[CERT-daily] Tageszusammenfassung - 28.11.2024

Thu Nov 28 18:17:57 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 27-11-2024 18:00 − Donnerstag 28-11-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Zello asks users to reset passwords after security incident ∗∗∗
---------------------------------------------
Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zello-asks-users-to-reset-passwords-after-security-incident/


∗∗∗ Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday ∗∗∗
---------------------------------------------
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
---------------------------------------------
https://www.darkreading.com/application-security/sneaky-skimmer-malware-magento-sites-black-friday


∗∗∗ Microsoft-Sicherheitsfunktion "Administrator Protection" jetzt ausprobierbar ∗∗∗
---------------------------------------------
Microsoft will die Windows-Bedienung sicherer machen. "Administrator Protection" soll vor unbefugten Admin-Zugriffen schützen.
---------------------------------------------
https://www.heise.de/-10179558


∗∗∗ Vorsicht vor gefälschte Paketbenachrichtigungen ∗∗∗
---------------------------------------------
Sie erwarten ein Paket? Vorsicht ist geboten! Derzeit kursieren zahlreiche gefälschte Benachrichtigungen über den Lieferstatus von Bestellungen. Prüfen Sie daher Nachrichten von Paketdiensten genau, um nicht in eine Phishing- oder Abo-Falle zu tappen. Wir zeigen Ihnen, wie Sie gefälschte Nachrichten erkennen.
---------------------------------------------
https://www.watchlist-internet.at/news/falsche-paketbenachrichtigungen/


∗∗∗ Malicious NPM Package Exploits React Native Documentation Example ∗∗∗
---------------------------------------------
A recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happened when an npm package called “rtn-centered-text” exploited an example from React Native’s Fabric Native Components guide in an attempt to trick developers into downloading their package, putting systems at risk.
---------------------------------------------
https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/


∗∗∗ The Ultimate Handheld Hacking Device - My Experience with NetHunter ∗∗∗
---------------------------------------------
For those unfamiliar, Kali NetHunter is a version of Kali Linux that you can set up on your phone. There are several types of NetHunter setups, each determining the capabilities of your device.
---------------------------------------------
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslecks in Entwicklerwerkzeug Jenkins gestopft ∗∗∗
---------------------------------------------
In der Sicherheitsmitteilung listen die Jenkins-Entwickler drei verwundbare Add-ons auf. Am schwersten wiegt die Schwachstelle im Simple Queue Plug-in. Es versieht Namen von Views nicht mit Escape. Das mündet in einer Stored-Cross-Site-Scripting-Lücke, die Angreifer mit "View/Create"-Rechten missbrauchen können (CVE-2024-54003, CVSS 8.0, Risiko "hoch"). Den Fehler korrigieren die Plug-in-Version 1.4.5 sowie neuere.
---------------------------------------------
https://heise.de/-10180515


∗∗∗ Multiple Vulnerabilities in Fuji Electric Products ZDI-24-1614 - ZDI-24-1630 ∗∗∗
---------------------------------------------
Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ Drupal: Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2024-064


∗∗∗ ZABBIX: SQL injection in user.get API (CVE-2024-42327) Critical ∗∗∗
---------------------------------------------
https://support.zabbix.com/browse/ZBX-25623


∗∗∗ NVIDIA Security Bulletin: NVIDIA UFM Enterprise, UFM Appliance, UFM CyberAI - November 2024 ∗∗∗
---------------------------------------------
https://nvidia.custhelp.com/app/answers/detail/a_id/5584

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily