[CERT-daily] Tageszusammenfassung - 08.01.2024

Mon Jan 8 18:08:21 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 05-01-2024 18:00 − Montag 08-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Post-Quanten-Kryptografie: Verschlüsselungsverfahren Kyber birgt Schwachstellen ∗∗∗
---------------------------------------------
Durch die Messung der für bestimmte Divisionsoperationen benötigten Rechenzeit lassen sich wohl geheime Kyber-Schlüssel rekonstruieren.
---------------------------------------------
https://www.golem.de/news/post-quanten-kryptografie-verschluesselungsverfahren-kyber-birgt-schwachstellen-2401-180910.html


∗∗∗ Suspicious Prometei Botnet Activity, (Sun, Jan 7th) ∗∗∗
---------------------------------------------
On the 31 Dec 2023, after trying multiple username/password combination, actor using IP 194.30.53.68 successfully loging to the honeypot and uploaded eight files where 2 of them are protected with a 7zip password (updates1.7z & updates2.7z). Some of these files have been identified to be related to the Prometei trojan by Virustotal.
---------------------------------------------
https://isc.sans.edu/diary/rss/30538


∗∗∗ Bypass Cognito Account Enumeration Controls ∗∗∗
---------------------------------------------
Amazon Cognito is a popular “sign-in as a service” offering from AWS. It allows developers to push the responsibility of developing authentication, sign up, and secure credential storage to AWS so they can instead focus on building their app. [..] This bypass was originally reported via a GitHub issue in July 2020 and Cognito is still vulnerable as of early 2024.
---------------------------------------------
https://hackingthe.cloud/aws/enumeration/bypass_cognito_user_enumeration_controls/


∗∗∗ Jetzt patchen! Attacken auf Messaging-Plattform Apache RocketMQ ∗∗∗
---------------------------------------------
Sicherheitsforscher beobachten zurzeit Angriffsversuche auf die Messaging- und Streaming-Plattform Apache RocketMQ. Sicherheitsupdates sind bereits seit Mai 2023 verfügbar.
---------------------------------------------
https://www.heise.de/-9590555


∗∗∗ Sicherheitsupdates: Schadcode- und DoS-Attacken auf Qnap NAS möglich ∗∗∗
---------------------------------------------
Angreifer können Netzwerkspeicher von Qnap ins Visier nehmen. Sicherheitspatches schaffen Abhilfe.
---------------------------------------------
https://www.heise.de/-9589870


∗∗∗ Die OAuth-Hintertür: Google wiegelt ab ∗∗∗
---------------------------------------------
Der Suchmaschinenriese Google sieht keine Sicherheitslücke in der durch Kriminelle ausgenutzten Schnittstelle, sie funktioniere wie vorgesehen.
---------------------------------------------
https://www.heise.de/-9589840


∗∗∗ NIST: No Silver Bullet Against Adversarial Machine Learning Attacks ∗∗∗
---------------------------------------------
NIST has published a report on adversarial machine learning attacks and mitigations, and cautioned that there is no silver bullet for these types of threats.
---------------------------------------------
https://www.securityweek.com/nist-no-silver-bullet-against-adversarial-machine-learning-attacks/


∗∗∗ Werbung für verlorene Pakete der Post für € 1,95 ist Betrug ∗∗∗
---------------------------------------------
Auf Facebook und im Facebook Messenger kursiert eine Werbung, die verloren gegangene Pakete der Post um € 1,95 verspricht. Die Werbung vermittelt den Eindruck, dass Angebot käme von der Post selbst. In den Paketen befinden sich angeblich hochpreisige Elektronikprodukte wie Laptops, Spielkonsolen oder Smartwatches. Dabei handelt es sich aber um eine betrügerische Werbung, die nichts mit der Österreichischen Post zu tun hat!
---------------------------------------------
https://www.watchlist-internet.at/news/werbung-fuer-verlorene-pakete-der-post-fuer-eur-195-ist-betrug/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices ∗∗∗
---------------------------------------------
Pentagrid identified several vulnerabilities in Lantronixs EDS-MD product during a penetration test. The EDS-MD is an IoT gateway for medical devices and equipment. The vulnerabilities include an authenticated command injection, cross-site request forgery, missing authentication for the AES-encrypted communication, cross-site scripting vulnerabilities, outdated software components, and more.
---------------------------------------------
https://www.pentagrid.ch/en/blog/multiple-vulnerabilties-in-lantronix-eds-md-iot-gateway/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (exim4), Fedora (chromium, perl-Spreadsheet-ParseExcel, python-aiohttp, python-pysqueezebox, and tinyxml), Gentoo (Apache Batik, Eclipse Mosquitto, firefox, R, Synapse, and util-linux), Mageia (libssh2 and putty), Red Hat (squid), SUSE (libxkbcommon), and Ubuntu (gnutls28).
---------------------------------------------
https://lwn.net/Articles/957146/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Qt: Security advisory: Potential Integer Overflow in Qts HTTP2 implementation ∗∗∗
---------------------------------------------
https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation


∗∗∗ BOSCH-SA-711465: Multiple vulnerabilities in Nexo cordless nutrunner ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-711465.html


∗∗∗ CISA Adds Six Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily