End-of-Day report
Timeframe: Mittwoch 13-03-2024 18:00 - Donnerstag 14-03-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
PixPirate Android malware uses new tactic to hide on phones
The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed.
https://www.bleepingcomputer.com/news/security/pixpirate-android-malware-uses-new-tactic-to-hide-on-phones/
Increase in the number of phishing messages pointing to IPFS and to R2 buckets, (Thu, Mar 14th)
Interesting trends do emerge from time to time. One such recent trend seems to be connected with an increased use of IPFS and R2 buckets to host phishing pages.
https://isc.sans.edu/diary/rss/30744
Breaking Down APT29-s Latest Tactics and How to Defend Against Them
Recently, the US National Security Agency (NSA) joined United Kingdom-s National Cyber Security Center (NCSC) in releasing an advisory detailing the recent TTPs (or tactics, techniques, and procedures) of the group known as APT29 (or, in other taxonomies of threat actors, Midnight Blizzard, the Dukes, and Cozy Bear).
https://orca.security/resources/blog/how-to-defend-against-apt29-cozy-bear-attacks/
Vulnerabilities
A patched Windows attack surface is still exploitable
In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.
https://securelist.com/windows-vulnerabilities/112232/
Security updates for Thursday
Security updates have been issued by Debian (chromium and openvswitch), Fedora (chromium, python-multipart, thunderbird, and xen), Mageia (java-17-openjdk and screen), Red Hat (.NET 7.0, .NET 8.0, kernel-rt, kpatch-patch, postgresql:13, and postgresql:15), Slackware (expat), SUSE (glibc, python-Django, python-Django1, sudo, and vim), and Ubuntu (expat, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-lowlatency, linux-raspi, python-cryptography, texlive-bin, and xorg-server).
https://lwn.net/Articles/965470/
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints.
https://www.securityweek.com/kubernetes-vulnerability-allows-remote-code-execution-on-windows-endpoints/
Cisco schließt hochriskante Lücken in IOS XR
Cisco warnt vor SIcherheitslücken mit teils hohem Risiko im Router-Betriebssystem IOS XR. Updates stehen bereit.
https://heise.de/-9654542
Schnell upgraden: Problematische Sicherheitslücke in Apples GarageBand
Neue Funktionen liefert GarageBand 10.4.11 laut Apple nicht. Dafür steckt ein wichtiger Sicherheitsfix drin. Nutzer sollten die macOS-App schnell aktualisieren.
https://heise.de/-9654638
HP: Viele Laptops und PCs von Codeschmuggel-Lücke betroffen
Eine BIOS-Sicherheitsfunktion von HP-Laptops und -PCs kann von Angreifern umgangen werden. BIOS-Updates stehen bereit oder werden grad entwickelt.
https://heise.de/-9654678
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
https://kb.cert.org/vuls/id/488902
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Softing edgeConnector
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
Mitsubishi Electric MELSEC-Q/L Series
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
Delta Electronics DIAEnergie
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12