Tageszusammenfassung - 23.11.2023

End-of-Day report

Timeframe: Mittwoch 22-11-2023 18:00 - Donnerstag 23-11-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner

News

Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw

Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.

https://www.darkreading.com/vulnerabilities-threats/proof-of-concept-exploit-publicly-available-for-critical-windows-smartscreen-flaw


Consumer cyberthreats: predictions for 2024

Kaspersky experts review last years predictions on consumer cyberthreats and try to anticipate the trends for 2024.

https://securelist.com/kaspersky-security-bulletin-consumer-threats-2024/111135/


Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. -The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,- Akamai said in an advisory.

https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html


The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks

During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with a strong cross-platform component, such as Golang or Rust, thereby allowing them to be compiled for both Windows and Linux indiscriminately. Our main objectives were to increase our understanding of the main motivations for developing ransomware targeting Linux instead of Windows systems, which historically have been the main target until now.

https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/


Your voice is my password

AI-driven voice cloning can make things far too easy for scammers - I know because I-ve tested it so that you don-t have to learn about the risks the hard way.

https://www.welivesecurity.com/en/cybersecurity/your-voice-is-my-password/


Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker

SysJoker, initially discovered by Intezer in 2021, is a multi-platform backdoor with multiple variants for Windows, Linux and Mac. The same malware was also analyzed in another report a few months after the original publication. Since then, SysJoker Windows variants have evolved enough to stay under the radar.

https://research.checkpoint.com/2023/israel-hamas-war-spotlight-shaking-the-rust-off-sysjoker/

Vulnerabilities

Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller (CVE-2023-6253)

The Digital Guardian Management Console is vulnerable to a Stored Cross-Site Scripting attack in the PDF Template functionality. The vendor replied that this is an intended feature. The Digital Guardian Agent Uninstaller File also caches the Uninstall Key which can be extracted by an attacker and be used to terminate and uninstall the agent.

https://sec-consult.com/vulnerability-lab/advisory/uninstall-key-caching-in-fortra-digital-guardian-agent-uninstaller/


Sicherheitsschwachstellen in easySoft und easyE4 (SYSS-2023-007/-008/-009/-010)

In der Software -easySoft- sowie dem Steuerrelais -easyE4- der Eaton Industries GmbH wurden Schwachstellen gefunden. Diese ermöglichen sowohl das Extrahieren des Projektpassworts aus einer easySoft-Projektdatei als auch das Berechnen von Passwortkandidaten für easyE4-Programme, welche auf einer SD-Karte gespeichert sind. Darüber hinaus können auch Passwortkandidaten aus einem Netzwerkstream extrahiert werden, der z. B. während der Administration eines easyE4 aufgezeichnet wurde.

https://www.syss.de/pentest-blog/sicherheitsschwachstellen-in-easysoft-und-easye4-syss-2023-007/-008/-009/-010


ownCloud Security Advisories 2023-11-21

ownCloud released 3 security advisories: 2x critical, 1x high

https://owncloud.com/security/https://owncloud.com/security/


Atlassian rüstet Jira Data Center and Server & Co. gegen mögliche Attacken

Es gibt wichtige Sicherheitsupdates für verschiedene Softwarelösungen von Atlassian. Es kann Schadcode auf Systeme gelangen.

https://www.heise.de/-9537138


Sicherheitsupdates in Foxit PDF Reader 2023.3 und Foxit PDF Editor 2023.3 verfügbar

https://www.foxit.com/de/support/security-bulletins.html


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/