End-of-Day report
Timeframe: Mittwoch 18-10-2023 18:00 - Donnerstag 19-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Money-making scripts attack organizations
Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems.
https://securelist.com/miner-keylogger-backdoor-attack-b2b/110761/
HasMySecretLeaked findet auf GitHub veröffentlichte Secrets
Wer prüfen möchte, ob seine Secrets auf GitHub geleakt sind, kann das kostenfreie Toolset von GitGuardian nutzen. Es soll dabei private Daten schützen.
https://www.heise.de/news/Security-Toolset-HasMySecretLeaked-sucht-auf-GitHub-veroeffentlichte-Secrets-9338326.html
Public Report - Caliptra Security Assessment
During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. Caliptra is an open-source silicon IP block for datacenter-focused server-class ASICs.
https://research.nccgroup.com/2023/10/18/public-report-caliptra-security-assessment/
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US.
https://www.securityweek.com/number-of-cisco-devices-hacked-via-unpatched-vulnerability-increases-to-40000/
Ein PayPal-Tonband ruft an? Drücken Sie nicht die 1!
Eine unbekannte Nummer erscheint am Smartphone-Bildschirm. Sie heben ab und eine Roboterstimme meldet sich im Namen PayPals. Angeblich soll Geld von Ihrem PayPal-Konto behoben werden. Um das zu verhindern, sollen Sie die Taste -1- drücken. Tun Sie dies nicht - Kriminelle versuchen, Ihnen dadurch Geld und Daten zu stehlen.
https://www.watchlist-internet.at/news/ein-paypal-tonband-ruft-an-druecken-sie-nicht-die-1/
Es cyberwart wieder. Oder so.
Wie schon zu Beginn des Krieges in der Ukraine vor inzwischen eineinhalb Jahren kam es auch kurz nach den Ereignissen, die am 07.10.2023 Israel erschüttert haben, relativ schnell zu Berichten über die mögliche Rolle von Cyberangriffen in diesem Konflikt.
https://cert.at/de/blog/2023/10/es-cyberwart-wieder-oder-so
Hackers Exploit QR Codes with QRLJacking for Malware Distribution
Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks.
https://www.hackread.com/hackers-exploit-qr-codes-qrljacking-malware/
CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published -Phishing Guidance, Stopping the Attack Cycle at Phase One- to help organizations reduce likelihood and impact of successful phishing attacks.
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-ms-isac-publish-guide-preventing-phishing-intrusions
Exploited SSH Servers Offered in the Dark web as Proxy Pools
Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it.
https://blog.aquasec.com/threat-alert-exploited-ssh-servers-offered-in-the-dark-web-as-proxy-pools
Vulnerabilities
Casio discloses data breach impacting customers in 149 countries
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-impacting-customers-in-149-countries/
Sophos Firewall: PDF-Passwortschutz der SPX-Funktion umgehbar
Sophos verteilt aktualisierte Firmware für die Firewalls. Im Secure PDF eXchange können Angreifer den Schutz umgehen und unbefugt PDF-Dateien entschlüsseln.
https://www.heise.de/news/Sophos-Firewall-PDF-Passwortschutz-der-SPX-Funktion-umgehbar-9338226.html
Security updates for Thursday
Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).
https://lwn.net/Articles/948246/
ZDI-23-1568: NI Measurement & Automation Explorer Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1568/
ZDI-23-1567: SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1567/
ZDI-23-1566: SolarWinds Access Rights Manager GetParameterFormTemplateWithSelectionState Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1566/
ZDI-23-1565: SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1565/
ZDI-23-1564: SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1564/
ZDI-23-1563: SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1563/
ZDI-23-1562: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1562/
ZDI-23-1561: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1561/
ZDI-23-1560: SolarWinds Access Rights Manager IFormTemplate Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1560/
Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe
Technical Advisory - Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/