End-of-Day report
Timeframe: Dienstag 01-08-2023 18:00 - Mittwoch 02-08-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Threat actors abuse Google AMP for evasive phishing attacks
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.
https://www.bleepingcomputer.com/news/security/threat-actors-abuse-google-amp-for-evasive-phishing-attacks/
Amazons AWS SSM agent can be used as post-exploitation RAT malware
Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platforms System Manager (SSM) agent as an undetectable Remote Access Trojan (RAT).
https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/
New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer thats equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022. There is no evidence to suggest that the cyber offensive is currently active.
https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
A new side-channel attack method that can lead to data leakage works against nearly any modern CPU, but we-re unlikely to see it being used in the wild any time soon. [..] Collide+Power is a generic software-based attack that works against devices powered by Intel, AMD or Arm processors and it-s applicable to any application and any type of data. The chipmakers are publishing their own advisories for the attack and the CVE-2023-20583 has been assigned.
https://www.securityweek.com/nearly-all-modern-cpus-leak-data-to-new-collidepower-side-channel-attack/
New hVNC macOS Malware Advertised on Hacker Forum
A new macOS-targeting hVNC malware family is being advertised on a prominent cybercrime forum.
https://www.securityweek.com/new-hvnc-macos-malware-advertised-on-hacker-forum/
SSH Remains Most Targeted Service in Cado-s Cloud Threat Report
Cado Security Labs 2023 Cloud Threat Findings Report dives deep into the world of cybercrime, cyberattacks, and vulnerabilities.
https://www.hackread.com/ssh-targeted-service-cado-cloud-threat-report/
The Most Important Part of the Internet You-ve Probably Never Heard Of
Few people realize how much they depend on the Border Gateway Protocol (BGP) every day-a set of technical rules responsible for routing data efficiently.
https://www.cisa.gov/news-events/news/most-important-part-internet-youve-probably-never-heard
CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) have released a joint Cybersecurity Advisory (CSA), Threat Actors Exploiting Ivanti EPMM Vulnerabilities, in response to the active exploitation of CVE-2023-35078 and CVE-2023-35081 affecting Ivanti Endpoint Manager Mobile (EPMM) (formerly known as MobileIron Core).
https://www.cisa.gov/news-events/alerts/2023/08/01/cisa-and-international-partner-ncsc-no-release-joint-cybersecurity-advisory-threat-actors-exploiting
Vulnerabilities
K000135479: Overview of F5 vulnerabilities (August 2023)
On August 2, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.
https://my.f5.com/manage/s/article/K000135479
Security updates for Wednesday
Security updates have been issued by Debian (bouncycastle), Fedora (firefox), Red Hat (cjose, curl, iperf3, kernel, kernel-rt, kpatch-patch, libeconf, libxml2, mod_auth_openidc:2.3, openssh, and python-requests), SUSE (firefox, jtidy, libredwg, openssl, salt, SUSE Manager Client Tools, and SUSE Manager Salt Bundle), and Ubuntu (firefox).
https://lwn.net/Articles/940103/
IBM TRIRIGA Application Platform discloses use of Apache Xerces (CVE-2022-23437)
https://www.ibm.com/support/pages/node/7017724
IBM TRIRIGA Application Platform suseptable to clickjacking (CBE-2017-4015)
https://www.ibm.com/support/pages/node/7017716