Tageszusammenfassung - 14.03.2024

End-of-Day report

Timeframe: Mittwoch 13-03-2024 18:00 - Donnerstag 14-03-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

PixPirate Android malware uses new tactic to hide on phones

The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed.

https://www.bleepingcomputer.com/news/security/pixpirate-android-malware-uses-new-tactic-to-hide-on-phones/


Increase in the number of phishing messages pointing to IPFS and to R2 buckets, (Thu, Mar 14th)

Interesting trends do emerge from time to time. One such recent trend seems to be connected with an increased use of IPFS and R2 buckets to host phishing pages.

https://isc.sans.edu/diary/rss/30744


Breaking Down APT29-s Latest Tactics and How to Defend Against Them

Recently, the US National Security Agency (NSA) joined United Kingdom-s National Cyber Security Center (NCSC) in releasing an advisory detailing the recent TTPs (or tactics, techniques, and procedures) of the group known as APT29 (or, in other taxonomies of threat actors, Midnight Blizzard, the Dukes, and Cozy Bear).

https://orca.security/resources/blog/how-to-defend-against-apt29-cozy-bear-attacks/

Vulnerabilities

A patched Windows attack surface is still exploitable

In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.

https://securelist.com/windows-vulnerabilities/112232/


Security updates for Thursday

Security updates have been issued by Debian (chromium and openvswitch), Fedora (chromium, python-multipart, thunderbird, and xen), Mageia (java-17-openjdk and screen), Red Hat (.NET 7.0, .NET 8.0, kernel-rt, kpatch-patch, postgresql:13, and postgresql:15), Slackware (expat), SUSE (glibc, python-Django, python-Django1, sudo, and vim), and Ubuntu (expat, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-lowlatency, linux-raspi, python-cryptography, texlive-bin, and xorg-server).

https://lwn.net/Articles/965470/


Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints.

https://www.securityweek.com/kubernetes-vulnerability-allows-remote-code-execution-on-windows-endpoints/


Cisco schließt hochriskante Lücken in IOS XR

Cisco warnt vor SIcherheitslücken mit teils hohem Risiko im Router-Betriebssystem IOS XR. Updates stehen bereit.

https://heise.de/-9654542


Schnell upgraden: Problematische Sicherheitslücke in Apples GarageBand

Neue Funktionen liefert GarageBand 10.4.11 laut Apple nicht. Dafür steckt ein wichtiger Sicherheitsfix drin. Nutzer sollten die macOS-App schnell aktualisieren.

https://heise.de/-9654638


HP: Viele Laptops und PCs von Codeschmuggel-Lücke betroffen

Eine BIOS-Sicherheitsfunktion von HP-Laptops und -PCs kann von Angreifern umgangen werden. BIOS-Updates stehen bereit oder werden grad entwickelt.

https://heise.de/-9654678


VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

https://kb.cert.org/vuls/id/488902


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


Softing edgeConnector

https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13


Mitsubishi Electric MELSEC-Q/L Series

https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14


Delta Electronics DIAEnergie

https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12