End-of-Day report
Timeframe: Donnerstag 21-12-2023 18:00 - Freitag 22-12-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Microsoft: Hackers target defense firms with new FalseFont malware
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/
Europol warns 443 online shops infected with credit card stealers
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
https://www.bleepingcomputer.com/news/security/europol-warns-443-online-shops-infected-with-credit-card-stealers/
Have your data and hide it too: An introduction to differential privacy
Providing software and web services that deliver value for users often requires measuring user behavior. In this blog we discuss emerging cryptographic and statistical techniques that enable collecting such measurements without violating user privacy
https://blog.cloudflare.com/have-your-data-and-hide-it-too-an-introduction-to-differential-privacy
Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer.
https://thehackernews.com/2023/12/multi-million-dollar-predator-spyware.html
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers unfamiliarity can hamper their investigation," [...]
https://thehackernews.com/2023/12/decoy-microsoft-word-documents-used-to.html
Cyber sleuths reveal how they infiltrate the biggest ransomware gangs
How do you break into the bad guys ranks? Master the lingo and research, research, research
https://go.theregister.com/feed/www.theregister.com/2023/12/22/how_to_infiltrate_ransomware_gangs/
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher
A researcher has shown how malicious actors can create custom GPTs that can phish for credentials and exfiltrate them to external servers.
https://www.securityweek.com/malicious-gpt-can-phish-credentials-exfiltrate-them-to-external-server-researcher/
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations- Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations- M365 cloud services per CISA-s recommended baselines.
https://www.cisa.gov/news-events/alerts/2023/12/21/cisa-releases-microsoft-365-secure-configuration-baselines-and-scubagear-tool
Python Packages Leverage GitHub to Deploy Fileless Malware
In early December, a number of malicious Python packages captured our attention, not just because of their malicious nature, but for the cleverness of their deployment strategy.
https://checkmarx.com/blog/python-packages-leverage-github-to-deploy-fileless-malware/
Vulnerabilities
ZDI Security Advisories
BlueZ, Kofax Power PDF
https://www.zerodayinitiative.com/advisories/published/
Security updates for Friday
Security updates have been issued by Debian (bluez, chromium, gst-plugins-bad1.0, openssh, and thunderbird), Fedora (chromium, firefox, kernel, libssh, nss, opensc, and thunderbird), Gentoo (Arduino, Exiv2, LibRaw, libssh, NASM, and QtWebEngine), Mageia (gstreamer), and SUSE (gnutls, gstreamer-plugins-bad, libcryptopp, libqt5-qtbase, ppp, tinyxml, xorg-x11-server, and zbar).
https://lwn.net/Articles/956012/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/