities
Sicherheitsupdate: Root-Lücke bedroht Dell SmartFabric Storage Software
Dell hat mehrere gefährliche Sicherheitslücken in SmartFabric Storage Software geschlossen.
https://www.heise.de/-9326738
Security updates for Friday
Security updates have been issued by Debian (grub2, libvpx, libx11, libxpm, and qemu), Fedora (firefox, matrix-synapse, tacacs, thunderbird, and xrdp), Oracle (glibc), Red Hat (bind, bind9.16, firefox, frr, ghostscript, glibc, ImageMagick, libeconf, python3.11, python3.9, and thunderbird), Scientific Linux (ImageMagick), SUSE (kernel, libX11, and tomcat), and Ubuntu (linux-hwe-5.15, linux-oracle-5.15).
https://lwn.net/Articles/946848/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/