[CERT-daily] Tageszusammenfassung - 17.04.2024

Daily end-of-shift report team at cert.at
Wed Apr 17 18:10:23 CEST 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-04-2024 18:00 − Mittwoch 17-04-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ SoumniBot: the new Android banker’s unique techniques ∗∗∗
---------------------------------------------
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
---------------------------------------------
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/


∗∗∗ Malicious PDF File Used As Delivery Mechanism, (Wed, Apr 17th) ∗∗∗
---------------------------------------------
Billions of PDF files are exchanged daily and many people trust them because they think the file is "read-only" and contains just "a bunch of data". In the past, badly crafted PDF files could trigger nasty vulnerabilities in PDF viewers.
---------------------------------------------
https://isc.sans.edu/diary/rss/30848


∗∗∗ Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware ∗∗∗
---------------------------------------------
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account.
---------------------------------------------
https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html


∗∗∗ Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a new campaign thats exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.
---------------------------------------------
https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html


∗∗∗ Neue Phishing-Masche: Gefälschte Postbriefe ∗∗∗
---------------------------------------------
Die Polizei warnt vor vermehrten Phishing-Fällen in der Steiermark. In Postkästen hinterlegten unbekannte Täter gefälschte Postbenachrichtigungen mit angeführten QR-Codes. Damit sollen Opfer auf eine gefälschte Website gelockt und persönliche Daten abgesaugt werden.
---------------------------------------------
https://steiermark.orf.at/stories/3253261/


∗∗∗ Vorsicht vor unseriösen Ticketangeboten für die UEFA EURO 2024 in Deutschland! ∗∗∗
---------------------------------------------
Fußball-Fans aufgepasst: Wenn Sie jetzt noch auf der Suche nach Eintrittskarten in die Europameisterschaftsstadien für die EM 2024 sind, müssen Sie sich vor betrügerischen und unseriösen Angeboten in Acht nehmen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-ticketangebote-euro2024/


∗∗∗ OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal ∗∗∗
---------------------------------------------
The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.
---------------------------------------------
https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Ivanti warns of critical flaws in its Avalanche MDM solution ∗∗∗
---------------------------------------------
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/


∗∗∗ VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models ∗∗∗
---------------------------------------------
Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application.
---------------------------------------------
https://kb.cert.org/vuls/id/253266


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache2 and cockpit), Fedora (firefox, kernel, mbedtls, python-cbor2, wireshark, and yyjson), Mageia (nghttp2), Red Hat (kernel, kernel-rt, opencryptoki, pcs, shim, squid, and squid:4), Slackware (firefox), SUSE (emacs, firefox, and kernel), and Ubuntu (linux-aws, linux-aws-5.15, linux-aws-6.5, linux-raspi, and linux-iot).
---------------------------------------------
https://lwn.net/Articles/970169/


∗∗∗ Oracle Critical Patch Update Advisory - April 2024 ∗∗∗
---------------------------------------------
https://www.oracle.com/security-alerts/cpuapr2024.html


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Huawei Security Bulletins ∗∗∗
---------------------------------------------
https://securitybulletin.huawei.com/enterprise/en/security-advisory

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list