End-of-Day report
Timeframe: Montag 16-10-2023 18:00 - Dienstag 17-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Discord still a hotbed of malware activity - Now APTs join the fun
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens.
https://www.bleepingcomputer.com/news/security/discord-still-a-hotbed-of-malware-activity-now-apts-join-the-fun/
A hack in hand is worth two in the bush
We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff.
https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush/110794/
Android Mobile Root Detection - Snake Oil or Silver Bullet?
Android is one of the most widely used mobile operating systems in the world. However, with its widespread use, it is also susceptible to security threats.
https://sec-consult.com/blog/detail/android-mobile-root-detection-snake-oil-or-silver-bullet/
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
NSA has released Elitewolf, a repository of intrusion detection signatures and analytics for OT environments.
https://www.securityweek.com/nsa-publishes-ics-ot-intrusion-detection-signatures-and-analytics/
Betrügerische Spendenorganisationen sammeln Geld für Israel
Kriminelle wissen, dass die Spendenbereitschaft in Krisensituationen besonders hoch ist. Nur wenige Tage nach dem Anschlag in Israel tauchen im Netz betrügerische Spenden-Websiten für Israel auf.
https://www.watchlist-internet.at/news/betruegerische-spendenorganisationen-sammeln-geld-fuer-israel/
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
Principles for ransomware-resistant cloud backups
Helping to make cloud backups resistant to the effects of destructive ransomware.
https://www.ncsc.gov.uk/guidance/principles-for-ransomware-resistant-cloud-backups
Vulnerabilities
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems.
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
Cisco: Schwere Sicherheitslücke in IOS XE ermöglicht Netzwerk-Übernahme
Geräte mit IOS XE und Web-UI können von Angreifern ohne Weiteres aus der Ferne übernommen werden. Cisco hat keine Patches, aber Empfehlungen für Betroffene.
https://www.heise.de/news/Cisco-Schwere-Sicherheitsluecke-in-IOS-XE-erlaubt-Netzwerk-Uebernahme-9336068.html
SonicOS: Angreifer können Sonicwalls abstürzen lassen
Sonicwall hat Updates für SonicOS veröffentlicht, die Sicherheitslücken schließen. Die Lecks erlauben Angreifern, verwundbare Geräte lahmzulegen.
https://www.heise.de/news/SonicOS-Angreifer-koennen-Sonicwalls-abstuerzen-lassen-9336604.html
Security updates for Tuesday
Security updates have been issued by Debian (axis, nghttp2, node-babel7, and tomcat9), Fedora (curl and ghostscript), Oracle (bind, kernel-container, mariadb:10.5, and python3.11), Red Hat (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), SUSE (kernel, libcue, libxml2, python-Django, and python-gevent), and Ubuntu (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba).
https://lwn.net/Articles/948010/
K000137211 : cURL vulnerabilities CVE-2023-38546
https://my.f5.com/manage/s/article/K000137211
Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products
https://cert.vde.com/de/advisories/VDE-2023-047/
WAGO: Multiple products vulnerable to local file inclusion
https://cert.vde.com/de/advisories/VDE-2023-046/
Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products
https://www.cisa.gov/news-events/ics-advisories/icsa-23-290-01
Rockwell Automation FactoryTalk Linx
https://www.cisa.gov/news-events/ics-advisories/icsa-23-290-02
Vulnerability CVE-2023-35116 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
https://www.ibm.com/support/pages/node/7052938
IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)
https://www.ibm.com/support/pages/node/276845
IBM Db2 is vulnerable to denial of service via a specially crafted query on certain databases. (CVE-2023-30987)
https://www.ibm.com/support/pages/node/7047560
Vulnerability in pycrypto-2.6.1.tar.gz affects IBM Integrated Analytics System [CVE-2013-7459, CVE-2018-6594]
https://www.ibm.com/support/pages/node/7053417
Multiple vulnerabilities in OpenSSL affect IBM Observability with Instana (Agent container image)
https://www.ibm.com/support/pages/node/7053623
Remote code execution/denial of service attack is possible in IBM Observability with Instana (Self-hosted on Docker) due to use of Apache Kafka
https://www.ibm.com/support/pages/node/7053643
Due to use of Apache Commons FileUpload and Tomcat, IBM UrbanCode Release is vulnerable to a denial of service.
https://www.ibm.com/support/pages/node/7053627