Tageszusammenfassung - 24.10.2023

End-of-Day report

Timeframe: Montag 23-10-2023 18:00 - Dienstag 24-10-2023 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer


Log in With... Feature Allows Full Online Account Takeover for Millions

Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires - and other online services likely have the same problems.


Hostile Takeover: Malicious Ads via Facebook

Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone elses name and at the expense of those affected.


Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

In this report, we share our latest crimeware findings: GoPIX targeting PIX payment system; Lumar stealing files and passwords; Rhysida ransomware supporting old Windows.


Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts.


Citrix Bleed: Leaking Session Tokens with CVE-2023-4966

We were interested in CVE-2023-4966, which was described as "sensitive information disclosure" and had a CVSS score of 9.4. The high score for an information disclosure vulnerability and the mention of "buffer-related vulnerabilities" piqued our interest.


Best Practices for Writing Quality Vulnerability Reports

How to write great vulnerability reports? If you-re a security consultant, penetration tester or a bug bounty hunter, these tips are for you!


Kriminelle verbreiten falsche Ryanair-Telefonnummern

Vorsicht, wenn Sie im Internet nach einer Telefonnummer von Ryanair suchen. Kriminelle stellen Webseiten mit falschen Nummern ins Netz. Wenn Sie bei der falschen Ryanair-Servicehotline anrufen, stehlen Kriminelle Ihnen sensible Daten und Geld.


LOLBin mit WorkFolders.exe unter Windows

Die legitime Windows-Anwendung WorkFolders.exe lässt sich verwenden, um andere .exe-Programme im Windows-Ordner System32 oder im aktuellen Ordner zu starten. Dies ermöglicht Malware sogenannte LOLBin-Angriffe, bei der legitime Betriebssystemdateien zur Ausführung von Schadprogrammen missbraucht werden.


The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

The highly anticipated Common Vulnerability Scoring System (CVSS) version 4 is planned to be released on October 31st by the Forum of Incident Response and Security Teams (FIRST).



VMware warns admins of public exploit for vRealize RCE flaw

VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).


Viele Systeme längst kompromittiert: Cisco stellt Patches für IOS XE bereit

Durch Schwachstellen in der Betriebssoftware IOS XE sind weltweit Zehntausende von Cisco-Geräten infiltriert worden. Jetzt gibt es erste Patches.


CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

Orthanc is an open source software to manage, exchange and visualize medical imaging data. In versions < 1.12.0, it is affected by an arbitrary file overwrite vulnerability (CVE-2023-33466) that might allow an authenticated attacker to obtain RCE on the system.


Proxy: Squid-Entwickler dichten teils kritische Lecks in Version 6.4 ab

Mit Squid 6.4 haben die Entwickler eine um vier Sicherheitslücken bereinigte Version des Proxy-Servers vorgelegt. Es klaffen jedoch weitere Lücken darin.


Lücke in LiteSpeed-Cache-Plug-in gefährdet 4 Millionen WordPress-Websites

Angreifer können WordPress-Websites mit Schadcode-Skripten verseuchen. Ein Sicherheitsupdate repariert das LiteSpeed-Cache-Plug-in.


Sicherheitsupdates: Firefox-Browser anfällig für Clickjacking-Attacken

Mozilla hat in aktuellen Versionen von Firefox und Firefox ESR mehrere Sicherheitsprobleme gelöst.


Security updates for Tuesday

Security updates have been issued by Debian (ceph and dbus), Fedora (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), Mageia (libcue), Oracle (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), Red Hat (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), SUSE (fwupdate, gcc13, icu73_2, netty, netty-tcnative, and xen), and Ubuntu [...]


IBM Security Bulletins


Vulnerability in SICK Flexi Soft Gateway


Rockwell Automation Stratix 5800 and Stratix 5200