===================== = End-of-Day report = =====================
Timeframe: Dienstag 26-11-2024 18:05 − Mittwoch 27-11-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a
===================== = News = =====================
∗∗∗ RomCom exploits Firefox and Windows zero days in the wild ∗∗∗ --------------------------------------------- ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-...
∗∗∗ Betrug auf Telegram und WhatsApp mit Fake Job angeboten ∗∗∗ --------------------------------------------- Unterhalb finden Sie unseren Bericht des Telegram Betrugs und wie wir es sogar geschafft haben die Betrüger auszutricksen. Außerdem geben wir Ticks und Tricks, was Sie machen können und wie Sie solch einen Betrug erkennen. --------------------------------------------- https://www.zettasecure.com/post/betrug-auf-telegram-und-whatsapp-mit-fake-j...
∗∗∗ Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers ∗∗∗ --------------------------------------------- A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. --------------------------------------------- https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html
∗∗∗ Gaming Engines: An Undetected Playground for Malware Loaders ∗∗∗ --------------------------------------------- Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. --------------------------------------------- https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground...
∗∗∗ New NachoVPN attack uses rogue VPN servers to install malicious updates ∗∗∗ --------------------------------------------- A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogu...
∗∗∗ Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns ∗∗∗ --------------------------------------------- Welcome to the second part of our investigation into the Rockstar kit, please check out part one here. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa...
∗∗∗ Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. --------------------------------------------- https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html
∗∗∗ BEC-ware the Phish (part 3): Detect and Prevent Incidents in M365 ∗∗∗ --------------------------------------------- This blog discusses a few options in M365, such as guidance on configuring threat and alert policies and how to deal with these alerts downstream in the SIEM. --------------------------------------------- https://www.pentestpartners.com/security-blog/bec-ware-the-phish-part-3-dete...
∗∗∗ Modern solutions against cross-site attacks ∗∗∗ --------------------------------------------- This article is about cross-site leak attacks and what recent defenses have been introduced to counter them. I also want to finally answer the question why web security best practices is always opt-in and finally how YOU can get increased security controls. --------------------------------------------- https://frederikbraun.de/modern-solutions-xsleaks.html
===================== = Vulnerabilities = =====================
∗∗∗ Palo Alto Globalprotect: Schadcode-Lücke durch unzureichende Zertifikatsprüfung ∗∗∗ --------------------------------------------- Die Entdecker der Sicherheitslücke von Amberwolf schreiben in ihrer detaillierten Analyse, dass die Globalprotect-VPN-Clients sowohl unter macOS als auch unter Windows anfällig für das Ausführen von Schadcode aus dem Netz und der Ausweitung der Rechte sind, und zwar durch den automatischen Update-Mechanismus (CVE-2024-5921, CVSS-B 7.2, Risiko "hoch"). Zwar erfordert der Update-Prozess, dass MSI-Dateien signiert sind, jedoch können Angreifer den PanGPS-Dienst zum Installieren eines bösartigen, dadurch vertrautem Root-Zertifikat missbrauchen. --------------------------------------------- https://heise.de/-10178649
∗∗∗ Microsoft patcht teils kritische Lücken außer der Reihe ∗∗∗ --------------------------------------------- Microsoft hat in der Nacht zum Mittwoch vier Sicherheitsmitteilungen veröffentlicht. [..] Einige Updates müssen Nutzer installieren. --------------------------------------------- https://www.heise.de/-10178400
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mpg123 and php8.2), Fedora (libsndfile, mingw-glib2, mingw-libsoup, mingw-python3, and qbittorrent), Oracle (pam:1.5.1 and perl-App-cpanminus), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (mozilla), SUSE (firefox, rclone, tomcat, tomcat10, and xen), and Ubuntu (gh, libsoup2.4, libsoup3, pygments, TinyGLTF, and twisted). --------------------------------------------- https://lwn.net/Articles/999897/
∗∗∗ GitLab Patch Release: 17.6.1, 17.5.3, 17.4.5 ∗∗∗ --------------------------------------------- https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-rel...
∗∗∗ HPE Insight Remote Support: Monitoring-Software ermöglicht Codeschmuggel ∗∗∗ --------------------------------------------- https://www.heise.de/-10178034
∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2024-0007 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2024-0007.html
∗∗∗ Synology-SA-24:27 DSM ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_24_27
∗∗∗ Synology-SA-24:26 BeeDrive for desktop ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_24_26
∗∗∗ Omada Identity: Stored Cross-Site Scripting in Omada Identity ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/stored-xss-in-omada-id...
∗∗∗ F5: K000148716: REXML vulnerability CVE-2024-41123 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000148716
∗∗∗ F5: K000148692: Qt vulnerability CVE-2023-34410 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000148692
∗∗∗ F5: K000148690: Qt vulnerability CVE-2023-32573 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000148690