End-of-Day report
Timeframe: Mittwoch 22-11-2023 18:00 - Donnerstag 23-11-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
https://www.darkreading.com/vulnerabilities-threats/proof-of-concept-exploit-publicly-available-for-critical-windows-smartscreen-flaw
Consumer cyberthreats: predictions for 2024
Kaspersky experts review last years predictions on consumer cyberthreats and try to anticipate the trends for 2024.
https://securelist.com/kaspersky-security-bulletin-consumer-threats-2024/111135/
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. -The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,- Akamai said in an advisory.
https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks
During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with a strong cross-platform component, such as Golang or Rust, thereby allowing them to be compiled for both Windows and Linux indiscriminately. Our main objectives were to increase our understanding of the main motivations for developing ransomware targeting Linux instead of Windows systems, which historically have been the main target until now.
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
Your voice is my password
AI-driven voice cloning can make things far too easy for scammers - I know because I-ve tested it so that you don-t have to learn about the risks the hard way.
https://www.welivesecurity.com/en/cybersecurity/your-voice-is-my-password/
Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker
SysJoker, initially discovered by Intezer in 2021, is a multi-platform backdoor with multiple variants for Windows, Linux and Mac. The same malware was also analyzed in another report a few months after the original publication. Since then, SysJoker Windows variants have evolved enough to stay under the radar.
https://research.checkpoint.com/2023/israel-hamas-war-spotlight-shaking-the-rust-off-sysjoker/
Vulnerabilities
Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller (CVE-2023-6253)
The Digital Guardian Management Console is vulnerable to a Stored Cross-Site Scripting attack in the PDF Template functionality. The vendor replied that this is an intended feature. The Digital Guardian Agent Uninstaller File also caches the Uninstall Key which can be extracted by an attacker and be used to terminate and uninstall the agent.
https://sec-consult.com/vulnerability-lab/advisory/uninstall-key-caching-in-fortra-digital-guardian-agent-uninstaller/
Sicherheitsschwachstellen in easySoft und easyE4 (SYSS-2023-007/-008/-009/-010)
In der Software -easySoft- sowie dem Steuerrelais -easyE4- der Eaton Industries GmbH wurden Schwachstellen gefunden. Diese ermöglichen sowohl das Extrahieren des Projektpassworts aus einer easySoft-Projektdatei als auch das Berechnen von Passwortkandidaten für easyE4-Programme, welche auf einer SD-Karte gespeichert sind. Darüber hinaus können auch Passwortkandidaten aus einem Netzwerkstream extrahiert werden, der z. B. während der Administration eines easyE4 aufgezeichnet wurde.
https://www.syss.de/pentest-blog/sicherheitsschwachstellen-in-easysoft-und-easye4-syss-2023-007/-008/-009/-010
ownCloud Security Advisories 2023-11-21
ownCloud released 3 security advisories: 2x critical, 1x high
https://owncloud.com/security/https://owncloud.com/security/
Atlassian rüstet Jira Data Center and Server & Co. gegen mögliche Attacken
Es gibt wichtige Sicherheitsupdates für verschiedene Softwarelösungen von Atlassian. Es kann Schadcode auf Systeme gelangen.
https://www.heise.de/-9537138
Sicherheitsupdates in Foxit PDF Reader 2023.3 und Foxit PDF Editor 2023.3 verfügbar
https://www.foxit.com/de/support/security-bulletins.html
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/