End-of-Day report
Timeframe: Mittwoch 20-12-2023 18:00 - Donnerstag 21-12-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
New phishing attack steals your Instagram backup codes to bypass 2FA
A new phishing campaign pretending to be a copyright infringement email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/
Fake F5 BIG-IP zero-day warning emails push data wipers
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers.
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Android malware Chameleon disables Fingerprint Unlock to steal PINs
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices - disable fingerprint and face unlock to steal device PINs.
https://www.bleepingcomputer.com/news/security/android-malware-chameleon-disables-fingerprint-unlock-to-steal-pins/
Windows CLFS and five exploits used by ransomware operators
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities.
https://securelist.com/windows-clfs-exploits-ransomware/111560/
Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518), (Wed, Dec 20th)
Attacks for the vulnerability started early in November, shortly after the vulnerability was announced. At the time, the attacks were more targeted to specific hosts. Now we are seeing more widespread scans typical for attackers trying to "clean up" instances earlier attacks may have missed.
https://isc.sans.edu/diary/rss/30502
Weaponizing DHCP DNS Spoofing - A Hands-On Guide
In this second blog post, we aim to elaborate on some of the technical details that are required to exploit this attack surface. We will detail the methods used to collect all the necessary information to conduct the attacks, describe some attack limitations, and explore how we can spoof multiple DNS records by abusing an interesting DHCP server behavior.
https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide
Kritische Lücken in Mobile-Device-Management-Lösung Ivanti Avalanche geschlossen
Angreifer können Ivanti Avalanche mit Schadcode attackieren. Eine reparierte Version steht zum Download bereit.
https://www.heise.de/-9580221
BSI veröffentlicht Studie zu Implementierungsangriffen auf QKD-Systeme
Das BSI hat eine wissenschaftliche Studie über Implementierungsangriffe auf Quantum Key Distribution (QKD)-Systeme veröffentlicht.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/QKD-Systeme_231219.html
Spoofing: Spätestens im Herbst 2024 soll mit dem Betrug Schluss sein
Alle österreichischen Telefonnummern erhalten ein "Mascherl", das sie als echt ausweist. Provider haben bis 1. September Zeit, die neue Verordnung umzusetzen.
https://www.derstandard.at/story/3000000200615/spoofing-spaetestens-im-herbst-2024-soll-mit-dem-betrug-schluss-sein
security.txt: A Simple File with Big Value
Our team at CISA often receives questions about why creation of a -security.txt- file was included as one of the priority Cybersecurity Performance Goals (CPGs). Why is it so important? Well, it-s such a simple concept, but it provides great value to all of those involved in vulnerability management and disclosure.
https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value
Vulnerabilities
ZDI Security Advisories
Voltronic Power ViewPower, Hancom Office, Honeywell Saia PG5 Controls Suite
https://www.zerodayinitiative.com/advisories/published/
Google Chrome: Update schließt bereits angegriffene Zero-Day-Lücke
Googles Entwickler haben ein Update für Chrome veröffentlicht, das eine bereits angegriffene Sicherheitslücke abdichtet.
https://www.heise.de/-9580061
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 7 Vulnerability Researchers that contributed to WordPress Security last week.
https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-11-2023-to-december-17-2023/
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr), Fedora (kernel), Mageia (bluez), Oracle (fence-agents, gstreamer1-plugins-bad-free, opensc, openssl, postgresql:10, and postgresql:12), Red Hat (postgresql:15 and tigervnc), Slackware (proftpd), and SUSE (docker, rootlesskit, firefox, go1.20-openssl, go1.21-openssl, gstreamer-plugins-bad, libreoffice, libssh2_org, poppler, putty, rabbitmq-server, wireshark, xen, xorg-x11-server, and xwayland).
https://lwn.net/Articles/955914/
ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature
ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.
https://www.securityweek.com/eset-patches-high-severity-vulnerability-in-secure-traffic-scanning-feature/
Drupal: Data Visualisation Framework - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-055
https://www.drupal.org/sa-contrib-2023-055
Foxit: Security Advisories for Foxit PDF Reader
https://www.foxit.com/support/security-bulletins.html
NETGEAR: Security Advisory for Stored Cross Site Scripting on the NMS300, PSV-2023-0106
https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2023/12/21/cisa-adds-two-known-exploited-vulnerabilities-catalog