Tageszusammenfassung - 12.02.2024

End-of-Day report

Timeframe: Freitag 09-02-2024 18:00 - Montag 12-02-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

Free Rhysida ransomware decryptor for Windows exploits RNG flaw

South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.

https://www.bleepingcomputer.com/news/security/free-rhysida-ransomware-decryptor-for-windows-exploits-rng-flaw/

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

https://www.bleepingcomputer.com/news/security/hackers-exploit-ivanti-ssrf-flaw-to-deploy-new-dslog-backdoor/

Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot, (Mon, Feb 12th)

Today, I noticed the following URL showing up in our "First Seen" list: [...]

https://isc.sans.edu/diary/rss/30642

Microsoft Defender: Der Erkennung mit Komma entgehen

Ein IT-Forscher hat entdeckt, dass sich die Erkennung des Microsoft Defenders mit einem Komma austricksen lässt.

https://www.heise.de/-9625770.html

SiCat: Open-source exploit finder

SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits.

https://www.helpnetsecurity.com/2024/02/12/sicat-open-source-exploit-finder/

Warzone RAT Shut Down by Law Enforcement, Two Arrested

Warzone RAT dismantled in international law enforcement operation that also involved arrests of suspects in Malta and Nigeria.

https://www.securityweek.com/warzone-rat-shut-down-by-law-enforcement-two-arrested/

Diving Into Gluptebas UEFI Bootkit

A 2023 Glupteba campaign includes an unreported feature - a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved.

https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/

Bitdefender warnt vor neuer Backdoor für macOS

Sie bleibt vermutlich mindestens drei Monate unentdeckt. RustDoor erlaubt die gezielte Suche nach Daten und deren Übertragung an einen externen Server.

https://www.zdnet.de/88414203/bitdefender-warnt-vor-neuer-backdoor-fuer-macos/

Angreifer spoofen Temu

Die Popularität des E-Commerce-Shops lockt Betrüger, die sich auf gefälschte Werbegeschenkcodes spezialisieren.

https://www.zdnet.de/88414209/angreifer-spoofen-temu/

Vulnerabilities

ExpressVPN: Fehler führt zu ungeschützter Übertragung von DNS-Anfragen

Durch den Fehler können Drittanbieter potenziell nachverfolgen, welche Webseiten ExpressVPN-Nutzer besucht haben - trotz aktiver VPN-Verbindung.

https://www.golem.de/news/expressvpn-fehler-fuehrt-zu-ungeschuetzter-uebertragung-von-dns-anfragen-2402-182088.html

CISA Adds One Known Exploited Vulnerability to Catalog

CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability

https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

https://www.cisa.gov/news-events/alerts/2024/02/12/cisa-adds-one-known-exploited-vulnerability-catalog

Security updates for Monday

Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).

https://lwn.net/Articles/961842/

Mehrere Cross-Site Scripting Schwachstellen in Statamic CMS

https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-cross-site-scripting-schwachstellen-in-statamic-cms/

IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/