End-of-Day report
Timeframe: Donnerstag 02-11-2023 18:00 - Freitag 03-11-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
New macOS KandyKorn malware targets cryptocurrency engineers
A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-targets-cryptocurrency-engineers/
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/
Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
https://www.darkreading.com/dr-global/spyware-designed-for-telegram-mods-also-targets-whatsapp-add-ons
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments.
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said.
https://thehackernews.com/2023/11/48-malicious-npm-packages-found.html
Prioritising Vulnerabilities Remedial Actions at Scale with EPSS
In this article, I-m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.
https://itnext.io/prioritising-vulnerabilities-remedial-actions-at-scale-with-epss-23bb60d614d9?gi=a4cadff2db3e
Einstufung von Sicherheitslücken: Der CVSS-4.0-Standard ist da
Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen.
https://www.heise.de/-9352555
Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand
Eigentlich soll es helfen, verlorene Dinge aufzuspüren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten.
https://www.heise.de/-9342791
Lücke in VMware ONE UEM ermöglicht Login-Klau
Durch eine unsichere Weiterleitung können Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren Zugänge übernehmen. VMware stellt Updates bereit.
https://www.heise.de/-9352599
Should you allow your browser to remember your passwords?
It-s very convenient to store your passwords in your browser. But is it a good idea?
https://www.malwarebytes.com/blog/news/2023/11/should-you-allow-your-browser-to-remember-your-passwords
You-d be surprised to know what devices are still using Windows CE
Windows CE - an operating system that, despite being out for 27 years, never had an official explanation for why it was called -CE- - finally reached its official end-of-life period this week. This was Microsoft-s first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime.
https://blog.talosintelligence.com/threat-source-newsletter-nov-2-2023/
Vulnerabilities
QNAP Security Advisories 2023-11-04
QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on.
https://www.qnap.com/en-us/security-advisories
Security updates for Friday
Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).
https://lwn.net/Articles/950061/
Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights
https://www.ibm.com/support/pages/node/7066311
Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak
https://www.ibm.com/support/pages/node/7066400