Tageszusammenfassung - 09.10.2023

End-of-Day report

Timeframe: Freitag 06-10-2023 18:00 - Montag 09-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

HelloKitty ransomware source code leaked on hacking forum

A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor.

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/

High-Severity Flaws in ConnectedIOs 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIOs ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data.

https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html

Turn OFF This WatchGuard Feature - GuardLapse

Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuards SSO does under certain circumstances.

https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/

Amazon Prime email scammer snatches defeat from the jaws of victory

A very convincing Amazon Prime scam landed in our mail server today and...went straight to spam. Heres why.

https://www.malwarebytes.com/blog/news/2023/10/amazon-prime

Credential Harvesting Campaign Targets Unpatched NetScaler Instances

Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.

https://www.securityweek.com/credential-harvesting-campaign-targets-unpatched-netscaler-instances/

The reality of Apple watch pen testing

We were approached to do an Apple Watch application test. It seems this isn-t a standard service offered by most companies (including us, although we-ve done plenty of work [...]

https://www.pentestpartners.com/security-blog/the-reality-of-apple-watch-pen-testing/

Immer wieder Abo-Fallen bei IQ-Tests wie auf iq-fast.com/de!

Wer einen IQ-Test durchführen möchte, findet im Internet unzählige Angebote dafür. Auch iq-fast.com/de lockt mit einem entsprechenden Test auf die eigene Website. Abgesehen von der minderwertigen Qualität des dort angebotenen Tests, der lediglich aus 20 Fragen besteht, führt eine Eingabe der Kreditkartendaten nicht zum Erhalt sinnvoller Ergebnisse, sondern in eine Abo-Falle!

https://www.watchlist-internet.at/news/immer-wieder-abo-fallen-bei-iq-tests-wie-auf-iq-fastcom-de/

Fake friends and followers on social media - and how to spot them

One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren-t who they claim to be. Here-s how to recognize them.

https://www.welivesecurity.com/en/social-media/fake-friends-followers-social-media-how-spot-them/

Android TV Boxes Infected with Backdoors, Compromising Home Networks

The Android TV box you recently purchased may be riddled with harmful backdoors.

https://www.hackread.com/android-tv-boxes-backdoors-home-networks/

Vulnerabilities

Security updates for Monday

Security updates have been issued by Debian (freerdp2, gnome-boxes, grub2, inetutils, lemonldap-ng, prometheus-alertmanager, python-urllib3, thunderbird, and vinagre), Fedora (freeimage, fwupd, libspf2, mingw-freeimage, thunderbird, and vim), Gentoo (c-ares, dav1d, Heimdal, man-db, and Oracle VirtualBox), Oracle (bind, bind9.16, firefox, ghostscript, glibc, ImageMagick, and thunderbird), Slackware (netatalk), SUSE (ImageMagick, nghttp2, poppler, python, python-gevent, and yq), and Ubuntu (bind9 and vim).

https://lwn.net/Articles/947117/