[CERT-daily] Tageszusammenfassung - 04.04.2024

Thu Apr 4 18:32:50 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 03-04-2024 18:00 − Donnerstag 04-04-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ SurveyLama data breach exposes info of 4.4 million users ∗∗∗
---------------------------------------------
In early February, HIBP's creator, Troy Hunt, received information about a data breach impacting the service, which involved various data types, including: Dates of birth. Email addresses. IP addresses, Full Names, Passwords, Phone numbers, Physical addresses [..] The data set contains information about 4,426,879 accounts and was added to HIBP yesterday, so impacted users should have already received an email notification.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/surveylama-data-breach-exposes-info-of-44-million-users/


∗∗∗ New HTTP/2 DoS attack can crash web servers with a single connection ∗∗∗
---------------------------------------------
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-http-2-dos-attack-can-crash-web-servers-with-a-single-connection/


∗∗∗ Angriff mit neuer Ransomware: SEXi-Hacker verschlüsseln ESXi-Server ∗∗∗
---------------------------------------------
Die neue SEXi-Ransomware ist kürzlich in einem Rechenzentrum von Powerhost zum Einsatz gekommen. Betroffene Kundensysteme sind wohl teilweise nicht wiederherstellbar. [..] Bei der Bezeichnung scheint es sich um ein Wortspiel zu handeln, denn die Angreifer haben es damit offenkundig auf VMware ESXi-Server abgesehen.
---------------------------------------------
https://www.golem.de/news/angriff-mit-neuer-ransomware-sexi-hacker-verschluesseln-esxi-server-2404-183825.html


∗∗∗ Windows NTLM Credentials-Schwachstelle CVE-2024-21320: Fix durch 0patch ∗∗∗
---------------------------------------------
In Windows gibt es eine Schwachstelle (CVE-2024-21320), die NTLM-Anmeldeinformationen über Windows-Themen offen legt. Microsoft hat zwar im Januar 2024 die Schwachstelle CVE-2024-21320 mit einem Patch versehen. Dieser Patch stellt eine Richtlinie bereit, um das Abrufen der NTLM-Anmeldeinformationen zu verhindern, wenn Theme-Dateien auf Netzlaufwerken liegen. ACROS Security hat nun einen Micropatch für den 0patch-Agenten veröffentlicht, der die Schwachstelle generell (ohne Registrierungseingriff) schließt.
---------------------------------------------
https://www.borncity.com/blog/2024/04/04/windows-ntlm-credentials-schwachstelle-cve-2024-21320-fix-durch-0patch/


∗∗∗ Latrodectus: This Spider Bytes Like Ice ∗∗∗
---------------------------------------------
We share Proofpoint’s assessment that Latrodectus will become increasingly used by financially motivated threat actors across the criminal landscape, particularly those who previously distributed IcedID.. This research highlights the value of collaborative work between commercial threat intelligence companies, piecing together distinct viewpoints to provide a more complete picture of malicious activities.
---------------------------------------------
https://www.team-cymru.com/post/latrodectus-this-spider-bytes-like-ice


∗∗∗ Byakugan – The Malware Behind a Phishing Attack ∗∗∗
---------------------------------------------
FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files [..] In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published. Therefore, this report will only provide a brief analysis of the overlap between that attack and this and focus primarily on the details of the infostealer.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/byakugan-malware-behind-a-phishing-attack


∗∗∗ Politische Parteien vor der EU-Wahl häufiger Ziel von Cyberangriffen ∗∗∗
---------------------------------------------
Cyberangreifer konzentrieren sich derzeit offenbar stark auf politische Akteure und Parteien. Gefahr bestehe besonders durch sogenannte Hack-and-Leak-Angriffe.
---------------------------------------------
https://heise.de/-9674511


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks ∗∗∗
---------------------------------------------
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require user interaction.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ivanti-fixes-vpn-gateway-vulnerability-allowing-rce-dos-attacks/


∗∗∗ Cisco Security Advisories 2024-04-03 ∗∗∗
---------------------------------------------
Security Impact Rating: 1x High, 11x Medium
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2024%2F04%2F03&firstPublishedEndDate=2024%2F04%2F04&pageNum=1&isRenderingBugList=false


∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CVE-2024-29745 Android Pixel Information Disclosure Vulnerability, CVE-2024-29748 Android Pixel Privilege Escalation Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/04/04/cisa-adds-two-known-exploited-vulnerabilities-catalog


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Hitachi Energy Asset Suite 9 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-095-01


∗∗∗ Schweitzer Engineering Laboratories SEL ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-095-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily