[CERT-daily] Tageszusammenfassung - 30.04.2024

Tue Apr 30 18:33:10 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-04-2024 18:00 − Dienstag 30-04-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Gefälschte SMS im Namen von Bundeskanzleramt ∗∗∗
---------------------------------------------
Vorsicht: Kriminelle geben sich als Bundeskanzleramt Österreich aus. In der SMS wird behauptet, dass eine Nachricht auf Sie wartet. Klicken Sie auf keinen Fall auf den Link, Sie werden auf eine gefälschte Webseite weitergeleitet.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-sms-im-namen-von-bundeskanzleramt/


∗∗∗ FBI warns of fake verification schemes targeting dating app users ∗∗∗
---------------------------------------------
The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. [..] It starts with fraudsters approaching victims on a dating app or site and developing a romantic rapport. This lays the ground for requesting to take the conversation outside the platform onto a supposedly safer communications tool. At this stage, the fraudster sends a link to the victim that will take them to a seemingly legitimate verification platform where the victim will have to verify they're not a sexual offender.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/


∗∗∗ Millions of Malicious Imageless Containers Planted on Docker Hub Over 5 Years ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. [..] Of the 4.79 million imageless Docker Hub repositories uncovered, 3.2 million of them are said to have been used as landing pages to redirect unsuspecting users to fraudulent sites as part of three broad campaigns.
---------------------------------------------
https://thehackernews.com/2024/04/millions-of-malicious-imageless.html


∗∗∗ The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen ∗∗∗
---------------------------------------------
McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages.
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-darkgate-menace-leveraging-autohotkey-attempt-to-evade-smartscreen/


∗∗∗ Chrome 124 macht TLS-Handshake kaputt ∗∗∗
---------------------------------------------
Google hat kürzlich seinen Google Chrome-Browser in der Version 124 veröffentlicht. Neben Schwachstellen haben die Entwickler auch etwas an der TLS-Verschlüsselung (X25519Kyber768-Schlüsselkapselung für TLS) geändert. Inzwischen gibt es aber Rückmeldungen von Nutzern, die sich darüber beklagen, dass diese Änderung das TLS-Handshake zu Webservern kaputt machen kann. Das betrifft auch auf Chromium basierende Browser wie den Edge 124.
---------------------------------------------
https://www.borncity.com/blog/2024/04/30/chrome-124-macht-tls-handshake-kaputt/


∗∗∗ Google Play blockiert mehr als 2 Millionen Trojaner-Apps – Tendenz steigend ∗∗∗
---------------------------------------------
Dank strengerer Sicherheitschecks sperrte Google 2023 knapp 2,3 Millionen böse Apps aus. Trotz gesteigerter Bemühungen schlüpfen aber immer noch welche durch.
---------------------------------------------
https://heise.de/-9703405


∗∗∗ CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure ∗∗∗
---------------------------------------------
New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. [..] The guidelines calls on management to act decisively on identified AI risks to enhance safety and security, ensuring that risk management controls are implemented and maintained to optimize the benefits of AI systems while minimizing adverse effects.
---------------------------------------------
https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (org-mode), Oracle (shim and tigervnc), Red Hat (ansible-core, avahi, buildah, container-tools:4.0, containernetworking-plugins, edk2, exfatprogs, fence-agents, file, freeglut, freerdp, frr, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, kernel, libjpeg-turbo, libnbd, LibRaw, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, mutt, openssl and openssl-fips-provider, osbuild and osbuild-composer, pam, pcp, pcs, perl, pmix, podman, python-jinja2, python3.11, python3.11-cryptography, python3.11-urllib3, qemu-kvm, qt5-qtbase, runc, skopeo, squashfs-tools, systemd, tcpdump, tigervnc, toolbox, traceroute, webkit2gtk3, wpa_supplicant, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), SUSE (docker, ffmpeg, ffmpeg-4, frr, and kernel), and Ubuntu (anope, freerdp3, and php7.0, php7.2, php7.4, php8.1).
---------------------------------------------
https://lwn.net/Articles/971740/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ ChromeOS: Long Term Support Channel Update for ChromeOS ∗∗∗
---------------------------------------------
http://chromereleases.googleblog.com/2024/04/long-term-support-channel-update-for_29.html


∗∗∗ [R1] Nessus Network Monitor 6.4.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2024-07


∗∗∗ Delta Electronics CNCSoft-G2 DOPSoft ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/icsa-24-121-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily