[CERT-daily] Tageszusammenfassung - 10.04.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-04-2024 18:00 − Mittwoch 10-04-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Verzögerte Aussendung der CERT.at-Tagesberichte ∗∗∗
---------------------------------------------
Aufgrund einer Fehlkonfiguration unserer Firewall kam es gestern, am 09.04.2024, zu einer teilweise verzögerten Aussendung unserer Tagesberichte. Wir bitten um Entschuldigung für entstandene Unannehmlichkeiten.
---------------------------------------------
https://cert.at/de/aktuelles/2024/4/verzogerte-aussendung-der-certat-tagesberichte


∗∗∗ VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows ∗∗∗
---------------------------------------------
Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Windows, allows attackers to execute arbitrary code disguised as arguments to the command.
---------------------------------------------
https://kb.cert.org/vuls/id/123335


∗∗∗ Wie sich NIS 2 auf Mitarbeiter in Unternehmen auswirken wird ∗∗∗
---------------------------------------------
ÖGB Datenschutzexperte Sebastian Klocker im Interview über Schulungsmaßnahmen, Zutrittskontrollen und Überwachung.
---------------------------------------------
https://futurezone.at/netzpolitik/nis-2-cybersicherheit-richtlinie-eu-gesetz-oesterreich-auswirkungen-mitarbeiter-beschaeftigte/402850531


∗∗∗ Datenpanne bei Microsoft: Passwörter und Quellcode lagen wohl offen im Netz ∗∗∗
---------------------------------------------
Microsoft hatte offenbar einen Azure-Storage-Server falsch konfiguriert. Angeblich sind allerhand sensible Daten des Konzerns für jedermann abrufbar gewesen.
---------------------------------------------
https://www.golem.de/news/datenpanne-bei-microsoft-passwoerter-und-quellcode-lagen-wohl-offen-im-netz-2404-183999.html


∗∗∗ Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious Windows Script Files (WSFs) since March 2024.
---------------------------------------------
https://thehackernews.com/2024/04/raspberry-robin-returns-new-malware.html


∗∗∗ Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla ∗∗∗
---------------------------------------------
Threat actors once again target system administrators via their favorite tools. Learn more about their TTPs and use the IOCs provide to investigate.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2024/04/active-nitrogen-campaign-delivered-via-malicious-ads-for-putty-filezilla


∗∗∗ Muddled Libra’s Evolution to the Cloud ∗∗∗
---------------------------------------------
Muddled Libra now actively targets CSP environments and SaaS applications. Using the MITRE ATT&CK framework, we outline observed TTPs from incident response.
---------------------------------------------
https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/


∗∗∗ Datendiebstahl unter macOS: Zwei neue Kampagnen aufgedeckt ∗∗∗
---------------------------------------------
Den Cyberkriminellen geht es um vertrauliche Nutzerdaten wie Passwörter. Unter anderem kommen gefälschte Werbeanzeigen zum Einsatz, um einen Infostealer einzuschleusen.
---------------------------------------------
https://www.zdnet.de/88415282/datendiebstahl-unter-macos-zwei-neue-kampagnen-aufgedeckt/?utm_source=rss&utm_medium=rss&utm_campaign=rss


∗∗∗ New Technique to Trick Developers Detected in an Open Source Supply Chain Attack ∗∗∗
---------------------------------------------
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware.
---------------------------------------------
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical BatBadBut Rust Vulnerability Exposes Windows Systems to Attacks ∗∗∗
---------------------------------------------
A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks.
---------------------------------------------
https://thehackernews.com/2024/04/critical-batbadbut-rust-vulnerability.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gtkwave), Fedora (dotnet7.0, dotnet8.0, and python-pillow), Mageia (apache, gstreamer1.0, libreoffice, perl-Data-UUID, and xen), Oracle (kernel, kernel-container, and varnish), Red Hat (edk2, kernel, rear, and unbound), SUSE (apache2-mod_jk, gnutls, less, and xfig), and Ubuntu (bind9, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, [...]
---------------------------------------------
https://lwn.net/Articles/969314/


∗∗∗ Patchday: Angreifer umgehen erneut Sicherheitsfunktion und attackieren Windows ∗∗∗
---------------------------------------------
Microsoft hat wichtige Sicherheitsupdates für unter anderem Bitlocker, Office und Windows Defender veröffentlicht. Zwei Lücken nutzen Angreifer bereits aus.
---------------------------------------------
https://heise.de/-9679989


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ XSA-455 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-455.html


∗∗∗ Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2024-017/


∗∗∗ PC System Recovery Bootloader Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500613-PC-SYSTEM-RECOVERY-BOOTLOADER-VULNERABILITIES


∗∗∗ AMI MegaRAC Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500612-AMI-MEGARAC-VULNERABILITY


∗∗∗ System Management Module (SMM v1 and v2) and Fan Power Controller (FPC) Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/SYSTEM-MANAGEMENT-MODULE-SMM-V1-AND-V2-AND-FAN-POWER-CONTROLLER-FPC-VULNERABILITIES


∗∗∗ AMD Radeon Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500615


∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/04/09/adobe-releases-security-updates-multiple-products-0


∗∗∗ Sunhillo SureLine Command Injection Attack ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/outbreak-alert/sunhillo-sureline-attack

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily