[CERT-daily] Tageszusammenfassung - 11.03.2024

Daily end-of-shift report team at cert.at
Mon Mar 11 18:42:37 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 08-03-2024 18:00 − Montag 11-03-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Fake Leather wallet app on Apple App Store is a crypto drainer ∗∗∗
---------------------------------------------
The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-leather-wallet-app-on-apple-app-store-is-a-crypto-drainer/


∗∗∗ What happens when you accidentally leak your AWS API keys? [Guest Diary], (Sun, Mar 10th) ∗∗∗
---------------------------------------------
As a college freshman taking my first computer science class, I wanted to create a personal project that would test my abilities and maybe have some sort of return. I saw a video online of someone who created a python script that emailed colleges asking for free swag to be shipped to him. I liked the idea and adapted it.
---------------------------------------------
https://isc.sans.edu/diary/rss/30730


∗∗∗ Check your email security, and protect your customers ∗∗∗
---------------------------------------------
Free online tool from the NCSC prevents cyber criminals using your email to conduct cyber attacks.
---------------------------------------------
https://www.ncsc.gov.uk/blog-post/cyes-protect-customers


∗∗∗ Leicht verdientes Geld auf Instagram? Vorsicht vor dieser Betrugsmasche ∗∗∗
---------------------------------------------
Sie erhalten eine Nachricht auf Instagram – angeblich von einer Künstlerin bzw. einem Künstler. Die Person behauptet, dass sie eines Ihrer Bilder auf Instagram als Vorlage für ein Gemälde nutzen möchte. Sie bekommen dafür angeblich 500 Euro. Gehen Sie nicht auf dieses Angebot ein, Sie werden betrogen!
---------------------------------------------
https://www.watchlist-internet.at/news/leicht-verdientes-geld-auf-instagram-vorsicht-vor-dieser-betrugsmasche/


∗∗∗ Misconfiguration Manager: Overlooked and Overprivileged ∗∗∗
---------------------------------------------
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. We’re also presenting this material at SO-CON 2024 on March 11, 2024. We’ll update this post with a link to the recording when it becomes available.
---------------------------------------------
https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d


∗∗∗ Ransomware tracker: The latest figures [March 2024] ∗∗∗
---------------------------------------------
Note: this Ransomware Tracker is updated on the second Sunday of each month to stay current.
---------------------------------------------
https://therecord.media/ransomware-tracker-the-latest-figures


∗∗∗ Kritische Schwachstelle (CVE-2024-1403) in Progress OpenEdge Authentication Gateway/AdminServer – PoC öffentlich ∗∗∗
---------------------------------------------
Es gibt eine kritische Schwachstelle (CVE-2024-1403) in diesem Produkt (CVSS 10.0), die die Umgehung der Authentifizierung ermöglicht. Nun ist ein Exploit zur Ausnutzung dieser Schwachstelle bekannt geworden.
---------------------------------------------
https://www.borncity.com/blog/2024/03/11/kritische-schwachstelle-cve-2024-1403-in-progress-openedge-authentication-gateway-adminserver-poc-ffentlich/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin ∗∗∗
---------------------------------------------
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
---------------------------------------------
https://www.wordfence.com/blog/2024/03/unauthenticated-stored-xss-vulnerability-patched-in-ultimate-member-wordpress-plugin/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libuv1, nss, squid, tar, tiff, and wordpress), Fedora (chromium, exercism, grub2, qpdf, and wpa_supplicant), Oracle (edk2 and opencryptoki), and SUSE (cpio, openssl-1_0_0, openssl-1_1, openssl-3, sudo, tomcat, and xen).
---------------------------------------------
https://lwn.net/Articles/965032/


∗∗∗ ArubaOS: Sicherheitslücken erlauben Befehlsschmuggel ∗∗∗
---------------------------------------------
HPE Aruba warnt vor zum Teil hochriskanten Sicherheitslücken im Betriebssystem ArubaOS für Switches aus dem Hause. Mehrere gelten als hohes Risiko und erlauben das Einschmuggeln von Befehlen.
---------------------------------------------
https://heise.de/-9650985


∗∗∗ Qnap hat teils kritische Lücken in seinen Betriebssystemen geschlossen ∗∗∗
---------------------------------------------
Qnap hat Warnungen vor Sicherheitslücken in QTS, QuTS Hero und QuTScloud veröffentlicht. Aktualisierte Firmware dichtet sie ab.
---------------------------------------------
https://heise.de/-9650933


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list