Tageszusammenfassung - 10.11.2023

End-of-Day report

Timeframe: Donnerstag 09-11-2023 18:00 - Freitag 10-11-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a


Ducktail fashion week

The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers.


Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th)

The threat actor attempts to add my honeypot into a botnet so the threat actor can carry out DDoS attacks. The vulnerabilities used for the attack were default credentials and CVE-2017-17215. To prevent these attacks, make sure systems are patched and using strong credentials.


Malware: Mehr als 600 Millionen Downloads 2023 in Google Play

Kaspersky hat in diesem Jahr bereits mehr als 600 Millionen Malware-Downloads aus dem Google-Play-Store gezählt. Der bleibt aber sicherste Paketquelle.


Demystifying Cobalt Strike-s -make_token- Command

Cobalt Strike provides the make_token command to achieve a similar result to runas /netonly.


High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites

Clickbait articles are highlighted in this article. A jump in compromised sites exploiting CVE-2023-3169 stresses the danger of web-based threats.


Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.



Security updates for Friday

Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), [...]


Multiple Vulnerabilities in QuMagie


Vulnerability in QTS, QuTS hero, and QuTScloud


AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python


Multiple vulnerabilities in Eclipse Jetty affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow


The IBM Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597


Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.


IBM QRadar SIEM contains multiple vulnerabilities


Ivanti Secure Access Client security notifications