End-of-Day report
Timeframe: Freitag 09-02-2024 18:00 - Montag 12-02-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Free Rhysida ransomware decryptor for Windows exploits RNG flaw
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.
https://www.bleepingcomputer.com/news/security/free-rhysida-ransomware-decryptor-for-windows-exploits-rng-flaw/
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
https://www.bleepingcomputer.com/news/security/hackers-exploit-ivanti-ssrf-flaw-to-deploy-new-dslog-backdoor/
Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot, (Mon, Feb 12th)
Today, I noticed the following URL showing up in our "First Seen" list: [...]
https://isc.sans.edu/diary/rss/30642
Microsoft Defender: Der Erkennung mit Komma entgehen
Ein IT-Forscher hat entdeckt, dass sich die Erkennung des Microsoft Defenders mit einem Komma austricksen lässt.
https://www.heise.de/-9625770.html
SiCat: Open-source exploit finder
SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits.
https://www.helpnetsecurity.com/2024/02/12/sicat-open-source-exploit-finder/
Warzone RAT Shut Down by Law Enforcement, Two Arrested
Warzone RAT dismantled in international law enforcement operation that also involved arrests of suspects in Malta and Nigeria.
https://www.securityweek.com/warzone-rat-shut-down-by-law-enforcement-two-arrested/
Diving Into Gluptebas UEFI Bootkit
A 2023 Glupteba campaign includes an unreported feature - a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved.
https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/
Bitdefender warnt vor neuer Backdoor für macOS
Sie bleibt vermutlich mindestens drei Monate unentdeckt. RustDoor erlaubt die gezielte Suche nach Daten und deren Übertragung an einen externen Server.
https://www.zdnet.de/88414203/bitdefender-warnt-vor-neuer-backdoor-fuer-macos/
Angreifer spoofen Temu
Die Popularität des E-Commerce-Shops lockt Betrüger, die sich auf gefälschte Werbegeschenkcodes spezialisieren.
https://www.zdnet.de/88414209/angreifer-spoofen-temu/
Vulnerabilities
ExpressVPN: Fehler führt zu ungeschützter Übertragung von DNS-Anfragen
Durch den Fehler können Drittanbieter potenziell nachverfolgen, welche Webseiten ExpressVPN-Nutzer besucht haben - trotz aktiver VPN-Verbindung.
https://www.golem.de/news/expressvpn-fehler-fuehrt-zu-ungeschuetzter-uebertragung-von-dns-anfragen-2402-182088.html
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability
https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
https://www.cisa.gov/news-events/alerts/2024/02/12/cisa-adds-one-known-exploited-vulnerability-catalog
Security updates for Monday
Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).
https://lwn.net/Articles/961842/
Mehrere Cross-Site Scripting Schwachstellen in Statamic CMS
https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-cross-site-scripting-schwachstellen-in-statamic-cms/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/