End-of-Day report
Timeframe: Donnerstag 28-12-2023 18:00 - Freitag 29-12-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Malware abuses Google OAuth endpoint to -revive- cookies, hijack accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users accounts, even if an accounts password was reset.
https://www.bleepingcomputer.com/news/security/malware-abuses-google-oauth-endpoint-to-revive-cookies-hijack-accounts/
Steam game mod breached to push password-stealing malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.
https://www.bleepingcomputer.com/news/security/steam-game-mod-breached-to-push-password-stealing-malware/
Security: Wie man mit Ransomware-Hackern verhandelt
Wer Opfer einer Ransomware-Attacke wird, kommt an Verhandlungen mit den Kriminellen manchmal nicht vorbei. Dabei gibt es einige Regeln zu beachten. Ein Bericht von Friedhelm Greis
https://www.golem.de/news/security-wie-man-mit-ransomware-hackern-verhandelt-2312-180677.html
New Version of Meduza Stealer Released in Dark Web
On Christmas Eve, Resecurity-s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients [...]
https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html
Clash of Clans gamers at risk while using third-party app
An exposed database and secrets on a third-party app puts Clash of Clans players at risk of attacks from threat actors. The Cybernews research team has discovered that the Clash Base Designer Easy Copy app exposed its Firebase database and user-sensitive information. With 100,000 downloads on the Google Play store, [...]
https://securityaffairs.com/156617/security/clash-of-clans-gamers-at-risk.html
The Worst Hacks of 2023
It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.
https://www.wired.com/story/worst-hacks-2023/
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence
>From October-December, the activities of DarkGate, Pikabot, IcedID and more were seen and shared with the broader community via social media [...]
https://unit42.paloaltonetworks.com/unit42-threat-intelligence-roundup/
Windows: CVE-2021-43890 ausnutzbar: App-Installer-Protokoll deaktiviert; Storm-1152 ausgeschaltet
Ich packe zum Jahresende noch einige "Gruselgeschichten" rund um das Thema "Sicherheit in Microsoft-Produkten" zusammen. So hat Microsoft den MSXI-App-Installer-Protokoll deaktiviert, weil dieses von Malware-Gruppen missbraucht wurde. Dann gab es die Schwachstelle CVE-2021-43890, die längst gefixt zu sein schien, jetzt [...]
https://www.borncity.com/blog/2023/12/29/microsoft-sicherheitssplitter-cve-2021-43890-ausnutzbar-app-installer-protokoll-deaktiviert-storm-1152-ausgeschaltet/
Velociraptor 0.7.1 Release: Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023
Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities that add to the power and efficiency of this open-source digital forensic and incident response (DFIR) platform.
https://www.rapid7.com/blog/post/2023/12/29/velociraptor-0-7-1-release-sigma-support-etw-multiplexing-local-encrypted-storage-and-new-vql-capabilities-highlight-the-last-release-of-2023/
Vulnerabilities
Apache OpenOffice 4.1.15 Release Notes
CVE-2012-5639: Loading internal / external resources without warning, CVE-2022-43680: "Use after free" fixed in libexpat, CVE-2023-1183: Arbitrary file write in Apache OpenOffice Base, CVE-2023-47804: Macro URL arbitrary script execution
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.15+Release+Notes
CVE-2019-3773 Spring Web Services Vulnerability in NetApp Products
Multiple NetApp products incorporate Spring Web Services. Spring Web Services 2.4.3, 3.0.4, and older unsupported versions are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). [...] CVE-2019-3773 9.8 (CRITICAL)
https://security.netapp.com/advisory/ntap-20231227-0011/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/