Tageszusammenfassung - 13.12.2023

End-of-Day report

Timeframe: Dienstag 12-12-2023 18:00 - Mittwoch 13-12-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

FakeSG campaign, Akira ransomware and AMOS macOS stealer

In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS.

https://securelist.com/crimeware-report-fakesg-akira-amos/111483/


Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken!

Wenn Sie auf willhaben über Kleinanzeigen Ware verkaufen oder kaufen wollen, dann sind Sie am besten vor Betrug geschützt, wenn Sie einige einfach Tipps beachten. Insbesondere sollten Sie sich aber nicht über den willhaben-Chat auf externe Kanäle leiten lassen.

https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/


A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository

https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/


Web shell on a SonicWall SMA

Truesec Cybersecurity Incident Response Team (CSIRT) found a compromised SonicWall Secure Mobile Access (SonicWall SMA) device on which a threat actor (TA) had deployed a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades.

https://www.truesec.com/hub/blog/web-shell-on-a-sonicwall-sma


A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2

This weakness enables attackers to remotely drop and call a web shell through a public interface.

https://www.greynoise.io/blog/a-day-in-the-life-of-a-greynoise-researcher-the-path-to-understanding-the-remote-code-execution-vulnerability-apache-cve-2023-50164-in-apache-struts2


Responding to CitrixBleed (CVE-2023-4966): Key Takeaways from Affected Companies

This critical security flaw has had a significant impact across various industries in the United States, including credit unions and healthcare services, marking it as one of the most critical vulnerabilities of 2023. Its relatively straightforward buffer overflow exploitability has raised major concerns.

https://blog.morphisec.com/responding-to-citrixbleed

Vulnerabilities

Microsoft: OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining.

https://www.bleepingcomputer.com/news/security/microsoft-oauth-apps-used-to-automate-bec-and-cryptomining-attacks/


Final Patch Tuesday of 2023 goes out with a bang

Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Its the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course.

https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/


Patchday Microsoft: Outlook kann sich an Schadcode-E-Mail verschlucken

Microsoft hat wichtige Sicherheitsupdates für Azure, Defender & Co. veröffentlicht. Bislang soll es keine Attacken geben.

https://www.heise.de/news/Patchday-Microsoft-Outlook-kann-sich-an-Schadcode-E-Mail-verschlucken-9573207.html


Patchday: Adobe schließt 185 Sicherheitslücken in Experience Manager

Angreifer können Systeme mit Anwendungen von Adobe ins Visier nehmen. Nun hat der Softwarehersteller Schwachstellen geschlossen.

https://www.heise.de/news/Patchday-Adobe-Adobe-schliesst-185-Sicherheitsluecken-in-Experience-Manager-9573244.html


Security updates for Wednesday

Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, [...]

https://lwn.net/Articles/954921/


Mal wieder Apache Struts: CVE-2023-50164

Wir haben in der Vergangenheit ernsthaft schlechte Erfahrungen mit Schwachstellen in der Apache Struts Library gemacht. Etwa mit CVE-2017-5638 oder CVE-2017-9805. Insbesondere komplexe Webseiten/Portal, oft von größeren Firmen, wurden öfters in Java entwickelt und waren für eine Massenexploitation anfällig. Daher haben wir die Veröffentlichung einer neuen Schwachstelle in Struts CVE-2023-50164 mit dem CVSS Score von 9.8 initial als besorgniserregend eingestuft.

https://cert.at/de/aktuelles/2023/12/mal-wieder-apache-struts-cve-2023-50164


Apache Struts Vulnerability Affecting Cisco Products: December 2023

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-struts-C2kCMkmT


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


Atos Unify Security Advisories

https://unify.com/en/support/security-advisories


Fortiguard Security Advisories

https://www.fortiguard.com/psirt


Technical Advisory - Multiple Vulnerabilities in Nagios XI

https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/


VMSA-2023-0027

https://www.vmware.com/security/advisories/VMSA-2023-0027.html


Command injection vulnerability in Bosch IP Cameras

https://psirt.bosch.com/security-advisories/bosch-sa-638184-bt.html


Denial of Service vulnerability in Bosch BT software products

https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.html