[CERT-daily] Tageszusammenfassung - 22.03.2024

Daily end-of-shift report team at cert.at
Fri Mar 22 18:06:39 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 21-03-2024 18:00 − Freitag 22-03-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver ∗∗∗
---------------------------------------------
On the first day of Pwn2Own Vancouver 2024, contestants demoed 19 zero-day vulnerabilities in Windows 11, Tesla, Ubuntu Linux and other devices and software to win $732,500 and a Tesla Model 3 car.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-11-tesla-and-ubuntu-linux-hacked-at-pwn2own-vancouver/


∗∗∗ Darknet marketplace Nemesis Market seized by German police ∗∗∗
---------------------------------------------
The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the sites operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/darknet-marketplace-nemesis-market-seized-by-german-police/


∗∗∗ Mit gefälschten Keycards: Hacker können weltweit Millionen von Hoteltüren öffnen ∗∗∗
---------------------------------------------
Mehr als drei Millionen Türen in Hotels und Mehrfamilienhäusern sind anfällig für Angriffe mit gefälschten RFID-Schlüsselkarten. Teure Spezialausrüstung braucht es dafür nicht.
---------------------------------------------
https://www.golem.de/news/mit-gefaelschten-keycards-hacker-koennen-weltweit-millionen-von-hoteltueren-oeffnen-2403-183478.html


∗∗∗ Whois "geofeed" Data, (Thu, Mar 21st) ∗∗∗
---------------------------------------------
Attributing a particular IP address to a specific location is hard and often fails miserably.
---------------------------------------------
https://isc.sans.edu/diary/rss/30766


∗∗∗ Unterstützungsmail im Namen von Marlene Engelhorn ist Fake! ∗∗∗
---------------------------------------------
Derzeit kursieren zahlreiche E-Mails im Namen der österreichischen Millionärin Marlene Engelhorn: Angeblich will sie mit einem Teil ihres Erbes „aufstrebende Unternehmer und lokale Projekte“ unterstützen. Achtung: Hinter dieser E-Mail stecken Kriminelle. Antworten Sie daher auf keinen Fall.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-marlene-engelhorn/


∗∗∗ Large-Scale StrelaStealer Campaign in Early 2024 ∗∗∗
---------------------------------------------
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript.
---------------------------------------------
https://unit42.paloaltonetworks.com/strelastealer-campaign/


∗∗∗ “Pig butchering” is an evolution of a social engineering tactic we’ve seen for years ∗∗∗
---------------------------------------------
In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.
---------------------------------------------
https://blog.talosintelligence.com/threat-source-newsletter-march-21-2024/


∗∗∗ Sicherheit contra Offenheit – ein Kommentar zu Secure Boot ∗∗∗
---------------------------------------------
Secure Boot ist kompliziert, frickelig und wird von Microsoft dominiert. Stattdessen brauchen wir offene sichere Systeme, meint Christof Windeck.
---------------------------------------------
https://heise.de/-9659071



=====================
=  Vulnerabilities  =
=====================

∗∗∗ KDE advises extreme caution after theme wipes Linux users files ∗∗∗
---------------------------------------------
On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktops appearance.
---------------------------------------------
https://www.bleepingcomputer.com/news/linux/kde-advises-extreme-caution-after-theme-wipes-linux-users-files/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, pillow, and thunderbird), Fedora (apptainer, chromium, ovn, and webkitgtk), Mageia (apache-mod_auth_openidc, ffmpeg, fontforge, libuv, and nodejs-tough-cookie), Oracle (kernel, libreoffice, postgresql-jdbc, ruby:3.1, squid, and squid:4), Red Hat (go-toolset:rhel8 and libreoffice), SUSE (firefox, jbcrypt, trilead-ssh2, jsch-agent-proxy, kernel, tiff, and zziplib), and Ubuntu (linux-aws and openssl1.0).
---------------------------------------------
https://lwn.net/Articles/966415/


∗∗∗ Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect ∗∗∗
---------------------------------------------
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, we observed exploitation of Connectwise ScreenConnect CVE-2024-1709 by the same actor.
---------------------------------------------
https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect


∗∗∗ Microsoft schließt Sicherheitslücke in Xbox-Gaming-Dienst – nach Hickhack ∗∗∗
---------------------------------------------
Microsoft hat ein Sicherheitsleck im Xbox Gaming Service abgedichtet. Dem ging jedoch eine Diskussion voraus.
---------------------------------------------
https://heise.de/-9662746


∗∗∗ Kritische Sicherheitslücke in FortiClientEMS wird angegriffen ∗∗∗
---------------------------------------------
Eine kritische Schwachstelle in FortiClientEMS wird inzwischen aktiv angegriffen. Zudem ist ein Proof-of-Concept-Exploit öffentlich geworden.
---------------------------------------------
https://heise.de/-9662866


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list