End-of-Day report
Timeframe: Freitag 13-12-2024 18:00 - Montag 16-12-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Microsoft Update-Katalog: Kritische Lücke in Microsofts Webserver entdeckt
Angreifer konnten sich auf einem Webserver von Microsoft erweiterte Rechte verschaffen. Trotz versprochener Transparenz nennt der Konzern keine Details.
https://www.golem.de/news/microsoft-update-katalog-kritische-luecke-in-microsofts-webserver-entdeckt-2412-191742.html
Angriffe auf Citrix Netscaler Gateway: Hersteller gibt Hinweise zum Schutz
Seit Dezember 2024 gibt es ja massiven Angriffswellen Citrix Netscaler Gateways. [..] Nun hat Citrix reagiert, und gibt Tipps, wie sich Netscaler Gateways gegen die Angriffe - Weiterlesen -Quelle
https://www.borncity.com/blog/2024/12/15/angriffe-auf-citrix-netscaler-gateway-hersteller-gibt-hinweise-zum-schutz/
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker.
https://www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/
The Simple Math Behind Public Key Cryptography
The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.
https://www.wired.com/story/how-public-key-cryptography-really-works-using-only-simple-math/
NodeLoader Exposed: The Node.js Malware Evading Detection
Zscaler ThreatLabz discovered a malware campaign leveraging Node.js applications for Windows to distribute cryptocurrency miners and information stealers. We have named this malware family NodeLoader, since the attackers employ Node.js compiled executables to deliver second-stage payloads, including XMRig, Lumma, and Phemedrone Stealer.
https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection
Phishing-Nachricht -Ihr Konto wurde gesperrt- im Namen von Meta ignorieren!
Sie erhalten eine Nachricht von Meta, in der Ihnen mitgeteilt wird, dass Ihr Facebook- oder Instagram-Konto demnächst gesperrt wird. Um dies zu verhindern, müssen Sie auf einen Link klicken und Ihr Konto verifizieren. Aber Vorsicht: Es handelt sich um eine Phishing-Nachricht von Kriminellen, die Ihre Daten stehlen wollen!
https://www.watchlist-internet.at/news/phishing-nachricht-im-namen-von-meta/
Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation
Analysis of packer-as-a-service (PaaS) HeartCrypt reveals its use in over 2k malicious payloads across 45 malware families since its early 2024 appearance.
https://unit42.paloaltonetworks.com/packer-as-a-service-heartcrypt-malware/
CoinLurker: The Stealer Powering the Next Generation of Fake Updates
The evolution of fake update campaigns has advanced significantly with the emergence of CoinLurker, a sophisticated stealer designed to exfiltrate data while evading detection. Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyberattacks.
https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Secure Coding: CWE 1123 - Sich selbst modifizierenden Code vermeiden
Die Common Weakness Enumeration CWE-1123 warnt vor dem übermäßigen Einsatz von sich selbst modifizierendem Code. Java-Entwickler sollten mit Bedacht agieren.
https://heise.de/-10194617
CISA and EPA Warn: Internet-Exposed HMIs Pose Serious Cybersecurity Risks to Water Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) have jointly released a crucial fact sheet highlighting the cybersecurity risks posed by Internet-exposed Human Machine Interfaces (HMIs) in the Water and Wastewater Systems (WWS) sector.
https://thecyberexpress.com/exposed-human-machine-interfaces-in-wws/
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
This blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International.
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Tech Guide: Detecting NoviSpy spyware with AndroidQF and the Mobile Verification Toolkit (MVT)
Amnesty Security Lab has published Indicators of Compromise (IOCs) for the NoviSpy spyware application. This tutorial explains how to use AndroidQF Android Quick Forensics (androidqf) and Mobile Verification Toolkit (MVT) to examine an Android device for traces of these indicators.
https://securitylab.amnesty.org/latest/2024/12/tech-guide-detecting-novispy-spyware-with-androidqf-and-the-mobile-verification-toolkit-mvt/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (gst-plugins-base1.0, gstreamer1.0, and libpgjava), Fedora (bpftool, chromium, golang-x-crypto, kernel, kernel-headers, linux-firmware, pytest, python3.10, subversion, and thunderbird), Gentoo (NVIDIA Drivers), Oracle (kernel, perl-App-cpanminus:1.7044, php:7.4, php:8.1, php:8.2, postgresql, python3.11, python3.12, python3.9:3.9.21, python36:3.6, ruby, and ruby:2.5), SUSE (docker-stable, firefox-esr, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, kernel, python-Django, python312, and socat), and Ubuntu (mpmath).
https://lwn.net/Articles/1002338/
Siemens: SSA-928984 V1.0: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
https://cert-portal.siemens.com/productcert/html/ssa-928984.html