Timeframe: Donnerstag 09-11-2023 18:00 - Freitag 10-11-2023 18:00
Handler: Thomas Pribitzer
Ducktail fashion week
The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers.
Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th)
The threat actor attempts to add my honeypot into a botnet so the threat actor can carry out DDoS attacks. The vulnerabilities used for the attack were default credentials and CVE-2017-17215. To prevent these attacks, make sure systems are patched and using strong credentials.
Malware: Mehr als 600 Millionen Downloads 2023 in Google Play
Kaspersky hat in diesem Jahr bereits mehr als 600 Millionen Malware-Downloads aus dem Google-Play-Store gezählt. Der bleibt aber sicherste Paketquelle.
Demystifying Cobalt Strike-s -make_token- Command
Cobalt Strike provides the make_token command to achieve a similar result to runas /netonly.
High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites
Clickbait articles are highlighted in this article. A jump in compromised sites exploiting CVE-2023-3169 stresses the danger of web-based threats.
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Security updates for Friday
Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), [...]
Multiple Vulnerabilities in QuMagie
Vulnerability in QTS, QuTS hero, and QuTScloud
AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python
Multiple vulnerabilities in Eclipse Jetty affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow
The IBM Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597
Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.
IBM QRadar SIEM contains multiple vulnerabilities
Ivanti Secure Access Client security notifications