Tageszusammenfassung - 03.11.2023

End-of-Day report

Timeframe: Donnerstag 02-11-2023 18:00 - Freitag 03-11-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer


New macOS KandyKorn malware targets cryptocurrency engineers

A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.


Atlassian warns of exploit for Confluence data wiping bug, get patching

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.


Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons

Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.


Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments.


48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said.


Prioritising Vulnerabilities Remedial Actions at Scale with EPSS

In this article, I-m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.


Einstufung von Sicherheitslücken: Der CVSS-4.0-Standard ist da

Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen.


Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand

Eigentlich soll es helfen, verlorene Dinge aufzuspüren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten.


Lücke in VMware ONE UEM ermöglicht Login-Klau

Durch eine unsichere Weiterleitung können Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren Zugänge übernehmen. VMware stellt Updates bereit.


Should you allow your browser to remember your passwords?

It-s very convenient to store your passwords in your browser. But is it a good idea?


You-d be surprised to know what devices are still using Windows CE

Windows CE - an operating system that, despite being out for 27 years, never had an official explanation for why it was called -CE- - finally reached its official end-of-life period this week. This was Microsoft-s first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime.



QNAP Security Advisories 2023-11-04

QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on.


Security updates for Friday

Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).


Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights


Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak