End-of-Day report
Timeframe: Dienstag 28-11-2023 18:00 - Mittwoch 29-11-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat thats capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) [...]
https://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html
DJVU Ransomwares Latest Variant Xaro Disguised as Cracked Software
A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," [...]
https://thehackernews.com/2023/11/djvu-ransomwares-latest-variant-xaro.html
Okta Breach Impacted All Customer Support Users-Not 1 Percent
Okta upped its original estimate of customer support users affected by a recent breach from 1 percent to 100 percent, citing a -discrepancy.-
https://www.wired.com/story/okta-breach-disclosure-all-customer-support-users/
Scans zu kritischer Sicherheitslücke in ownCloud-Plugin
Die Schwachstelle im GraphAPI-Plugin kann zur unfreiwilligen Preisgabe der Admin-Zugangsdaten führen. ownCloud-Admins sollten schnell reagieren.
https://www.heise.de/-9542895.html
Sicherheitslücke: Schadcode-Attacken auf Solarwinds Platform möglich
Die Solarwinds-Entwickler haben zwei Schwachstellen in ihrer Monitoringsoftware geschlossen.
https://www.heise.de/-9543391.html
New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher
An academic researcher demonstrates BLUFFS, six novel attacks targeting Bluetooth sessions- forward and future secrecy.
https://www.securityweek.com/new-bluffs-bluetooth-attacks-have-large-scale-impact-researcher/
Deepfake-Videos mit Armin Assinger führen zu Investitionsbetrug!
Aktuell kursieren auf Facebook, Instagram, TikTok und YouTube Werbevideos mit betrügerischen Inhalten. Dabei wird insbesondere das Gesicht Armin Assingers für Deepfakes eingesetzt. Armin Assinger werden mithilfe von Künstlicher Intelligenz (KI) Worte in den Mund gelegt, sodass dadurch betrügerische Investitionsplattformen beworben werden. Vorsicht: Folgen Sie diesen Links nicht, denn hier sind sämtliche Investments verloren!
https://www.watchlist-internet.at/news/deepfake-videos-mit-armin-assinger-fuehren-zu-investitionsbetrug/
Spyware Employs Various Obfuscation Techniques to Bypass Static Analysis
A look at some deceptive tactics used by malware authors in an effort to evade analysis.
https://symantec-enterprise-blogs.security.com/threat-intelligence/spyware-obfuscation-static-analysis
Exploitation of Unitronics PLCs used in Water and Wastewater Systems
CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality-s water authority immediately took the system offline and switched to manual operations [...]
https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
CISA Releases First Secure by Design Alert
Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design (SbD) Alert series. This SbD Alert urges software manufacturers to proactively prevent the exploitation of vulnerabilities in web management interfaces by designing and developing their products using SbD principles: [...]
https://www.cisa.gov/news-events/alerts/2023/11/29/cisa-releases-first-secure-design-alert
Vulnerabilities
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library.
https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html
CISA Releases Four Industrial Control Systems Advisories
* ICSA-23-331-01 Delta Electronics InfraSuite Device Master
* ICSA-23-331-02 Franklin Electric Fueling Systems Colibri
* ICSA-23-331-03 Mitsubishi Electric GX Works2
* ICSMA-23-331-01 BD FACSChorus
https://www.cisa.gov/news-events/alerts/2023/11/28/cisa-releases-four-industrial-control-systems-advisories
SolarWinds Platform 2023.4.2 Release Notes
SolarWinds Platform 2023.4.2 is a service release providing bug and security fixes for release 2023.4.
CVE-2023-40056: SQL Injection Remote Code Execution Vulnerability Severity: 8.0 (high)
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm
Arcserve Unified Data Protection Multiple Vulnerabilities
* CVE-2023-41998 - UDP Unauthenticated RCE
* CVE-2023-41999 - UDP Management Authentication Bypass
* CVE-2023-42000 - UDP Agent Unauthenticated Path Traversal File Upload
Solution: Upgrade to Arcserve UDP version 9.2 or later.
https://www.tenable.com/security/research/tra-2023-37
Sicherheitslücke in Hikvision-Kameras und NVR ermöglicht unbefugten Zugriff
Verschiedene Modelle des chinesischen Herstellers gestatteten Angreifern den unbefugten Zugriff. Auch andere Marken sind betroffen, Patches stehen bereit.
https://www.heise.de/-9543336.html
Security updates for Wednesday
Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib, ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler).
https://lwn.net/Articles/953226/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/