End-of-Day report
Timeframe: Donnerstag 14-12-2023 18:00 - Freitag 15-12-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Ten new Android banking trojans targeted 985 bank apps in 2023
This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.
https://www.bleepingcomputer.com/news/security/ten-new-android-banking-trojans-targeted-985-bank-apps-in-2023/
Fake-Werbeanzeige auf Facebook & Instagram: -Verlorenes Gepäck für nur 1,95 -!-
Im Namen des -Vienna International Airport- schalten Kriminelle aktuell betrügerische Anzeigen und behaupten, dass verloren gegangene Koffer für knapp 2 Euro verkauft werden.
https://www.watchlist-internet.at/news/fake-werbeanzeige-auf-facebook-instagram-verlorenes-gepaeck-fuer-nur-195-eur/
OilRig-s persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
New Hacker Group GambleForce Hacks Targets with Open Source Tools
Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally.
https://www.hackread.com/gambleforce-hacks-targets-open-source-tools/
Mining The Undiscovered Country With GreyNoise EAP Sensors: F5 BIG-IP Edition
Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community.
https://www.greynoise.io/blog/mining-the-undiscovered-country-with-greynoise-eap-sensors-f5-big-ip-edition
Opening a new front against DNS-based threats
There are multiple ways in which threat actors can leverage DNS to carry out attacks. We will provide a an introduction to DNS threat landscape.The post Opening a new front against DNS-based threats appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/opening-a-new-front-against-dns-based-threats/
Vulnerabilities
Ubiquiti: Nutzer konnten auf fremde Sicherheitskameras zugreifen
Teilweise erhielten Anwender sogar Benachrichtigungen auf ihre Smartphones, in denen Bilder der fremden Kameras enthalten waren.
https://www.golem.de/news/ubiquiti-nutzer-konnten-auf-fremde-sicherheitskameras-zugreifen-2312-180359.html
New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances.
https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html
Squid-Proxy: Denial of Service durch Endlosschleife
Schickt ein Angreifer einen präparierten HTTP-Header an den Proxy-Server, kann er ihn durch eine unkontrollierte Rekursion zum Stillstand bringen.
https://www.heise.de/news/Squid-Proxy-Denial-of-Service-durch-Endlosschleife-9575176.html?wt_mc=rss.red.security.security.atom.beitrag.beitrag
Security updates for Friday
Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, [...]
https://lwn.net/Articles/955336/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Unitronics Vision Series
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-15