[CERT-daily] Tageszusammenfassung - 13.08.2024

Tue Aug 13 18:52:10 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 12-08-2024 18:00 − Dienstag 13-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ APT trends report Q2 2024 ∗∗∗
---------------------------------------------
The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.
---------------------------------------------
https://securelist.com/apt-trends-report-q2-2024/113275/


∗∗∗ AMD won’t patch Sinkclose security bug on older Zen CPUs ∗∗∗
---------------------------------------------
Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly underhand malware and rogue insiders, though the chip designer is only patching models made since 2020.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/08/13/amd_sinkclose_patches/


∗∗∗ Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls ∗∗∗
---------------------------------------------
Because apps talking like pirates and creating ASCII art never gets old Despite worries about criminals using prompt injection to trick large language models (LLMs) into leaking sensitive data or performing other destructive actions, most of these types of AI shenanigans come from job seekers trying to get their resumes past automated HR screeners – and people protesting generative AI for various reasons, according to Russian security biz Kaspersky.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/08/13/who_uses_llm_prompt_injection/


∗∗∗ CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz ∗∗∗
---------------------------------------------
On August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerability, which has been assigned a CVSS score of 9.8, allows threat actors to perform pre-authentication remote code execution (RCE). While testing a patch for CVE-2024-36104, SonicWall researchers discovered that unauthenticated access was permitted to the ProgramExport endpoint, potentially enabling the execution of arbitrary code.
---------------------------------------------
https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz


∗∗∗ Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation ∗∗∗
---------------------------------------------
NIST has formally published three post-quantum cryptography standards from the competition it held to develop cryptography able to withstand the anticipated quantum computing decryption of current asymmetric encryption.
---------------------------------------------
https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/


∗∗∗ Falsche Mitteilung im Namen des Bundeskanzleramtes über Entschädigungszahlungen ∗∗∗
---------------------------------------------
Kriminelle versenden im Namen des Bundeskanzleramtes gefälschte E-Mails über eine Entschädigungszahlung für die Wasser- und Energierechnung. Im E-Mail steht, dass Sie € 102,49 erhalten. Für den Erhalt der Summe, müssen Sie aber auf einen Link klicken.
---------------------------------------------
https://www.watchlist-internet.at/news/falsche-mitteilung-im-namen-des-bundeskanzleramtes-ueber-entschaedigungszahlungen/


∗∗∗ Harnessing LLMs for Automating BOLA Detection ∗∗∗
---------------------------------------------
Learn about BOLABuster, an LLM-driven tool automating BOLA vulnerability detection in web applications. Issues have already been identified in multiple projects.
---------------------------------------------
https://unit42.paloaltonetworks.com/automated-bola-detection-and-ai/


∗∗∗ Strafverfolgern gelingt Schlag gegen Radar/Dispossessor Ransomwaregruppe ∗∗∗
---------------------------------------------
Es ist der nächste Schlag gegen Cyberkriminelle. Strafverfolger aus den USA (FBI), Großbritannien und Deutschland ist es gelungen, die Infrastruktur der Ransomwaregruppe Radar/Dispossessor zu zerschlagen.
---------------------------------------------
https://www.borncity.com/blog/2024/08/13/strafverfolgern-gelingt-schlag-gegen-radar-dispossessor-ransomwaregruppe/


∗∗∗ Hackers Leak 1.4 Billion Tencent User Accounts Online ∗∗∗
---------------------------------------------
Massive data leak exposes 1.4 billion Tencent user accounts. Leaked data includes emails, phone numbers, and QQ IDs potentially linked to the “Mother of All Breaches” (MOAB).
---------------------------------------------
https://hackread.com/hackers-leak-1-4-billion-tencent-user-accounts-online/


∗∗∗ CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations ∗∗∗
---------------------------------------------
This report delves into the intricacies of the CryptoCore group’s scam and analyses their modus operandi. We will describe key exploited events, including hijacked YouTube accounts and deepfake videos, alongside a technical analysis of the fraudulent sites. One purpose of this study is to present a fundamental analysis – and key statistics – of fraudulent wallets that have received profits in the millions of dollars, as well as provide statistical data on detections, showing how victims are lured into suspicious websites and ultimately end up crypto scam victims.
---------------------------------------------
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/


∗∗∗ Ivanti warns of critical vTM auth bypass with public exploit ∗∗∗
---------------------------------------------
Tracked as CVE-2024-7593, this auth bypass vulnerability is due to an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Ivanti: August Security Update ∗∗∗
---------------------------------------------
Today, fixes have been released for the following solutions: Ivanti Neurons for ITSM, Ivanti Avalanche and Ivanti Virtual Traffic Manager (vTM).
---------------------------------------------
https://www.ivanti.com/blog/august-security-update


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel and roundcube), Fedora (microcode_ctl, pypy, python2.7, and python3.6), Oracle (389-ds-base, httpd, kernel, kernel-container, and linux-firmware), Red Hat (kernel-rt), SUSE (firefox, kubernetes1.23, libqt5-qtbase, openssl-1_1, python-gunicorn, python-Twisted, python-urllib3, and qt6-base), and Ubuntu (linux-aws-5.15, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.8, linux-oracle-5.15, and qemu).
---------------------------------------------
https://lwn.net/Articles/985481/


∗∗∗ SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps ∗∗∗
---------------------------------------------
SAP has released 25 security notes on August 2024 Security Patch Day, including for critical vulnerabilities in BusinessObjects and Build Apps.
---------------------------------------------
https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-businessobjects-build-apps/


∗∗∗ CISA Releases Ten Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
AVEVA SuiteLink Server, Rockwell Automation, Ocean Data Systems
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-releases-ten-industrial-control-systems-advisories


∗∗∗ Splunk: SVD-2024-0801: Third-Party Package Updates in Python for Scientific Computing - August 2024 ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0801


∗∗∗ Lenovo: NVIDIA GPU Display Driver - July 2024 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500637-NVIDIA-GPU-DISPLAY-DRIVER-JULY-2024


∗∗∗ Lenovo: LDCC and LADM Privilege Escalation Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500636-LDCC-AND-LADM-PRIVILEGE-ESCALATION-VULNERABILITIES


∗∗∗ 0patch: The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It ∗∗∗
---------------------------------------------
https://blog.0patch.com/2024/01/the-eventlogcrasher-0day-for-remotely.html


∗∗∗ tenable: [R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.2.1, 6.3.0 and 6.4.0: SC-202408.1 ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2024-13

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily