Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 22.11.2024
by Daily end-of-shift report 22 Nov '24

22 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-11-2024 18:00 − Freitag 22-11-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Ransomgroup Helldown: Attacks on Zyxel Devices ∗∗∗ --------------------------------------------- SEC Consult has observed a rise of attacks on Zyxel firewalls over the past two months affecting Zyxel ATP firewall (version 5.38 and above - i.e. we have seen successful attacks also on fully patched Zyxel ATP version 5.39 firewalls). [..] We write this blogpost to highlight the need to remain vigilant and monitor activity on the Zyxel Firewalls, especially since there seems to be no official patch from the vendor as of the time of this blog post. --------------------------------------------- https://sec-consult.com/blog/detail/ransomgroup-helldown-attacks-on-zyxel-d… ∗∗∗ Angriffe auf Citrix-Sicherheitslücke beobachtet ∗∗∗ --------------------------------------------- In der vergangenen Woche hat Citrix Sicherheitslücken im Session Recording geschlossen. Nun haben IT-Forscher Angriffe darauf beobachtet. --------------------------------------------- https://www.heise.de/-10100614 ∗∗∗ Fintech Giant Finastra Investigating Data Breach ∗∗∗ --------------------------------------------- Finastra, which provides software and services to 45 of the worlds top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. --------------------------------------------- https://it.slashdot.org/story/24/11/21/2043251/fintech-giant-finastra-inves… ∗∗∗ Heres what happens if you dont layer network security – or remove unused web shells ∗∗∗ --------------------------------------------- The US Cybersecurity and Infrastructure Agency often breaks into critical organizations' networks – with their permission, of course – to simulate real-world cyber attacks and thereby help improve their security. [..] In a Thursday blog post, the Agency (CISA) detailed the exercise and opined they "illuminate lessons learned for network defenders and software manufacturers about how to respond to and reduce risk." In other words: give it a read and learn from this critical infrastructure organization's mistakes – and the things it did well – to keep real criminals out of your IT environment. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/11/22/cisa_red_tea… ∗∗∗ Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples ∗∗∗ --------------------------------------------- We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. --------------------------------------------- https://unit42.paloaltonetworks.com/unique-popular-techniques-lateral-movem… ∗∗∗ UK drinking water supplies disrupted by record number of undisclosed cyber incidents ∗∗∗ --------------------------------------------- A record number of cyber incidents impacted Britain’s critical drinking water supplies this year without being publicly disclosed, according to information obtained by Recorded Future News. --------------------------------------------- https://therecord.media/uk-drinking-water-infrastructure-cyber-incident-rep… ∗∗∗ A Bag of RATs: VenomRAT vs. AsyncRAT ∗∗∗ --------------------------------------------- Remote access tools (RATs) have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. [..] This comparison explores the core technical differences between VenomRAT and AsyncRAT by analyzing their architecture, capabilities, and tactics. --------------------------------------------- https://www.rapid7.com/blog/post/2024/11/21/a-bag-of-rats-venomrat-vs-async… ∗∗∗ Looking at the Attack Surfaces of the Kenwood DMX958XR IVI ∗∗∗ --------------------------------------------- In our previous Kenwood DMX958XR blog post, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of each PCB. In this post, we aim to outline the attack surface of the DMX958XR in the hopes of providing inspiration for vulnerability research. --------------------------------------------- https://www.thezdi.com/blog/2024/11/20/looking-at-the-attack-surfaces-of-th… ===================== = Vulnerabilities = ===================== ∗∗∗ QNAP Security Advisories 2024-11-23 ∗∗∗ --------------------------------------------- QNAP released 8 security advisories: 5x important, 3x moderate --------------------------------------------- https://www.qnap.com/en-us/security-advisories ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (postgresql-13, postgresql-15, and webkit2gtk), Fedora (libsndfile, microcode_ctl, and trafficserver), Mageia (kanboard, kernel, kmod-xtables-addons, kmod-virtualbox, and bluez, kernel-linus, opendmarc, and radare2), Oracle (.NET 9.0, bubblewrap and flatpak, buildah, expat, firefox, grafana, grafana-pcp, kernel, krb5, libsoup, libvpx, NetworkManager-libreswan, openexr, pcp, python3.11, python3.11-urllib3, python3.12, python3.9, squid, thunderbird, tigervnc, and webkit2gtk3), Red Hat (.NET 9.0, binutils, expat, grafana-pcp, kernel, libsoup, NetworkManager-libreswan, openexr, python3.11, python3.12, python39:3.9, squid, tigervnc, and webkit2gtk3), SUSE (chromedriver, cobbler, govulncheck-vulndb, and icinga2), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8, python2.7, and zbar). --------------------------------------------- https://lwn.net/Articles/999102/ ∗∗∗ ZDI-24-1605: Adobe InDesign JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1605/ ∗∗∗ ZDI-24-1606: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1606/ ∗∗∗ ZDI-24-1613: Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1613/ ∗∗∗ SSA-354569 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-354569.html ∗∗∗ NVIDIA affected by a Critical vulnerability CVE-2024-0138 ∗∗∗ --------------------------------------------- https://thecyberthrone.in/2024/11/22/nvidia-affected-by-a-critical-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2024
by Daily end-of-shift report 21 Nov '24

21 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-11-2024 18:00 − Donnerstag 21-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Fortinet VPN design flaw hides successful brute-force attacks ∗∗∗ --------------------------------------------- A design flaw in the Fortinet VPN servers logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fortinet-vpn-design-flaw-hid… ∗∗∗ Wegen Sicherheitslücke: D-Link drängt auf Entsorgung älterer Router ∗∗∗ --------------------------------------------- Mehrere D-Link-Router, von denen einige erst vor wenigen Monaten den EOL-Status erreicht haben, sind angreifbar. Patches gibt es nicht. --------------------------------------------- https://www.golem.de/news/wegen-sicherheitsluecke-d-link-draengt-auf-entsor… ∗∗∗ Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation ∗∗∗ --------------------------------------------- Authored by: M. Authored by: M, Mohanasundaram and Neil Tyagi In today’s rapidly evolving cyber landscape, malware threats .. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lumma-stealer-on-the-r… ∗∗∗ Azure Key Vault Tradecraft with BARK ∗∗∗ --------------------------------------------- This post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment. --------------------------------------------- https://posts.specterops.io/azure-key-vault-tradecraft-with-bark-24163abc8d… ∗∗∗ “Free Hugs” – What to be Wary of in Hugging Face – Part 2 ∗∗∗ --------------------------------------------- Enjoy Threat Modeling? Try Threats in Models! Previously… In part 1 of this 4-part blog, we discussed Hugging Face, the potentially dangerous trust relationship between Hugging Face users and the ReadMe file, exploiting users who .. --------------------------------------------- https://checkmarx.com/blog/free-hugs-what-to-be-wary-of-in-hugging-face-par… ∗∗∗ New Report Reveals Hidden Risks: How Internet-Exposed Systems Threaten Critical Infrastructure ∗∗∗ --------------------------------------------- A new Censys report found 145,000 exposed ICSs and thousands of insecure human-machine interfaces (HMIs), providing attackers with an accessible path to disrupt critical operations. Real-world examples underscore the danger, with Iranian and Russian-backed hackers exploiting HMIs to manipulate water systems in Pennsylvania and Texas. GreyNoise research .. --------------------------------------------- https://www.greynoise.io/blog/new-report-reveals-hidden-risks-how-internet-… ∗∗∗ Finding Bugs in Chrome with CodeQL ∗∗∗ --------------------------------------------- This blog post discusses how to use a static analysis tool called CodeQL to search for vulnerabilities in Chrome. --------------------------------------------- https://bughunters.google.com/blog/5085111480877056/finding-bugs-in-chrome-… ∗∗∗ Spelunking in Comments and Documentation for Security Footguns ∗∗∗ --------------------------------------------- Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. We cover officially documented, or at least previously discussed, code functionality that could unexpectedly introduce vulnerabilities. Well-documented behavior is not always what it appears! --------------------------------------------- https://blog.includesecurity.com/2024/11/spelunking-in-comments-and-documen… ∗∗∗ Azure Detection Engineering: Log idiosyncrasies you should know about ∗∗∗ --------------------------------------------- We share a few inconsistencies found in Azure logs which make detection engineering more challenging. --------------------------------------------- https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-yo… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, NetworkManager-libreswan, and openssl), Fedora (chromium and llvm-test-suite), Mageia (thunderbird), and Ubuntu (linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,, linux-azure, and ruby2.7). --------------------------------------------- https://lwn.net/Articles/998949/ ∗∗∗ Progress Kemp LoadMaster OS Command Injection Vulnerability ∗∗∗ --------------------------------------------- FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks --------------------------------------------- https://fortiguard.fortinet.com/outbreak-alert/kemp-loadmaster-os-command-i… ∗∗∗ ZDI-24-1532: 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1532/ ∗∗∗ Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2024-008 ∗∗∗ Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2024-007 ∗∗∗ Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2024-005 ∗∗∗ Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2024-004 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2024-003 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2024-003 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2024
by Daily end-of-shift report 20 Nov '24

20 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-11-2024 18:00 − Mittwoch 20-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Bigger and badder: how DDoS attack sizes have evolved over the last decade ∗∗∗ --------------------------------------------- If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps). --------------------------------------------- https://blog.cloudflare.com/bigger-and-badder-how-ddos-attack-sizes-have-ev… ∗∗∗ Kein Angriff auf Idev-Portal: Destatis weist Schuld für Datenleck von sich ∗∗∗ --------------------------------------------- Das Statistische Bundesamt hat sein Idev-Portal untersucht. Von Hackern erbeutete Daten sollen bei den meldenden Unternehmen abgeflossen sein. --------------------------------------------- https://www.golem.de/news/kein-cyberangriff-auf-meldesystem-destatis-weist-… ∗∗∗ Inside the Threat: Ein Blick hinter die Kulissen zur Abwehr einer aktiven Bedrohung ∗∗∗ --------------------------------------------- Früherkennung und proaktive Untersuchung können einen Ransomware-Angriff im Keim ersticken. Ein aktueller realer Fall, zeigt, wie es funktioniert. --------------------------------------------- https://sec-consult.com/de/blog/detail/inside-the-threat-ein-blick-hinter-d… ∗∗∗ Decades-Old Security Vulnerabilities Found in Ubuntus Needrestart Package ∗∗∗ --------------------------------------------- Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user .. --------------------------------------------- https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html ∗∗∗ Yubikey-Seitenkanal: Weitere Produkte für Cloning-Attacke anfällig ∗∗∗ --------------------------------------------- Die Seitenkanal-Lücke EUCLEAK wurde auch als "Yubikey-Cloning-Attacke" bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren. --------------------------------------------- https://www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anf… ∗∗∗ Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware ∗∗∗ --------------------------------------------- Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased —affecting critical sectors. --------------------------------------------- https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-… ∗∗∗ Looking at the Internals of the Kenwood DMX958XR IVI ∗∗∗ --------------------------------------------- For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of .. --------------------------------------------- https://www.thezdi.com/blog/2024/11/18/looking-at-the-internals-of-the-kenw… ∗∗∗ Critical Vulnerabilities in vCenter Server Exploited in the Wild ∗∗∗ --------------------------------------------- CVE CVE-2024-38813CVE-2024-38812 Affected Products VMware vCenter Server VMware Cloud Foundation Exploitation Broadcom has confirmed exploitation of these vulnerabilities[1]. The CVE has not been .. --------------------------------------------- https://www.truesec.com/hub/blog/critical-vulnerabilities-in-vcenter-server… ∗∗∗ Malicious QR Codes: How big of a problem is it, really? ∗∗∗ --------------------------------------------- QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. --------------------------------------------- https://blog.talosintelligence.com/malicious_qr_codes/ ∗∗∗ Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming ∗∗∗ --------------------------------------------- Aqua Nautilus’ research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams. --------------------------------------------- https://hackread.com/hackers-exploit-misconfigured-jupyter-servers-sports-s… ∗∗∗ Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 ∗∗∗ --------------------------------------------- It'll be no surprise that 2024, 2023, 2022, and every other year of humanities existence has been tough for SSLVPN appliances. Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks .. --------------------------------------------- https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve… ∗∗∗ Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory ∗∗∗ --------------------------------------------- In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection. --------------------------------------------- https://www.nccgroup.com/us/research-blog/defending-your-directory-an-exper… ∗∗∗ Let’s Encrypt: Ten Years ∗∗∗ --------------------------------------------- Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch? --------------------------------------------- https://letsencrypt.org/2014/11/18/announcing-lets-encrypt/ ∗∗∗ Achieving NIST CSF 2.0 Compliance: Best Practices ∗∗∗ --------------------------------------------- Cybersecurity is an ever-growing concern in today’s digital era. With the rise of cyberattacks and data breaches, organizations must adopt best practices to safeguard their sensitive information. One of the leading frameworks guiding organizations in securing their digital assets is the NIST CSF 2.0 by National Institute of Standards and .. --------------------------------------------- https://fortbridge.co.uk/regulations/achieving-nist-csf-2-0-compliance-with… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-5815-1 needrestart - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2024/msg00229.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2024
by Daily end-of-shift report 19 Nov '24

19 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Montag 18-11-2024 18:00 − Dienstag 19-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Spotify abused to promote pirated software and game cheats ∗∗∗ --------------------------------------------- Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pi… ∗∗∗ New Helldown Ransomware Variant Expands Attacks to VMware and Linux Systems ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus."Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia .. --------------------------------------------- https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.h… ∗∗∗ Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble ∗∗∗ --------------------------------------------- If you didnt fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short. --------------------------------------------- https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/ ∗∗∗ Veritas Enterprise Vault: Kritische Codeschmuggel-Lücken in Archivsoftware ∗∗∗ --------------------------------------------- In Vertias Enterprise Vault können Angreifer kritische Lücke zum Einschleusen von Schadcode missbrauchen. --------------------------------------------- https://www.heise.de/news/Veritas-Enterprise-Vault-Kritische-Codeschmuggel-… ∗∗∗ Kritische Palo-Alto-Lücke: Details und Patches sind da, CISA warnt vor Exploit ∗∗∗ --------------------------------------------- Fast drei Wochen nach ersten Exploit-Gerüchten hat der Hersteller nun endlich reagiert, trickst aber. Derweil warnt die US-Cyberbehörde vor Angriffen. --------------------------------------------- https://www.heise.de/news/Kritische-Palo-Alto-Luecke-Patches-sind-da-CISA-w… ∗∗∗ FreeBSD Foundation releases Bhyve and Capsicum security audit ∗∗∗ --------------------------------------------- The FreeBSD Foundation has announced the release of a security audit report conducted by security firm Synacktiv. The audit uncovered a number of vulnerabilities: Most of these vulnerabilities have been addressed through official FreeBSD Project security advisories, which offer detailed information about each vulnerability, its impact, and the measures .. --------------------------------------------- https://lwn.net/Articles/998615/ ∗∗∗ FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications ∗∗∗ --------------------------------------------- We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. --------------------------------------------- https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/ ∗∗∗ The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation ∗∗∗ --------------------------------------------- In the previous post, we introduced the concept of Third-Party Risk Management (TPRM) and its importance in today’s interconnected world. Now, let us have a look at the practical aspects of building a solid TPRM program and why it is important for your company. 1. Start with a Third-Party Inventory The first step in building .. --------------------------------------------- https://blog.nviso.eu/2024/11/19/the-importance-of-establishing-a-solid-thi… ∗∗∗ Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden ∗∗∗ --------------------------------------------- A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked .. --------------------------------------------- https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/ ∗∗∗ Threat Actors Hijack Misconfigured Servers for Live Sports Streaming ∗∗∗ --------------------------------------------- To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new .. --------------------------------------------- https://blog.aquasec.com/threat-actors-hijack-misconfigured-servers-for-liv… ∗∗∗ Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 ∗∗∗ --------------------------------------------- Note: Since this is breaking news and more details are being released, were updating this .. --------------------------------------------- https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve… ∗∗∗ NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates ∗∗∗ --------------------------------------------- CVEs awaiting analysis by the NVD have broken the 20,000 mark, after the security community noticed its enrichment activity slowed to nearly a halt again last week. NIST failed to meet its self-imposed deadline of .. --------------------------------------------- https://socket.dev/blog/nvd-backlog-tops-20-000-cves ∗∗∗ Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets ∗∗∗ --------------------------------------------- In October 2024, Socket discovered a widespread npm malware campaign using Ethereum smart contracts to evade detection and maintain control over infected systems. Building on our initial research and equipped with analyses of the .. --------------------------------------------- https://socket.dev/blog/exploiting-npm-to-build-a-blockchain-powered-botnet ∗∗∗ Extending Burp Suite for fun and profit – The Montoya way – Part 7 ∗∗∗ --------------------------------------------- Last time we saw how to develop an extension that will add custom active and passive checks to the Burp Scanner. Today we will modify that extension to detect serialization issues using .. --------------------------------------------- https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-t… ∗∗∗ U.S. Extradites and Charges Alleged Phobos Ransomware Admin ∗∗∗ --------------------------------------------- The United States secured the extradition of a Russian national from South Korea who is allegedly the mastermind behind the notorious Phobos ransomware. Evgenii Ptitsyn, 42, is accused of administering the Phobos .. --------------------------------------------- https://thecyberexpress.com/us-charges-alleged-phobos-ransomware-admin/ ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-24-1516: Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-51503. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1516/ ∗∗∗ ZDI-24-1517: McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-49592. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1517/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, .. --------------------------------------------- https://lwn.net/Articles/998755/ ∗∗∗ Oracle Security Alert for CVE-2024-21287 - 18 November 2024 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2024-21287.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.11.2024
by Daily end-of-shift report 18 Nov '24

18 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-11-2024 18:00 − Montag 18-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Honeypot: Forscher veralbert Scriptkiddies mit Fake-Ransomware ∗∗∗ --------------------------------------------- Ein Tool namens Jinn sollte Ransomware-Angriffe vereinfachen. Tatsächlich war das ein Honeypot, auf den so einige Akteure reingefallen sind. --------------------------------------------- https://www.golem.de/news/honeypot-forscher-veralbert-scriptkiddies-mit-fak… ∗∗∗ Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? ∗∗∗ --------------------------------------------- A blog detailing in-depth research into women in Russian-speaking cybercrime. --------------------------------------------- https://www.sans.org/blog/women-in-russian-speaking-cybercrime-mythical-cre… ∗∗∗ DORA-Kernthemen meistern: Ein Deep Dive in Incident Management ∗∗∗ --------------------------------------------- In diesem Blogbeitrag befassen wir uns mit den Anforderungen an DORA Incident Management. --------------------------------------------- https://sec-consult.com/de/blog/detail/dora-kernthemen-meistern-ein-deep-di… ∗∗∗ Swiss cheesed off as postal service used to spread malware ∗∗∗ --------------------------------------------- QR codes arrive via an age-old delivery system Switzerlands National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the countrys postal service. --------------------------------------------- https://www.theregister.com/2024/11/16/swiss_malware_qr/ ∗∗∗ WTF: Sicherheitsforscher finden beim Nachstellen einer Lücke drei neue ∗∗∗ --------------------------------------------- Als die Watchtowr Labs-Forscher die Lücke im FortiManager nachprüfen wollten, fanden sie weitere Fehler und unvollständige Fixes. --------------------------------------------- https://www.heise.de/news/Sicherheitsforscher-finden-beim-Nachstellen-einer… ∗∗∗ T-Mobile von chinesischem Cyberangriff betroffen ∗∗∗ --------------------------------------------- Laut einem Bericht konnten die Hacker in mehrere Telekommunikationsunternehmen in den USA wie auch international eindringen --------------------------------------------- https://www.derstandard.at/story/3000000245232/t-mobile-von-chinesischem-cy… ∗∗∗ Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 ∗∗∗ --------------------------------------------- We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations. --------------------------------------------- https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ ∗∗∗ Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen ∗∗∗ --------------------------------------------- Seit heute Früh sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke sind uns zurzeit nicht bekannt, Hinweise für eine hacktivistische Motivation liegen jedoch vor. In Anbetracht der aktuellen Geschehnisse .. --------------------------------------------- https://www.cert.at/de/aktuelles/2024/11/ddos-angriffe-november-2024 ∗∗∗ BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA ∗∗∗ --------------------------------------------- KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinets Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the .. --------------------------------------------- https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlien… ∗∗∗ Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices ∗∗∗ --------------------------------------------- In this blog entry, we discuss Water Barghests exploitation of IoT devices, transforming them into profitable assets through advanced automation and monetization techniques. --------------------------------------------- https://www.trendmicro.com/en_us/research/24/k/water-barghest.html ∗∗∗ What To Use Instead of PGP ∗∗∗ --------------------------------------------- It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing .. --------------------------------------------- https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/ ∗∗∗ TPM-Backed SSH Keys on Windows 11 ∗∗∗ --------------------------------------------- On my MacBook, I’ve been using using TPM/security key-based SSH keys for years since it’s where I do the most development and the software support is good. Secretive is a decent app I can vouch for. Before that, I was .. --------------------------------------------- https://cedwards.xyz/tpm-backed-ssh-keys-on-windows-11/ ∗∗∗ Reverse Engineering iOS 18 Inactivity Reboot ∗∗∗ --------------------------------------------- iOS 18 introduced a new inactivity reboot security feature. What does it protect from and how does it work? This blog post covers all the details down to a kernel extension and the Secure Enclave Processor. --------------------------------------------- https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivit… ∗∗∗ Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction ∗∗∗ --------------------------------------------- A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files. --------------------------------------------- https://socket.dev/blog/malicious-npm-package-exploits-whatsapp-authenticat… ∗∗∗ Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability ∗∗∗ --------------------------------------------- On October 7, 2024, information about a serious vulnerability in Redis, identified as CVE-2024-31449, was published. This vulnerability allows an authenticated user to execute remote code using specially .. --------------------------------------------- https://redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (binutils, libsoup, squid:4, tigervnc, and webkit2gtk3), Debian (icinga2, postgresql-13, postgresql-15, smarty3, symfony, thunderbird, and waitress), Fedora (dotnet9.0, ghostscript, microcode_ctl, php-bartlett-PHP-CompatInfo, python-waitress, and webkitgtk), Gentoo (Perl, Pillow, and X.Org X server, XWayland), .. --------------------------------------------- https://lwn.net/Articles/998570/ ∗∗∗ CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) (Severity: CRITICAL) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2024-0012 ∗∗∗ CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2024-9474 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2024
by Daily end-of-shift report 15 Nov '24

15 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-11-2024 18:00 − Freitag 15-11-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Diese dummen Passwörter werden am häufigsten verwendet ∗∗∗ --------------------------------------------- Sind eure Accounts gut geschützt? Werft zur Sicherheit einen Blick auf diese Liste - hoffentlich fühlt ihr euch nicht ertappt. --------------------------------------------- https://futurezone.at/digital-life/dumme-passwoerter-oesterreich-internatio… ∗∗∗ Cyberangriff auf Destatis: Hacker erbeuten Firmendaten des Statistischen Bundesamtes ∗∗∗ --------------------------------------------- Der 3,8 GBytes große Datensatz bietet Zugriff auf von Unternehmen gemeldete Informationen. Das attackierte System wurde erst kürzlich modernisiert. --------------------------------------------- https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmend… ∗∗∗ MacOS 15.1: Apple patcht Drittanbieter-Firewalls kaputt ∗∗∗ --------------------------------------------- Wer unter MacOS 15.1 Drittanbieter-Firewalls wie Little Snitch verwendet, könnte auf Probleme stoßen. Filterregeln bleiben je nach Konfiguration wirkungslos. --------------------------------------------- https://www.golem.de/news/macos-15-1-apple-patcht-drittanbieter-firewalls-k… ∗∗∗ New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data ∗∗∗ --------------------------------------------- The New Glove Stealer malware has the ability to bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. The threat actors’ attacks employed social engineering techniques akin to .. --------------------------------------------- https://heimdalsecurity.com/blog/glove-stealer-malware/ ∗∗∗ Gegen Enkeltrickbetrug: KI-Omi soll Kriminelle in endlose Gespräche verwickeln ∗∗∗ --------------------------------------------- Eine KI-generierte Omi soll für O2 Kriminelle beschäftigen, die echten Menschen per Telefon das Geld aus Tasche ziehen wollen. Dazu soll sie reden und reden. --------------------------------------------- https://www.heise.de/news/Gegen-Enkeltrickbetrug-KI-Omi-soll-Kriminelle-in-… ∗∗∗ Wordpress-Plug-in Really Simple Security gefährdet 4 Millionen Websites ∗∗∗ --------------------------------------------- Rund vier Millionen Wordpress-Seiten nutzen das Plug-in Really Simple Security. Angreifer aus dem Netz können sie kompromittieren. --------------------------------------------- https://www.heise.de/news/Wordpress-Plug-in-Really-Simple-Security-gefaehrd… ∗∗∗ An Interview With the Target & Home Depot Hacker ∗∗∗ --------------------------------------------- In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and .. --------------------------------------------- https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot… ∗∗∗ Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack ∗∗∗ --------------------------------------------- North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities. --------------------------------------------- https://unit42.paloaltonetworks.com/fake-north-korean-it-worker-activity-cl… ∗∗∗ Kritische Sicherheitslücke in Laravel Framework - Updates verfügbar ∗∗∗ --------------------------------------------- Im Laravel Framework wurde eine kritische Sicherheitslücke entdeckt. Die Schwachstelle ermöglicht es Angreifern, durch manipulierte URLs unbefugten Zugriff auf Anwendungen zu erlangen und Umgebungsvariablen zu manipulieren. --------------------------------------------- https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-lara… ∗∗∗ Safeguarding Healthcare Organizations from IoMT Risks ∗∗∗ --------------------------------------------- The healthcare industry has undergone significant transformation with the emergence of the Internet of Medical Things (IoMT) devices. These devices ranging from wearable monitors to network imaging systems collect and process vast .. --------------------------------------------- https://levelblue.com/blogs/security-essentials/safeguarding-healthcare-org… ∗∗∗ Zero-day exploitation targeting Palo Alto Networks firewall management interfaces ∗∗∗ --------------------------------------------- Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces. --------------------------------------------- https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targe… ∗∗∗ Microsoft Power Pages Misconfigurations Expose Millions of Records Globally ∗∗∗ --------------------------------------------- SaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches. --------------------------------------------- https://hackread.com/microsoft-power-pages-misconfigurations-data-leak/ ∗∗∗ Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation ∗∗∗ --------------------------------------------- Written by: Matthijs Gielen, Jay ChristiansenBackgroundNew solutions, old problems. Artificial intelligence (AI) and large language models (LLMs) are here to signal a new day in the cybersecurity world, but what does that mean for us—the attackers and defenders—and our battle to improve security through all the noise?Data is everywhere. For most .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/ai-enhancing-your-… ∗∗∗ Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats ∗∗∗ --------------------------------------------- In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection. --------------------------------------------- https://www.nccgroup.com/us/research-blog/defending-your-directory-an-exper… ∗∗∗ Kubernetes Audit Log “Gotchas” ∗∗∗ --------------------------------------------- How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection. --------------------------------------------- https://www.wiz.io/blog/overcoming-kubernetes-audit-log-challenges ∗∗∗ Massive npm Malware Campaign Leverages Ethereum Smart Contracts To Evade Detection and Maintain Control ∗∗∗ --------------------------------------------- Supply chain attacks are evolving. The Socket research team has uncovered a massive malware campaign that uses Ethereum smart contracts to control its operations - making it nearly impossible to shut down through traditional means. Instead of using conventional command and control servers that can be blocked or taken offline, these attackers .. --------------------------------------------- https://socket.dev/blog/massive-npm-malware-campaign-leverages-ethereum-sma… ∗∗∗ PyPI Introduces Digital Attestations to Strengthen Python Package Security ∗∗∗ --------------------------------------------- The Python Package Index (PyPI) has announced support for digital attestations. This new feature allows package maintainers to publish signed digital attestations when uploading their projects, providing an additional layer of trust and verification for users.What Are Digital Attestations?Digital attestations are cryptographic statements or .. --------------------------------------------- https://socket.dev/blog/pypi-introduces-digital-attestations ∗∗∗ 60 Hours of Cyber Defense: Hong Kong’s Innovative Cybersecurity Drill Begins ∗∗∗ --------------------------------------------- Hong Kong has initiated its first-ever cybersecurity drill, set to run for a total of 60 hours. The Hong Kong cybersecurity drill commenced on Friday, with plans to establish it as an annual event moving forward. Innovation minister Sun Dong emphasized the importance of this initiative, stating that maintaining cybersecurity is essential for .. --------------------------------------------- https://thecyberexpress.com/hong-kong-cybersecurity-drill/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack ∗∗∗ --------------------------------------------- https://securityonline.info/critical-laravel-flaw-cve-2024-52301-exposes-mi… ∗∗∗ [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/52082 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2024
by Daily end-of-shift report 14 Nov '24

14 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-11-2024 18:00 − Donnerstag 14-11-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 ∗∗∗ --------------------------------------------- While the FortiJump patch does effectively neutralise the devastating RCE that is FortiJump, we’re still a little concerned about FortiManager’s overall code quality. We note that our som/export vulnerability, ‘FortiJump Higher’, is still functional, even in patched versions, allowing adversaries to elevate from one managed FortiGate appliance to the central FortiManager appliance. --------------------------------------------- https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-2311… ∗∗∗ New PXA Stealer targets government and education sectors for sensitive information ∗∗∗ --------------------------------------------- Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. --------------------------------------------- https://blog.talosintelligence.com/new-pxa-stealer/ ∗∗∗ Advertisers are pushing ad and pop-up blockers using old tricks ∗∗∗ --------------------------------------------- A malvertising campaign using an old school trick was found pushing to different ad blockers. [..] In the olden days, that something extra used to be video codecs or specific video players, but now we’ll be told we need a browser extension to “continue watching in safe mode.” [..] To us, this looks like a campaign executed by an affiliate, a company that promotes products or services from another company. If someone buys something through the affiliate’s efforts, the affiliate earns a commission. --------------------------------------------- https://www.malwarebytes.com/blog/news/2024/11/advertisers-are-pushing-ad-a… ∗∗∗ Сrimeware and financial cyberthreats in 2025 ∗∗∗ --------------------------------------------- Kasperskys GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025. --------------------------------------------- https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/ ∗∗∗ Malware: Erkennung entgehen durch angeflanschtes ZIP ∗∗∗ --------------------------------------------- IT-Forscher haben Malware entdeckt, die der Erkennung durch Virenscanner durch Verkettung von ZIP-Dateien entgeht. --------------------------------------------- https://www.heise.de/-10034752 ∗∗∗ Gratis-Tool: Sicherheitsforscher knacken ShrinkLocker-Verschlüsselung ∗∗∗ --------------------------------------------- Der Erpressungstrojaner ShrinkLocker nutzt Microsofts Bitlocker, um Windows-Systeme zu verschlüsseln. Ein Entschlüsselungstool hilft. --------------------------------------------- https://www.heise.de/-10034933 ∗∗∗ PHP Reinfector and Backdoor Malware Target WordPress Sites ∗∗∗ --------------------------------------------- We recently observed a surge in WordPress websites being infected by a sophisticated PHP reinfector and backdoor malware. While we initially believed that the infection was linked to the wpcode plugin, we found that several sites without this plugin were compromised as well. Upon deeper investigation, we discovered that this malware not only reinfects website files but also embeds malicious code into other plugins and database tables wp_posts and wp_options. --------------------------------------------- https://blog.sucuri.net/2024/11/php-reinfector-and-backdoor-malware-target-… ∗∗∗ Malware Spotlight: A Deep-Dive Analysis of WezRat ∗∗∗ --------------------------------------------- Check Point Research (CPR) provides a comprehensive analysis of a custom modular infostealer, tracked as WezRat, after the FBI, the US Department of Treasury, and the Israeli National Cybersecurity Directorate (INCD) released a joint Cybersecurity Advisory and attributed the malware to the Iranian cyber group Emennet Pasargad. --------------------------------------------- https://research.checkpoint.com/2024/wezrat-malware-deep-dive/ ∗∗∗ Lazarus Group Targets macOS with RustyAttr Trojan in Fake Job PDFs ∗∗∗ --------------------------------------------- Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on macOS. --------------------------------------------- https://hackread.com/lazarus-group-macos-rustyattr-trojan-fake-job-pdfs/ ===================== = Vulnerabilities = ===================== ∗∗∗ 4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- This is one of the more serious vulnerabilities that we have reported on in our 12 year history as a security provider for WordPress. This vulnerability affects Really Simple Security, formerly known as Really Simple SSL, installed on over 4 million websites, and allows an attacker to remotely gain full administrative access to a site running the plugin. CVE-2024-10924, CVSS Score: 9.8 (Critical) --------------------------------------------- https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (llama-cpp, mingw-expat, python3.6, webkit2gtk4.0, and xorg-x11-server-Xwayland), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk and libarchive), Oracle (expat, gstreamer1-plugins-base, kernel, libsoup, podman, and tigervnc), SUSE (buildah, java-1_8_0-openjdk, and switchboard-plug-bluetooth), and Ubuntu (zlib). --------------------------------------------- https://lwn.net/Articles/998143/ ∗∗∗ CISA Releases Nineteen Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- Siemens, Rockwell, Hitachi, 2N, Elvaco, Baxter --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-i… ∗∗∗ GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7 ∗∗∗ --------------------------------------------- These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. [..] An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations. CVE-2024-9693, CVE-2024-7404, CVE-2024-8648, CVE-2024-8180, CVE-2024-10240 --------------------------------------------- https://thecyberthrone.in/2024/11/14/gitlab-fixes-high-severity-vulnerabili… ∗∗∗ Drupal: POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2024-060 ∗∗∗ Drupal: POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2024-059 ∗∗∗ Fortinet: Lack of capacity to filter logs by administrator access ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-23-267 ∗∗∗ Palo Alto: CVE-2024-2551 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2024-2551 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2024
by Daily end-of-shift report 13 Nov '24

13 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-11-2024 18:00 − Mittwoch 13-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Itsmydata: Hackerin veröffentlicht erneut Bonitätsdaten von Jens Spahn ∗∗∗ --------------------------------------------- Erst über Bonify, nun über Itsmydata: Lilith Wittmann hat sich mal wieder Bonitätsdaten von Jens Spahn beschafft. Immerhin hat sich sein Score verbessert. --------------------------------------------- https://www.golem.de/news/itsmydata-hackerin-veroeffentlicht-erneut-bonitae… ∗∗∗ Threats in space (or rather, on Earth): internet-exposed GNSS receivers ∗∗∗ --------------------------------------------- Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks. --------------------------------------------- https://securelist.com/internet-exposed-gnss-receivers-in-2024/114548/ ∗∗∗ Chinas Volt Typhoon crew and its botnet surge back with a vengeance ∗∗∗ --------------------------------------------- Ohm, for flux sake Chinas Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers. --------------------------------------------- https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ ∗∗∗ Stromanbieter Tibber gehackt, 50.000 deutsche Kunden betroffen ∗∗∗ --------------------------------------------- Tibber bestätigt, dass Hacker eingedrungen sind und Kundendaten an sich gebracht haben. Im Darknet werden diese nun verkauft. --------------------------------------------- https://www.heise.de/news/Stromanbieter-Tibber-gehackt-50-000-deutsche-Kund… ∗∗∗ Sicherheitsupdates: Zoom Room Client & Co. angreifbar ∗∗∗ --------------------------------------------- Die Entwickler rüsten verschiedene Zoom-Apps gegen mögliche Angriffe. Davon sind unter anderem macOS und Windows betroffen. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Zoom-Room-Client-Co-angreifbar… ∗∗∗ Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them ∗∗∗ --------------------------------------------- We discuss North Koreas use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this. --------------------------------------------- https://unit42.paloaltonetworks.com/north-korean-it-workers/ ∗∗∗ The November 2024 Security Update Review ∗∗∗ --------------------------------------------- It’s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts.If you’d rather watch the .. --------------------------------------------- https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-re… ∗∗∗ How Italy became an unexpected spyware hub ∗∗∗ --------------------------------------------- Italy is home to six major spyware vendors and one supplier, with many smaller and harder-to-track enterprises emerging all the time, experts say. --------------------------------------------- https://therecord.media/how-italy-became-an-unexpected-spyware-hub ∗∗∗ Germany warns of potential cyber threats from Russia ahead of snap election ∗∗∗ --------------------------------------------- “We must be especially prepared against threats like hacker attacks, manipulation, and disinformation," German Interior Minister Nancy Faeser said. --------------------------------------------- https://therecord.media/germany-cyber-threats-russia-elections ∗∗∗ Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions ∗∗∗ --------------------------------------------- Trend Micros Threat Hunting Team has observed EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity. --------------------------------------------- https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpo… ∗∗∗ Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool ∗∗∗ --------------------------------------------- Bitdefender has released a free decryptor for ShrinkLocker ransomware, which exploits Windows BitLocker to encrypt .. --------------------------------------------- https://hackread.com/bitdefender-shrinklocker-ransomware-decryptor-tool/ ∗∗∗ Emerging Threats: Cybersecurity Forecast 2025 ∗∗∗ --------------------------------------------- Every November, we start sharing forward-looking insights on threats and other cybersecurity topics to help organizations and defenders prepare for the year ahead. The Cybersecurity Forecast 2025 report, available today, plays a big role in helping us accomplish this mission.This year’s report draws on insights directly from Google .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-fore… ∗∗∗ Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation ∗∗∗ --------------------------------------------- In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection. --------------------------------------------- https://www.nccgroup.com/us/research-blog/defending-your-directory-an-exper… ∗∗∗ Making Sense of Kubernetes Initial Access Vectors Part 1 – Control Plane ∗∗∗ --------------------------------------------- Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats. --------------------------------------------- https://www.wiz.io/blog/making-sense-of-kubernetes-initial-access-vectors-p… ∗∗∗ Time Boxed Penetration Testing for Web Applications ∗∗∗ --------------------------------------------- This article defines time boxed penetration testing and explains how it’s approached from a methodological standpoint. By focusing on high-risk areas, client-specific priorities, and sampling, time boxed testing can deliver efficient assessments within a limited timeframe. --------------------------------------------- https://projectblack.io/blog/time-boxed-penetration-testing/ ∗∗∗ Killing Filecoin nodes ∗∗∗ --------------------------------------------- By Simone Monica In January, we identified and reported a vulnerability in the Lotus and Venus clients of the Filecoin network that allowed an attacker to remotely crash a node and trigger a denial of service. This issue is .. --------------------------------------------- https://blog.trailofbits.com/2024/11/13/killing-filecoin-nodes/ ∗∗∗ Fault Injection – Down the Rabbit Hole ∗∗∗ --------------------------------------------- This series of articles describes fault injection attack techniques in order to understand their real potential by testing their limits and applicability with limited hardware (available on the market at an acceptable cost). It explores possible ways of using an attack that, in my opinion, is greatly underestimated. --------------------------------------------- https://security.humanativaspa.it/fault-injection-down-the-rabbit-hole/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (expat), Fedora (chromium and golang-github-nvidia-container-toolkit), Mageia (curl, expat, mpg123, networkmanager-libreswan, openssl, php-tcpdf, qbittorrent, and x11-server, x11-server-xwayland, and tigervnc), Red Hat (kernel and libsoup), Slackware (mozilla), SUSE (firefox, kernel, python-PyPDF2, and xen), and Ubuntu (dotnet9, ghostscript, linux-aws, linux-oem-6.8, and pydantic). --------------------------------------------- https://lwn.net/Articles/998044/ ∗∗∗ ZDI-24-1472: Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1472/ ∗∗∗ ZDI-24-1486: (0Day) G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1486/ ∗∗∗ Critical Security Vulnerabilities Discovered in MZ Automation’s MMS Client ∗∗∗ --------------------------------------------- https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-aut… ∗∗∗ Online Installer DLL Hijacking ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-24-205 ∗∗∗ Fortinet Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-securi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.11.2024
by Daily end-of-shift report 12 Nov '24

12 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Montag 11-11-2024 18:00 − Dienstag 12-11-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Daten von Amazon-Mitarbeiter wurden in einem Hackerforum veröffentlicht ∗∗∗ --------------------------------------------- Der Datensatz dürfte von einem Immobilienverwalter stammen und auf die kritische Lücke in der Software von Moveit zurückgehen --------------------------------------------- https://www.derstandard.at/story/3000000244555/daten-von-amazon-mitarbeiter… ∗∗∗ ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI ∗∗∗ --------------------------------------------- New research reveals two vulnerabilities in Googles Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. --------------------------------------------- https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-ve… ∗∗∗ 2023 Top Routinely Exploited Vulnerabilities ∗∗∗ --------------------------------------------- This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise .. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a ∗∗∗ Building a Resilient Network Architecture: Key Trends for 2025 ∗∗∗ --------------------------------------------- As organizations continue to align their operational strategies with evolving digital ecosystems and technologies, the concept of network resilience has become a priority. A major mindset shift is that modern networks must be designed not just for speed and efficiency but also for flexibility, security, and the ability to hold out against .. --------------------------------------------- https://levelblue.com/blogs/security-essentials/building-a-resilient-networ… ∗∗∗ LodaRAT: Established malware, new victim patterns ∗∗∗ --------------------------------------------- Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. --------------------------------------------- https://www.rapid7.com/blog/post/2024/11/12/lodarat-established-malware-new… ∗∗∗ ICS Security Is a Team Sport ∗∗∗ --------------------------------------------- Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsights partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security. --------------------------------------------- https://www.bitsight.com/blog/ics-security-team-sport ∗∗∗ Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) ∗∗∗ --------------------------------------------- Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering. --------------------------------------------- https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-n… ∗∗∗ SAP Patchday: Acht neue Sicherheitslücken, davon eine hochriskant ∗∗∗ --------------------------------------------- Admins können etwas entspannter auf den aktuellen SAP-Patchday schauen: Von acht neuen Sicherheitslücken gilt lediglich eine als hohes Risiko. --------------------------------------------- https://heise.de/-10020168 ∗∗∗ Attack of the Evil Baristas ∗∗∗ --------------------------------------------- I use the term “hacklore” to refer to the urban legends surrounding cybersecurity. Hacklore is everywhere, and this holiday season, you’re bound to hear it nonstop: “The Russians will load your phone with malware if you scan QR codes!” or “Hackers will steal your banking details if you use a USB charger at the airport!” and so on. --------------------------------------------- https://medium.com/@boblord/attack-of-the-evil-baristas-b204436f0853 ∗∗∗ Reverse Engineering: Finding Exploits in Video Games ∗∗∗ --------------------------------------------- In this guide, I'll walk you through how I create tools to find exploits in video games for bug bounty programs. Specifically, I'll focus on my research into the game Sword of Convallaria. This exploration is purely for educational purposes. As such, I have removed some of the assets as an exercise for .. --------------------------------------------- https://shalzuth.com/Blog/FindingExploitsInGames ∗∗∗ Critical WPLMS WordPress Theme Vulnerability Puts Websites at Risk of RCE Attacks ∗∗∗ --------------------------------------------- A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in the WPLMS .. --------------------------------------------- https://thecyberexpress.com/critical-wplms-wordpress-theme-vulnerability/ ∗∗∗ Harnessing Chisel for Covert Operations: Unpacking a Multi-Stage PowerShell Campaign ∗∗∗ --------------------------------------------- The Cyble Research and Intelligence Lab (CRIL) has recently uncovered a sophisticated multi-stage infection chain, primarily driven by PowerShell scripts. This campaign, which targets organizations through a variety of .. --------------------------------------------- https://thecyberexpress.com/new-powershell-campaign/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (gstreamer1-plugins-base), Debian (chromium, ghostscript, libarchive, mpg123, ruby-saml, and symfony), Fedora (buildah and podman), Red Hat (buildah, containernetworking-plugins, podman, skopeo, and xorg-x11-server-Xwayland), Slackware (wget), SUSE (pcp), and Ubuntu (linux, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, .. --------------------------------------------- https://lwn.net/Articles/997903/ ∗∗∗ Citrix Releases Security Updates for NetScaler and Citrix Session Recording ∗∗∗ --------------------------------------------- Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security… ∗∗∗ November Security Update ∗∗∗ --------------------------------------------- At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers. Ivanti is .. --------------------------------------------- https://www.ivanti.com/blog/november-2024-security-update ∗∗∗ XSA-464 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-464.html ∗∗∗ XSA-463 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-463.html ∗∗∗ Mehrere Schwachstelen in Siemens Energy Omnivise T3000 ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-schwachstelen… ∗∗∗ Zyxel security advisory for post-authentication command injection and buffer overflow vulnerabilities in GS1900 series switches ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.11.2024
by Daily end-of-shift report 11 Nov '24

11 Nov '24

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-11-2024 18:00 − Montag 11-11-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Palo Alto untersucht mögliche Sicherheitslücke in PAN-OS-Webinterface ∗∗∗ --------------------------------------------- Palo Alto untersucht eine angebliche Codeschmuggel-Lücke in der Verwaltungsoberfläche von PAN-OS. Ein Teil betroffener Kunden wird informiert. [..] Palo Alto empfiehlt Kunden dringend, sicherzustellen, dass der Zugang zur Verwaltungsoberfläche korrekt und im Einklang mit den empfohlenen Best-Practices-Richtlinien erfolgt. Dafür stellt das Unternehmen auch eine Anleitung bereit. --------------------------------------------- https://www.heise.de/-10013896.html ∗∗∗ Zugangsdaten aus 2023 für Zugriff ausgenutzt - "Helldown Leaks"-Ransomware kompromittiert Unternehmen über Zyxel-Firewalls ∗∗∗ --------------------------------------------- Seit etwa Anfang August 2024 werden international Unternehmen durch die Ransomware-Gruppe "Helldown Leaks" verschlüsselt. Als initialer Angriffsvektor können durchgängig Zyxel-Firewalls ausgemacht werden, selbst wenn diese auf dem letzten Software-Stand sind. --------------------------------------------- https://www.cert.at/de/aktuelles/2024/11/zugangsdaten-aus-2023-fur-zugriff-… ∗∗∗ Testing the Koord2ool ∗∗∗ --------------------------------------------- As part of the EU-funded project “AWAKE”, we built the Koord2ool, which is a tool that allowed us to track the state of an incident across our constituency over time. We implemented this application as an extension to LimeSurvey (an Open Source survey tool) which generates a dashboard to visualize the state of the answers over time. --------------------------------------------- https://www.cert.at/en/blog/2024/11/testing-the-koord2ool ∗∗∗ Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. [..] The malicious Excel document is designed to exploit a known remote code execution flaw in Office (CVE-2017-0199, CVSS score: 7.8) to download an HTML Application (HTA) file ("cookienetbookinetcahce.hta") from a remote server ("192.3.220[.]22") and launch it using mshta.exe. --------------------------------------------- https://thehackernews.com/2024/11/cybercriminals-use-excel-exploit-to.html ∗∗∗ #StopRansomware: Black Basta ∗∗∗ --------------------------------------------- Updates to this advisory, originally published May 10, 2024 [..] The advisory was updated to reflect new TTPs employed by Black Basta affiliates, as well as provide current IOCs/remove outdated IOCs for effective threat hunting. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a ∗∗∗ Cyberattack causes credit card readers to malfunction in Israel ∗∗∗ --------------------------------------------- As reported by the Jerusalem Post, the cause was a distributed denial-of-service attack (DDoS) that targeted the payment gateway company Hyp’s CreditGuard product. The attack disrupted communications between the card terminals and the wider payment system, but was not capable of stealing information or payments. --------------------------------------------- https://therecord.media/cyberattack-causes-credit-card-readers-in-israel-to… ∗∗∗ Malware Steals Account Credentials ∗∗∗ --------------------------------------------- It’s common for malware to target e-commerce sites, and these attackers are usually seeking to steal credit card details. In most cases, they will insert scripts that extract data from the checkout forms to siphon fields like the cardholder name, card number and expiration date. [..] However, every now and then we encounter a case where in addition to that they are also looking to steal details for accounts that customers have created on these sites along with admin account credentials. We’ll explore one such case. --------------------------------------------- https://blog.sucuri.net/2024/11/malware-steals-account-credentials.html ∗∗∗ Known Attacks On Elliptic Curve Cryptography ∗∗∗ --------------------------------------------- In recent years the Elliptic Curve Cryptography approach has become popular due to its high efficiency and strong security. The purpose of this article is to present this topic in a relatively clearer way than it exists today on the internet. --------------------------------------------- https://github.com/elikaski/ECC_Attacks ∗∗∗ Pishi: Coverage guided macOS KEXT fuzzing ∗∗∗ --------------------------------------------- In this blog post I will try to explain everything as clearly as possible so that even those who are not familiar with fuzzing can enjoy and understand it. I’ll break down the concepts, provide relatable examples, and resources, My goal is to make fuzzing approachable and interesting. --------------------------------------------- https://r00tkitsmm.github.io/fuzzing/2024/11/08/Pishi.html ===================== = Vulnerabilities = ===================== ∗∗∗ Veeam Backup Enterprise Manager: Unbefugte Zugriffe durch Angreifer möglich ∗∗∗ --------------------------------------------- Setzen Angreifer erfolgreich an der Schwachstelle (CVE-2024-40715 "hoch") an, können sie die Authentifizierung umgehen und Verbindungen als Man-in-the-Middle belauschen. Wie das im Detail ablaufen könnte, ist bislang nicht bekannt. [..] Ein Sicherheitspatch steht zum Download bereit. --------------------------------------------- https://www.heise.de/-10018234.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (podman), Debian (guix, libarchive, and nss), Fedora (expat, iaito, opendmarc, python-werkzeug, radare2, squid, and xorg-x11-server), Mageia (htmldoc, libheif, nspr, nss, firefox & rust, python-urllib3, python-werkzeug, quictls, ruby-webrick, and thunderbird), Oracle (firefox and NetworkManager-libreswan), SUSE (apache2, chromedriver, chromium, coredns, expat, govulncheck-vulndb, httpcomponents-client, java-17-openjdk, java-21-openjdk, libheif, python-wxPython, python311, python312, qbittorrent, ruby3.3-rubygem-actionmailer, ruby3.3-rubygem-actiontext, ruby3.3-rubygem-puma, ruby3.3-rubygem-rails, and virtualbox), and Ubuntu (openjdk-17, openjdk-21, openjdk-8, openjdk-lts, and qemu). --------------------------------------------- https://lwn.net/Articles/997774/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

← Newer
1
...
8
9
10
11
12
13
14
...
315
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily