End-of-Day report
Timeframe: Montag 26-02-2024 18:00 - Dienstag 27-02-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost.
https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html
Achtung Betrug: Kriminelle locken mit gratis Spar-Geschenkkarten und Klimatickets
Aktuell kursieren gefälschte Gewinnspiele für kostenlose Spar-Geschenkkarten und Klimatickets. Die Angebote werden per E-Mail, in Sozialen Netzwerken oder per Direktnachricht auf Ihr Handy verbreitet. Die verlockenden Angebote dienen dazu, Ihnen persönliche Daten und Geld zu stehlen!
https://www.watchlist-internet.at/news/achtung-betrug-kriminelle-locken-mit-gratis-spar-geschenkkarten-und-klimatickets/
Booking.com refund request? It might be an Agent Tesla malware attack
Always be wary of opening unsolicited attachments - they might harbour malware.
https://grahamcluley.com/booking-com-refund-request-it-might-be-an-agent-tesla-malware-attack/
Phishing Malware That Sends Stolen Information Using Telegram API
Recently, several phishing scripts using Telegram are being distributed indiscriminately through keywords such as remittance and receipts.
https://asec.ahnlab.com/en/62177/
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html
Hunting PrivateLoader: The malware behind InstallsKey PPI service
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more.
https://www.bitsight.com/blog/hunting-privateloader-malware-behind-installskey-ppi-service
Februar-Sicherheitsupdates für Windows 11 können fehlschlagen
Microsoft arbeitet an der Lösung eines Problems, das die Installation der Februar-Sicherheitsupdates in Windows 11 verhindert.
https://heise.de/-9639866
Vulnerabilities
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges.
https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html
Security updates for Tuesday
Security updates have been issued by Debian (engrampa and libgit2), Fedora (libxls, perl-Spreadsheet-ParseXLSX, and wpa_supplicant), Gentoo (PyYAML), Mageia (packages and thunderbird), Red Hat (firefox, kernel, linux-firmware, thunderbird, and unbound), Slackware (openjpeg), SUSE (golang-github-prometheus-prometheus, installation-images, kernel, python-azure-core, python-azure-storage-blob, salt and python-pyzmq, SUSE Manager 4.2.11, SUSE Manager 4.3, SUSE Manager Server 4.2, and wayland), [...]
https://lwn.net/Articles/963805/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
XSA-451
https://xenbits.xen.org/xsa/advisory-451.html
Zyxel Patches Remote Code Execution Bug in Firewall Products
https://www.securityweek.com/zyxel-patches-remote-code-execution-bug-in-firewall-products/
Festo: Multiple vulnerabilities affect MES PC shipped with Windows 10
https://cert.vde.com/de/advisories/VDE-2023-065/
Nagios XI: Schwachstellen CVE-2024-24401 und CVE-2024-24402; PoC öffentlich
https://www.borncity.com/blog/2024/02/27/nagios-xi-schwachstellen-cve-2024-24401-und-cve-2024-24402-poc-ffentlich/
Mitsubishi Electric Multiple Factory Automation Products
https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01
Santesoft Sante DICOM Viewer Pro
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01
VMSA-2024-0005
https://www.vmware.com/security/advisories/VMSA-2024-0005.html