[CERT-daily] Tageszusammenfassung - 20.03.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 19-03-2024 18:00 − Mittwoch 20-03-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Misconfigured Firebase instances leaked 19 million plaintext passwords ∗∗∗
---------------------------------------------
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/misconfigured-firebase-instances-leaked-19-million-plaintext-passwords/


∗∗∗ Android malware, Android malware and more Android malware ∗∗∗
---------------------------------------------
In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.
---------------------------------------------
https://securelist.com/crimeware-report-android-malware/112121/


∗∗∗ Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th) ∗∗∗
---------------------------------------------
Late last week, an exploit surfaced on GitHub for CVE-2024-21762. This vulnerability affects Fortinet's FortiOS. A patch was released on February 8th. Owners of affected devices had over a month to patch.
---------------------------------------------
https://isc.sans.edu/diary/rss/30762


∗∗∗ Phishing im Namen der Österreichischen Gesundheitskasse ÖGK ∗∗∗
---------------------------------------------
Nehmen Sie sich vor betrügerischen E-Mails in Acht, die Sie im Namen der Österreichischen Gesundheitskasse ÖGK erhalten. Aktuell spielt man Ihnen vor, dass es eine ausstehende Rückerstattung für Sie gibt. Folgen Sie hier keinen Links und geben Sie keine Daten bekannt. Man versucht Ihnen Geld und Daten zu stehlen!
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-gesundheitskasse-oegk/


∗∗∗ Gotta Hack ‘Em All: Pokémon passwords reset after attack ∗∗∗
---------------------------------------------
Are you using the same passwords in multiple places online? Well, stop. Stop right now. And make sure that youve told your friends and family to stop being reckless too.
---------------------------------------------
https://www.bitdefender.com/blog/hotforsecurity/gotta-hack-em-all-pokemon-passwords-reset-after-attack/


∗∗∗ A prescription for privacy protection: Exercise caution when using a mobile health app ∗∗∗
---------------------------------------------
Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data.
---------------------------------------------
https://www.welivesecurity.com/en/privacy/prescription-privacy-protection-exercise-caution-mobile-health-app/


∗∗∗ Loop DoS: Verschiedene Netzwerkdienste leiden unter Protokoll-Endlosschleife ∗∗∗
---------------------------------------------
Unter den Diensten, die Sicherheitsforscher als Gefahr identifiziert haben, sind auch solche aus der Frühzeit des Internets. Nun sind Netzwerk-Admins gefragt.
---------------------------------------------
https://heise.de/-9660179



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fontforge and imagemagick), Fedora (firefox), Mageia (cherrytree, python-django, qpdf, and sqlite3), Red Hat (bind, cups, emacs, fwupd, gmp, kernel, libreoffice, libX11, nodejs, opencryptoki, postgresql-jdbc, postgresql:10, postgresql:13, and ruby:3.1), Slackware (gnutls and mozilla), and Ubuntu (firefox, linux, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, [...]
---------------------------------------------
https://lwn.net/Articles/966053/


∗∗∗ Netgear wireless router open to code execution after buffer overflow vulnerability ∗∗∗
---------------------------------------------
There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-roundup-march-20-2024/


∗∗∗ Atlassian: Patch-Reigen im März für Bamboo, Bitbucket, Confluence und Jira ∗∗∗
---------------------------------------------
Atlassian behandelt 25 Sicherheitslücken in Bamboo, Bitbucket, Confluence und Jira. Eine davon gilt als kritisch.
---------------------------------------------
https://heise.de/-9660075


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Command Injection in Bosch Network Synchronizer ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-152190-bt.html


∗∗∗ Security Update for Ivanti Neurons for ITSM ∗∗∗
---------------------------------------------
https://www.ivanti.com/blog/security-update-for-ivanti-neurons-for-itsm


∗∗∗ Security Update for Ivanti Standalone Sentry ∗∗∗
---------------------------------------------
https://www.ivanti.com/blog/security-update-for-ivanti-standalone-sentry


∗∗∗ Webbrowser Chrome: Google dichtet mehrere Sicherheitslecks ab ∗∗∗
---------------------------------------------
https://heise.de/-9659978

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily