Timeframe: Mittwoch 08-11-2023 18:00 - Donnerstag 09-11-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
Highly invasive backdoor snuck into open source packages targets developers
Packages downloaded thousands of times targeted people working on sensitive projects.
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
Visual Examples of Code Injection, (Thu, Nov 9th)
I spotted an interesting sample that perform this technique and I was able to collect -visible- information. The malware was delivered through a phishing email with a ZIP archive.
Google Play: Extra-Sicherheitsprüfungen sollen Apps vertrauenswürdiger machen
Ab sofort sind bestimmte Apps in Google Play mit einem neuen Banner gekennzeichnet, der mehr Sicherheit garantieren soll. Den Anfang machen einige VPN-Apps.
Spammers abuse Google Forms- quiz to deliver scams
Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.
GhostLocker - A -Work In Progress- RaaS
GhostSec, has introduced a novel Ransom-as-a-Service encryptor known as GhostLocker.
Security updates for Thursday
Security updates have been issued by Debian (cacti and chromium), Fedora (CuraEngine, podman, and rubygem-rmagick), Mageia (gnome-shell, openssl, and zlib), SUSE (salt), and Ubuntu (xrdp).
CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine (Severity: MEDIUM)
This issue is applicable only to Cortex XSOAR engines installed through the shell method that are running on a Linux operating system.
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
Drupal: GraphQL - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2023-051
Drupal: GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2023-050
Weidmüller: WIBU Vulnerability in multiple Products
Johnson Controls Quantum HD Unity
Hitachi Energy eSOMS
IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2023-3635, CVE-2023-28118)
IBM Security Guardium is affected by a denial of service vulnerability in Apache Struts (CVE-2023-34149)
Vulnerabilities in Linux Kernel, Samba, Golang, Curl, and openssl can affect IBM Spectrum Protect Plus
A vulnerability in Samba affects IBM Storage Scale SMB protocol access method (CVE-2022-2127)