[CERT-daily] Tageszusammenfassung - 05.04.2024

Fri Apr 5 18:36:53 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-04-2024 18:00 − Freitag 05-04-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Fake AI law firms are sending fake DMCA threats to generate fake SEO gains ∗∗∗
---------------------------------------------
If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a "DMCA Copyright Infringement Notice" in late March from "Commonwealth Legal," representing the "Intellectual Property division" of Tech4Gods.
---------------------------------------------
https://arstechnica.com/?p=2014933


∗∗∗ Continuation Flood: DoS-Angriffstechnik legt HTTP/2-Server ohne Botnetz lahm ∗∗∗
---------------------------------------------
Für einen erfolgreichen Angriff ist in einigen Fällen nur eine einzige TCP-Verbindung erforderlich. Es kommt zu einer Überlastung von Systemressourcen.
---------------------------------------------
https://www.golem.de/news/continuation-flood-dos-angriffstechnik-legt-http-2-server-ohne-botnetz-lahm-2404-183857.html


∗∗∗ AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks ∗∗∗
---------------------------------------------
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. [..] To mitigate the issue, it's recommended to enable IMDSv2 with Hop Limit so as to prevent pods from accessing the Instance Metadata Service (IMDS) and obtaining the role of a Node within the cluster.
---------------------------------------------
https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html


∗∗∗ Bing ad for NordVPN leads to SecTopRAT ∗∗∗
---------------------------------------------
Threat actors are luring victims to a fake NordVPN website that installs a Remote Access Trojan.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2024/04/bing-ad-for-nordvpn-leads-to-sectoprat


∗∗∗ Neue Dreiecksbetrugsmasche: Kriminelle bestellen in Ihrem Namen ∗∗∗
---------------------------------------------
Sie kaufen online ein, bezahlen und erhalten die gewünschte Ware. Doch nach einigen Wochen erreicht Sie plötzlich eine Mahnung, ein Inkassoschreiben oder sogar eine Betrugsanzeige. Der Grund: Eine nicht bezahlte Rechnung von einem Onlineshop, bei dem Sie gar nichts bestellt haben. In diesem Fall wurden Sie und der Onlineshop betrogen. Wir zeigen Ihnen wie diese neue Masche funktioniert und wie Sie sich schützen können.
---------------------------------------------
https://www.watchlist-internet.at/news/neue-dreiecksbetrugsmasche-kriminelle-bestellen-in-ihrem-namen/


∗∗∗ The Illusion of Privacy: Geolocation Risks in Modern Dating Apps ∗∗∗
---------------------------------------------
Key takeaways Introduction Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature is quite useful for coordinating meetups, indicating whether a potential match is just a short distance away or a kilometer apart. However, openly sharing your distance with other users can create serious security issues. The risks become apparent when you consider the potential misuse by a curious individual armed with advanced knowledge of techniques like trilateration.
---------------------------------------------
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cockpit), Mageia (python-pygments), Red Hat (nodejs), Slackware (httpd and nghttp2), SUSE (avahi, gradle, gradle-bootstrap, and squid), and Ubuntu (xorg-server, xwayland).
---------------------------------------------
https://lwn.net/Articles/968561/


∗∗∗ Lexmark: Hochriskante Lücken erlauben Codeschmuggel auf Drucker ∗∗∗
---------------------------------------------
Lexmark warnt vor Sicherheitslücken in diversen Drucker-Firmwares. Angreifer können Schadcode einschleusen. Updates sind verfügbar.
---------------------------------------------
https://heise.de/-9675861


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily