Timeframe: Montag 20-03-2023 18:00 - Dienstag 21-03-2023 18:00
Handler: Michael Schlagenhaufer
Windows 11 bug warns Local Security Authority protection is off
Windows 11 users report seeing widespread Windows Security warnings that Local Security Authority (LSA) Protection has been disabled even though it shows as being toggled on.
From Phishing Kit To Telegram... or Not!, (Mon, Mar 20th)
Today, I spotted a phishing campaign that stores collected credentials via a Telegram bot! Telegram bots are common in malicious Python scripts but less common in Phishing campaigns!
Google Cloud Log Extraction
In this blog post, we review the methods through which we can extract logs from Google Cloud.
Find Threats in Event Logs with Hayabusa
Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means "peregrine falcon" in Japanese and was chosen as peregrine falcons are the fastest animal in the world, great at hunting and highly trainable.
Black Angel Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality. Designed for Red Teams.
Linux auditd for Threat Detection [Final]
The focus of this article will be to describe what behaviors allow for which events to be recorded by auditd. Additionally, you will see where auditd is not capable of recording certain events, despite verbose settings.
Nexus: a new Android botnet?
On January 2023, a new Android banking trojan appeared on multiple hacking forums under the name of Nexus. However, Cleafy-s Threat Intelligence & Response Team traced the first Nexus infections way before the public announcement in June 2022.
Mitigating SSRF in 2023
Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021. This reflects both how common and how impactful this type of vulnerability has become.
Malicious NuGet Packages Used to Target .NET Developers
Software developers have been targeted in a new attack via malicious packages in the NuGet repository.
Achtung: Betrügerische Anrufe zu Eurojackpot-Gewinn!
Nehmen Sie sich vor angeblichen Gewinnbenachrichtigungen per Anruf, E-Mail, Post und Social Media im Namen von Eurojackpot in Acht. Kriminelle geben sich als die Lotterie aus und behaupten, dass Sie Geld gewonnen haben. Im weiteren Verlauf sollen Sie vorab Geld bezahlen, um die Auszahlung zu erhalten.
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
Security updates for Tuesday
Security updates have been issued by Debian (apache2), Oracle (firefox, nss, and openssl), Slackware (curl and vim), SUSE (dpdk, firefox, grafana, oracleasm, python-cffi, python-Django, and qemu), and Ubuntu (ruby2.7, sox, and tigervnc).
Keysight N6845A Geolocation Server
Delta Electronics InfraSuite Device Master
VISAM VBASE Automation Base
Siemens RUGGEDCOM APE1808 Product Family
Rockwell Automation ThinManager
Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities
Spring Vault 3.0.2 and 2.3.3 fix CVE-2023-20859
Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Moment CVE-2023-22467
A vulnerability in protobuf may affect IBM Robotic Process Automation and result in a denial of service (CVE-2022-1941)
IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)
IBM Aspera Faspex 5.0.4 can be vulnerable to improperly unauthorized password changes
Vulnerability in Apache Commons FileUpload library affect Tivoli Netcool\/OMNIbus WebGUI (CVE-2023-24998)
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)
Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent