End-of-Day report
Timeframe: Donnerstag 12-10-2023 18:00 - Freitag 13-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks.
https://www.bleepingcomputer.com/news/security/ransomware-attacks-now-target-unpatched-ws-ftp-servers/
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
https://www.bleepingcomputer.com/news/security/fbi-shares-avoslocker-ransomware-technical-details-defense-tips/
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link.
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware.
https://thehackernews.com/2023/10/darkgate-malware-spreading-via.html
GNOME what Im sayin? - GNOME libcue 0-click vulnerability
Am 10. Oktober wurde CVE-2023-43641 veröffentlicht, eine 0-click out-of-bounds array access Schwachstelle in libcue. GNOME verwendet diese Library zum Parsen von cuesheets beim Indizieren von Dateien für die Suchfunktion. Wie schlimm ist es?
https://cert.at/de/blog/2023/10/gnome-what-im-sayin-gnome-libcue-0-click-vulnerability
WordPress 6.3.2 Security Release - What You Need to Know
WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities.
https://www.wordfence.com/blog/2023/10/wordpress-6-3-2-security-release-what-you-need-to-know/
Analysis Report on Lazarus Threat Group-s Volgmer and Scout Malwares
Because the Lazarus threat group has been active since a long time ago, there are many attack cases and various malware strains are used in each case. In particular, there is also a wide variety of backdoors used for controlling the infected system after initial access. AhnLab Security Emergency response Center (ASEC) is continuously tracking and analyzing attacks by the Lazarus group, and in this post, we will analyze Volgmer and Scout, the two major malware strains used in their attacks.
https://asec.ahnlab.com/en/57685/
Vulnerabilities
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.
https://www.bleepingcomputer.com/news/security/apple-fixes-ios-kernel-zero-day-vulnerability-on-older-iphones/
Caching-Proxy: 35 Schwachstellen in Squid schon mehr als 2 Jahre ungepatcht
Anfang 2021 hatte ein Sicherheitsforscher 55 Schwachstellen an das Entwicklerteam von Squid gemeldet. Ein Großteil ist noch offen.
https://www.golem.de/news/caching-proxy-35-schwachstellen-in-squid-schon-mehr-als-2-jahre-ungepatcht-2310-178469.html
Schwere Sicherheitslücken in Monitoring-Software Zabbix behoben
In verschiedenen Komponenten der Monitoringsoftware Zabbix klafften kritische Sicherheitslücken, die Angreifern die Ausführung eigenen Codes ermöglichen.
https://www.heise.de/news/Schwere-Sicherheitsluecken-in-Monitoring-Software-Zabbix-behoben-9333656.html
Security updates for Friday
Security updates have been issued by Debian (chromium, tomcat9, and webkit2gtk), Fedora (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), Oracle (kernel, libvpx, and thunderbird), Red Hat (bind and galera, mariadb), SUSE (exiv2, go1.20, go1.21, and kernel), and Ubuntu (ffmpeg).
https://lwn.net/Articles/947710/
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Nextcloud Security Advisory: Improper restriction of excessive authentication attempts on WebDAV endpoint
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9
K000137229 : BIND vulnerability CVE-2022-38178
https://my.f5.com/manage/s/article/K000137229