End-of-Day report
Timeframe: Mittwoch 08-11-2023 18:00 - Donnerstag 09-11-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Highly invasive backdoor snuck into open source packages targets developers
Packages downloaded thousands of times targeted people working on sensitive projects.
https://arstechnica.com/?p=1982281
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
https://www.bleepingcomputer.com/news/security/google-ads-push-malicious-cpu-z-app-from-fake-windows-news-site/
Visual Examples of Code Injection, (Thu, Nov 9th)
I spotted an interesting sample that perform this technique and I was able to collect -visible- information. The malware was delivered through a phishing email with a ZIP archive.
https://isc.sans.edu/diary/rss/30388
Google Play: Extra-Sicherheitsprüfungen sollen Apps vertrauenswürdiger machen
Ab sofort sind bestimmte Apps in Google Play mit einem neuen Banner gekennzeichnet, der mehr Sicherheit garantieren soll. Den Anfang machen einige VPN-Apps.
https://www.heise.de/-9357280
Spammers abuse Google Forms- quiz to deliver scams
Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.
https://blog.talosintelligence.com/google-forms-quiz-spam/
GhostLocker - A -Work In Progress- RaaS
GhostSec, has introduced a novel Ransom-as-a-Service encryptor known as GhostLocker.
https://www.rapid7.com/blog/post/2023/11/08/ghostlocker-a-work-in-progress-raas/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (cacti and chromium), Fedora (CuraEngine, podman, and rubygem-rmagick), Mageia (gnome-shell, openssl, and zlib), SUSE (salt), and Ubuntu (xrdp).
https://lwn.net/Articles/950850/
CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine (Severity: MEDIUM)
This issue is applicable only to Cortex XSOAR engines installed through the shell method that are running on a Linux operating system.
https://security.paloaltonetworks.com/CVE-2023-3282
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
https://www.rapid7.com/blog/post/2023/11/09/etr-cve-2023-47246-sysaid-zero-day-vulnerability-exploited-by-lace-tempest/
Drupal: GraphQL - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2023-051
https://www.drupal.org/sa-contrib-2023-051
Drupal: GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2023-050
https://www.drupal.org/sa-contrib-2023-050
Weidmüller: WIBU Vulnerability in multiple Products
https://cert.vde.com/de/advisories/VDE-2023-032/
Johnson Controls Quantum HD Unity
https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01
Hitachi Energy eSOMS
https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-02
IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2023-3635, CVE-2023-28118)
https://www.ibm.com/support/pages/node/7069238
IBM Security Guardium is affected by a denial of service vulnerability in Apache Struts (CVE-2023-34149)
https://www.ibm.com/support/pages/node/7069237
Vulnerabilities in Linux Kernel, Samba, Golang, Curl, and openssl can affect IBM Spectrum Protect Plus
https://www.ibm.com/support/pages/node/7069319
A vulnerability in Samba affects IBM Storage Scale SMB protocol access method (CVE-2022-2127)
https://www.ibm.com/support/pages/node/7070025