End-of-Day report
Timeframe: Dienstag 07-11-2023 18:00 - Mittwoch 08-11-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Example of Phishing Campaign Project File, (Wed, Nov 8th)
We all have a love and hate relation with emails. When newcomers on the Internet starts to get emails, they are so happy but their feeling changes quickly. Then, they hope to reduce the flood of emails received daily... Good luck! Of course, tools have been developed to organize marketing campaigns. From marketing to spam or phishing, there is only one step. Bad guys started to use the same programs for malicious purpose.
https://isc.sans.edu/diary/rss/30384
Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation
Cybersecurity researchers have developed whats the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victims environment without attracting any attention.
https://thehackernews.com/2023/11/researchers-uncover-undetectable-crypto.html
Hunderte Experten warnen vor staatlichen Root-Zertifikaten
Bald sollen EU-Bürger sich auf grenzüberschreitende elektronische Dienste und Vertrauensstellen verlassen müssen. Experten schlagen Alarm.
https://www.heise.de/-9355165.html
Angebliches LinkedIn-Datenleck: Daten von Tätern konstruiert
Im digitalen Untergrund haben Kriminelle Daten aus einem angeblichen LinkedIn-Leck angeboten. Diese entpuppen sich als künstlich aufgebläht.
https://www.heise.de/-9355976.html
Tool Release: Magisk Module - Conscrypt Trust User Certs
Android 14 introduced a new feature which allows to remotely install CA certificates. This change implies that instead of using the /system/etc/security/cacerts directory to check the trusted CA-s, this new feature uses the com.android.conscrypt APEX module, and reads the certificates from the directory /apex/com.android.conscrypt/cacerts. Inspired by this blog post by Tim Perry, I decided to create a [...]
https://research.nccgroup.com/2023/11/08/tool-release-magisk-module-conscrypt-trust-user-certs/
Sumo Logic Urges Users to Change Credentials Due to Security Breach
Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach.
https://www.securityweek.com/sumo-logic-urges-users-to-change-credentials-due-to-security-breach/
Vorsicht vor stark verbilligten Amazon-Schnäppchen
Man glaubt es kaum: Tablets, Smartphones oder Notebooks, die auf Amazon um die Hälfte billiger angeboten werden. Solche Schnäppchen entpuppen sich aber als Lockangebote, um Ihnen Geld zu stehlen. Wir zeigen Ihnen, wie diese Betrugsmasche funktioniert!
https://www.watchlist-internet.at/news/vorsicht-vor-stark-verbilligten-amazon-schnaeppchen/
Vorsicht vor vermeintlichen Rechnungen der -Click Office World-
Fake-Rechnungen sind nichts Neues in der Welt des Unternehmensbetrugs, aktuell scheinen Betrüger:innen jedoch wieder massenhaft solche Rechnungen zu versenden. So erhalten viele Unternehmen derzeit per Post englischsprachige Rechnungen von -CLICK OFFICE WORLD-, in denen eine 14-tägige Zahlungsfrist und ein Betrag von 955 Euro gefordert werden. Zahlen Sie nichts, es handelt sich um Betrug!
https://www.watchlist-internet.at/news/vorsicht-vor-vermeintlichen-rechnungen-der-click-office-world/
Warning Against Phobos Ransomware Distributed via Vulnerable RDP
AhnLab Security Emergency response Center (ASEC) has recently discovered the active distribution of the Phobos ransomware. Phobos is a variant known for sharing technical and operational similarities with the Dharma and CrySis ransomware. These ransomware strains typically target externally exposed Remote Desktop Protocol (RDP) services with vulnerable securities as attack vectors.
https://asec.ahnlab.com/en/58753/
Lazarus-Linked BlueNoroff APT Targeting macOS with ObjCShellz Malware
Threat Labs- security experts have discovered a new malware variant attributed to the BlueNoroff APT group.
https://www.hackread.com/lazarus-bluenoroff-apt-macos-objcshellz-malware/
A Balanced Approach: New Security Headers Grading Criteria
The Security Headers grading criteria is something that doesnt change often, but when it does, theres a good reason behind the change. In this blog, I will outline the new grading criteria and the reasons why weve made the change.
https://scotthelme.co.uk/a-balanced-approach-new-security-headers-grading-criteria/
Vulnerabilities
Patchday: Kritische System-Lücke bedroht Android 11, 12 und 13
Google hat wichtige Sicherheitsupdates für verschiedene Android-Versionen veröffentlicht.
https://www.heise.de/-9355953.html
Malware-Schutz: Rechteausweitung in Trend Micros Apex One möglich
In Trend Micros Schutzsoftware Apex One können Angreifer Schwachstellen missbrauchen, um ihre Privilegien auszuweiten. Updates korrigieren das.
https://www.heise.de/-9356484.html
Webbrowser: Lücke mit hohem Risiko in Google Chrome geschlossen
Google schließt mit dem Update von Chrome eine hochriskante Sicherheitslücke, die Webseiten offenbar das Unterschieben von Schadcode ermöglicht.
https://www.heise.de/-9355888.html
Security updates for Wednesday
Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).
https://lwn.net/Articles/950694/
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29552 Service Location Protocol (SLP) Denial-of-Service Vulnerability
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
GE MiCOM S1 Agile
Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution.
https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-01
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/