End-of-Day report
Timeframe: Montag 04-12-2023 18:00 - Dienstag 05-12-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery
Industrial cybersecurity firm TXOne Networks has disclosed the details of 10 unpatched vulnerabilities discovered by its researchers in building automation products made by Austrian company Loytec more than two years ago.
https://www.securityweek.com/unpatched-loytec-building-automation-flaws-disclosed-2-years-after-discovery/
BlueNoroff: new Trojan attacking macOS users
BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system.
https://securelist.com/bluenoroff-new-macos-malware/111290/
Zarya Hacktivists: More than just Sharepoint., (Mon, Dec 4th)
Zarya isn't exactly the type of threat you should be afraid of, but it is sad how these groups can still be effective due to organizations exposing unpatched or badly configured systems to the internet. Most of the attacks sent by Zarya will not succeed even if they hit a vulnerable system. For some added protection, you may consider blocking some of the Aeza network's traffic after ensuring that this network hosts no critical resources you need. Aeza uses ASN 210644.
https://isc.sans.edu/diary/rss/30450
Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack
A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when its actually not and carry out covert attacks.
https://thehackernews.com/2023/12/warning-for-iphone-users-experts-warn.html
Sicherheitslücke in iOS 16 soll angeblich leichteres Auslesen ermöglichen
In Moskau streiten sich zwei Forensikfirmen wegen gestohlenem Programmcode. Dieser aber offenbart eine mögliche neue Sicherheitslücke im iPhone-Betriebssystem.
https://www.heise.de/-9548725
OSINT. What can you find from a domain or company name
To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names.
https://www.pentestpartners.com/security-blog/osint-what-can-you-find-from-a-domain-or-company-name/
Viele Beschwerden zu luckyluna.de
luckyluna.de bietet handgezeichnete Tierportraits. Sie laden ein Foto Ihres Tieres hoch, es wird gezeichnet und Sie erhalten das Bild entweder digital oder auf einer Leinwand - so zumindest das Versprechen. Verärgerte Kund:innen beschweren sich aber, dass die Bilder nicht handgezeichnet sind, sondern die -handgefertigten Portraits- nur mit Hilfe eines Bildbearbeitungsprogramms erstellt werden.
https://www.watchlist-internet.at/news/viele-beschwerden-zu-luckylunade/
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
This CSA provides network defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar exploitation.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Vulnerabilities
Patchday Android: Android 11, 12, 13 und 14 für Schadcode-Attacken anfällig
Angreifer können Android-Smartphones und -Tablets verschiedener Hersteller ins Visier nehmen. Für einige Geräte gibt es Sicherheitsupdates.
https://www.heise.de/-9548839
Security updates for Tuesday
Security updates have been issued by Debian (roundcube), Fedora (java-latest-openjdk), Mageia (libqb), SUSE (python-Django1), and Ubuntu (request-tracker4).
https://lwn.net/Articles/953783/
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2023-42916, CVE-2023-42917.
https://webkitgtk.org/security/WSA-2023-0011.html
Security updates for Ivanti Connect Secure and Ivanti Policy Secure
We are reporting the Ivanti Connect Secure issues as CVE-2023-39340, CVE-2023-41719 and CVE-2023-41720, and Ivanti Policy Secure issue as CVE-2023-39339. We encourage customers to download the latest releases of ICS and IPS to remediate the issues.
https://www.ivanti.com/blog/security-updates-for-ivanti-connect-secure-and-ivanti-policy-secure
SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018
Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-Y88QOm77
Wago: Vulnerabilities in IEC61850 Server / Telecontrol
https://cert.vde.com/de/advisories/VDE-2023-044/
Wago: Vulnerability in Smart Designer Web-Application
https://cert.vde.com/de/advisories/VDE-2023-045/
CODESYS: Multiple products affected by WIBU Codemeter vulnerability
https://cert.vde.com/de/advisories/VDE-2023-035/
CODESYS: OS Command Injection Vulnerability in multiple CODESYS Control products
https://cert.vde.com/de/advisories/VDE-2023-066/
Pilz : WIBU Vulnerabilitiy in multiple Products (Update A)
https://cert.vde.com/de/advisories/VDE-2023-033/
Pilz: Electron Vulnerabilities in PASvisu and PMI v8xx
https://cert.vde.com/de/advisories/VDE-2023-059/
Pilz: Multiple products prone to libwebp vulnerability
https://cert.vde.com/de/advisories/VDE-2023-048/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01