End-of-Day report
Timeframe: Dienstag 12-12-2023 18:00 - Mittwoch 13-12-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
FakeSG campaign, Akira ransomware and AMOS macOS stealer
In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS.
https://securelist.com/crimeware-report-fakesg-akira-amos/111483/
Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken!
Wenn Sie auf willhaben über Kleinanzeigen Ware verkaufen oder kaufen wollen, dann sind Sie am besten vor Betrug geschützt, wenn Sie einige einfach Tipps beachten. Insbesondere sollten Sie sich aber nicht über den willhaben-Chat auf externe Kanäle leiten lassen.
https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/
A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
Web shell on a SonicWall SMA
Truesec Cybersecurity Incident Response Team (CSIRT) found a compromised SonicWall Secure Mobile Access (SonicWall SMA) device on which a threat actor (TA) had deployed a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades.
https://www.truesec.com/hub/blog/web-shell-on-a-sonicwall-sma
A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2
This weakness enables attackers to remotely drop and call a web shell through a public interface.
https://www.greynoise.io/blog/a-day-in-the-life-of-a-greynoise-researcher-the-path-to-understanding-the-remote-code-execution-vulnerability-apache-cve-2023-50164-in-apache-struts2
Responding to CitrixBleed (CVE-2023-4966): Key Takeaways from Affected Companies
This critical security flaw has had a significant impact across various industries in the United States, including credit unions and healthcare services, marking it as one of the most critical vulnerabilities of 2023. Its relatively straightforward buffer overflow exploitability has raised major concerns.
https://blog.morphisec.com/responding-to-citrixbleed
Vulnerabilities
Microsoft: OAuth apps used to automate BEC and cryptomining attacks
Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining.
https://www.bleepingcomputer.com/news/security/microsoft-oauth-apps-used-to-automate-bec-and-cryptomining-attacks/
Final Patch Tuesday of 2023 goes out with a bang
Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Its the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course.
https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/
Patchday Microsoft: Outlook kann sich an Schadcode-E-Mail verschlucken
Microsoft hat wichtige Sicherheitsupdates für Azure, Defender & Co. veröffentlicht. Bislang soll es keine Attacken geben.
https://www.heise.de/news/Patchday-Microsoft-Outlook-kann-sich-an-Schadcode-E-Mail-verschlucken-9573207.html
Patchday: Adobe schließt 185 Sicherheitslücken in Experience Manager
Angreifer können Systeme mit Anwendungen von Adobe ins Visier nehmen. Nun hat der Softwarehersteller Schwachstellen geschlossen.
https://www.heise.de/news/Patchday-Adobe-Adobe-schliesst-185-Sicherheitsluecken-in-Experience-Manager-9573244.html
Security updates for Wednesday
Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, [...]
https://lwn.net/Articles/954921/
Mal wieder Apache Struts: CVE-2023-50164
Wir haben in der Vergangenheit ernsthaft schlechte Erfahrungen mit Schwachstellen in der Apache Struts Library gemacht. Etwa mit CVE-2017-5638 oder CVE-2017-9805. Insbesondere komplexe Webseiten/Portal, oft von größeren Firmen, wurden öfters in Java entwickelt und waren für eine Massenexploitation anfällig. Daher haben wir die Veröffentlichung einer neuen Schwachstelle in Struts CVE-2023-50164 mit dem CVSS Score von 9.8 initial als besorgniserregend eingestuft.
https://cert.at/de/aktuelles/2023/12/mal-wieder-apache-struts-cve-2023-50164
Apache Struts Vulnerability Affecting Cisco Products: December 2023
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-struts-C2kCMkmT
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Atos Unify Security Advisories
https://unify.com/en/support/security-advisories
Fortiguard Security Advisories
https://www.fortiguard.com/psirt
Technical Advisory - Multiple Vulnerabilities in Nagios XI
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
VMSA-2023-0027
https://www.vmware.com/security/advisories/VMSA-2023-0027.html
Command injection vulnerability in Bosch IP Cameras
https://psirt.bosch.com/security-advisories/bosch-sa-638184-bt.html
Denial of Service vulnerability in Bosch BT software products
https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.html