[CERT-daily] Tageszusammenfassung - 27.03.2024

Wed Mar 27 18:09:37 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 26-03-2024 18:00 − Mittwoch 27-03-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Ransomware as a Service and the Strange Economics of the Dark Web ∗∗∗
---------------------------------------------
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-as-a-service-and-the-strange-economics-of-the-dark-web/


∗∗∗ CISA tags Microsoft SharePoint RCE bug as actively exploited ∗∗∗
---------------------------------------------
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-sharepoint-rce-bug-as-actively-exploited/


∗∗∗ Row breaks out over true severity of two DNSSEC flaws ∗∗∗
---------------------------------------------
Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/03/26/software_risk_scores/


∗∗∗ Gefälschte Booking.com-Kontaktnummern locken in die Falle! ∗∗∗
---------------------------------------------
Nehmen Sie sich vor betrügerischen Telefonnummern in Acht, wenn Sie nach Booking.com Kontaktinfos googeln. Kriminelle erstellen Fake-Websites mit Booking-Logo und blenden Telefonnummern ein.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-bookingcom-kontaktnummern/


∗∗∗ Advanced Nmap Scanning Techniques ∗∗∗
---------------------------------------------
Beyond its fundamental port scanning capabilities, Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/advanced-nmap-scanning-techniques


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Hackers exploit Ray framework flaw to breach servers, hijack resources ∗∗∗
---------------------------------------------
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/


∗∗∗ Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions ∗∗∗
---------------------------------------------
A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users systems and carry out malicious actions.
---------------------------------------------
https://thehackernews.com/2024/03/microsoft-edge-bug-could-have-allowed.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (composer and nodejs), Fedora (w3m), Mageia (tomcat), Oracle (expat, firefox, go-toolset:ol8, grafana, grafana-pcp, nodejs:18, and thunderbird), Red Hat (dnsmasq, expat, kernel, kernel-rt, libreoffice, and squid), and SUSE (firefox, krb5, libvirt, and shadow).
---------------------------------------------
https://lwn.net/Articles/966835/


∗∗∗ Exposing a New BOLA Vulnerability in Grafana ∗∗∗
---------------------------------------------
Unit 42 researchers discovered CVE-2024-1313, a broken object level authorization (BOLA) vulnerability in open-source data visualization platform Grafana.
---------------------------------------------
https://unit42.paloaltonetworks.com/new-bola-vulnerability-grafana/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Cisco Security Advisories 2024-03-27 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2024%2F03%2F27&firstPublishedEndDate=2024%2F03%2F27&pageNum=1&isRenderingBugList=false


∗∗∗ Splunk Security Advisories ∗∗∗
---------------------------------------------
https://advisory.splunk.com/advisories


∗∗∗ Google Chrome: Kritische Schwachstelle bedroht Browser-Nutzer ∗∗∗
---------------------------------------------
https://heise.de/-9668035

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily