Tageszusammenfassung - 15.05.2023
End-of-Day report
Timeframe: Freitag 12-05-2023 18:00 \u2212 Montag 15-05-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan RichterNews
\u2217\u2217\u2217 The .zip gTLD: Risks and Opportunities, (Fri, May 12th) \u2217\u2217\u2217 About ten years ago, ICANN started the "gTLD" program. "Generic TLDs" allows various brands to register their own trademark as a TLD. Instead of "google.com", you now can have ".google"! Applying for a gTLD isn't cheap, and success isn't guaranteed. But since its inception, dozens of new gTLDs have been approved and started to be used [1]. The reputation of these new gTLDs has been somewhat mixed. https://isc.sans.edu/diary/rss/29838\u2217\u2217\u2217 XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks \u2217\u2217\u2217 Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany. https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html
\u2217\u2217\u2217 CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware \u2217\u2217\u2217 Poorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign thats designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. https://thehackernews.com/2023/05/clr-sqlshell-malware-targets-ms-sql.html
\u2217\u2217\u2217 New MichaelKors Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems \u2217\u2217\u2217 A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News. https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html
\u2217\u2217\u2217 WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch \u2217\u2217\u2217 PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch. https://www.securityweek.com/wordpress-field-builder-plugin-vulnerability-exploited-in-attacks-two-days-after-patch/
\u2217\u2217\u2217 Webinar: Smartphone, Tablet & Co. sicher nutzen \u2217\u2217\u2217 Wie kann ich meine persnlichen Daten am Smartphone, Tablet & Co. schtzen? In diesem Webinar zeigen wir Ihnen die wichtigsten Sicherheitseinstellungen \u2013 von Berechtigungen ber Datenschutz bis hin zu Nutzungszeiten. Nehmen Sie kostenlos teil: Dienstag 23. Mai 2023, 18:30 - 20:00 Uhr via zoom https://www.watchlist-internet.at/news/webinar-smartphone-tablet-co-sicher-nutzen-1/
\u2217\u2217\u2217 Mit diesen 3 Einstellungen schtzen Sie Ihr Smartphone \u2217\u2217\u2217 Sie denken Ihr Smartphone ist mit einer Bildschirmsperre vor fremden Zugriffen gut geschtzt? Falsch! Kriminelle finden Wege, um in gestohlene oder verlorene Smartphones einzudringen. Im schlimmsten Fall greifen sie auf Ihre Banking-App zu und rumen Ihr Konto ab. Wir zeigen Ihnen 3 wichtige Einstellungen, um Ihr Smartphone bei Verlust oder Diebstahl zu schtzen. https://www.watchlist-internet.at/news/mit-diesen-3-einstellungen-schuetzen-sie-ihr-smartphone/
\u2217\u2217\u2217 Ransomware tracker: The latest figures [May 2023] \u2217\u2217\u2217 Note: this Ransomware Tracker is updated on the second Sunday of each month to stay current Although ransomware attacks overall were down in April compared to the prior month, attacks against healthcare organizations shot up to one of its highest levels in years as hospitals and doctors offices increasingly find themselves targeted by hackers. https://therecord.media/ransomware-tracker-the-latest-figures
Vulnerabilities
\u2217\u2217\u2217 Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks \u2217\u2217\u2217 Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. The 11 vulnerabilities allow "remote code execution and full control over hundreds of thousands of devices and OT networks - in some cases, even those not actively configured to use the cloud." https://thehackernews.com/2023/05/industrial-cellular-routers-at-risk-11.html\u2217\u2217\u2217 Screen SFT DAB 600/C: Multiple Vulnerabilities \u2217\u2217\u2217 * Authentication Bypass Account Creation Exploit * Authentication Bypass Password Change Exploit * Authentication Bypass Erase Account Exploit * Authentication Bypass Admin Password Change Exploit * Authentication Bypass Reset Board Config Exploit * Unauthenticated Information Disclosure (userManager.cgx) https://www.zeroscience.mk/en/vulnerabilities/
\u2217\u2217\u2217 SECURITY BULLETIN: May 2023 Security Bulletin for Trend Micro Mobile Security (Enterprise) \u2217\u2217\u2217 CVE Identifier(s): CVE-2023-32521 through CVE-2023-32528 Trend Micro has released a new build for Trend Micro Mobile Security (Enterprise) that resolves several vulnerabilities. https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US
\u2217\u2217\u2217 Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App \u2217\u2217\u2217 Multiple vulnerabilities have been identified in the Kiddoware Kids Place Parental Control Android App. Users of the parent's web dashboard can be attacked via cross site scripting or cross site request forgery vulnerabilities, or attackers may upload arbitrary files to the children's devices. Furthermore, children are able to bypass any restrictions without the parents noticing. https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/
\u2217\u2217\u2217 Security updates for Monday \u2217\u2217\u2217 Security updates have been issued by Debian (golang-websocket, kernel, postgresql-11, and thunderbird), Fedora (firefox, kernel, libreswan, libssh, tcpreplay, and thunderbird), SUSE (dcmtk, gradle, libraw, postgresql12, postgresql13, postgresql14, and postgresql15), and Ubuntu (firefox, nova, and thunderbird). https://lwn.net/Articles/931892/
\u2217\u2217\u2217 VM2 Security Advisory: Inspect Manipulation \u2217\u2217\u2217 A threat actor can edit options for console.log. https://github.com//patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v
\u2217\u2217\u2217 VM2 Security Advisory: Sandbox Escape \u2217\u2217\u2217 A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. https://github.com//patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
\u2217\u2217\u2217 WAGO: Unauthenticated command execution via Web-based-management \u2217\u2217\u2217 https://cert.vde.com/de/advisories/VDE-2023-007/
\u2217\u2217\u2217 Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual \u2217\u2217\u2217 https://cert.vde.com/de/advisories/VDE-2023-008/
\u2217\u2217\u2217 MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24 \u2217\u2217\u2217 https://cert.vde.com/de/advisories/VDE-2023-002/
\u2217\u2217\u2217 IBM Security Bulletins \u2217\u2217\u2217 https://www.ibm.com/support/pages/bulletin/