[CERT-daily] Tageszusammenfassung - 16.02.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 15-02-2024 18:00 − Freitag 16-02-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ RansomHouse gang automates VMware ESXi attacks with new MrAgent tool ∗∗∗
---------------------------------------------
The RansomHouse ransomware operation has created a new tool named MrAgent that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomhouse-gang-automates-vmware-esxi-attacks-with-new-mragent-tool/


∗∗∗ Berliner Kritis-Lieferant: PSI Software nimmt Systeme nach Cyberangriff offline ∗∗∗
---------------------------------------------
Der Softwarekonzern beliefert unter anderem Betreiber von Energienetzen und Verkehrsinfrastrukturen sowie Kunden aus den Bereichen Industrie und Logistik.
---------------------------------------------
https://www.golem.de/news/berliner-kritis-lieferant-psi-software-nimmt-systeme-nach-cyberangriff-offline-2402-182289.html


∗∗∗ Phishing und Spoofing: BSI gibt Hinweise zur E-Mail-Authentifizierung ∗∗∗
---------------------------------------------
Gewappnet mit Standards wie SPF, DKIM und DMARC könnten Anbieter selbst neue Angriffe wie SMTP-Smuggling erschweren, heißt es in einer Technischen Richtlinie.
---------------------------------------------
https://www.heise.de/-9631309


∗∗∗ F5 behebt 20 Sicherheitslücken in Big-IP-Loadbalancer, WAF und nginx ∗∗∗
---------------------------------------------
Unter anderem konnten Angreifer eigenen Code in den Loadbalancer einschmuggeln, nginx hingegen verschluckte sich an HTTP3/QUIC-Anfragen.
---------------------------------------------
https://www.heise.de/-9629983


∗∗∗ Falsche DHL-Boten fordern am Telefon SMS-Code für vermeintliche Paketzustellung ∗∗∗
---------------------------------------------
Kriminelle ergaunern SMS-Codes für Paket-Zustellungen. Dabei geben sich die Täter gegenüber potenziellen Opfern als angebliche DHL-Mitarbeiter aus.
---------------------------------------------
https://www.heise.de/-9630541


∗∗∗ Alpha Ransomware Emerges From NetWalker Ashes ∗∗∗
---------------------------------------------
Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/alpha-netwalker-ransomware



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that its being likely exploited in Akira ransomware attacks.
---------------------------------------------
https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (bind), Red Hat (.NET 8.0 and kpatch-patch), SUSE (golang-github-prometheus-alertmanager, java-1_8_0-openj9, kernel, libaom, openssl-3, postgresql15, salt, SUSE Manager Client Tools, SUSE Manager Server 4.3, and webkit2gtk3), and Ubuntu (shadow).
---------------------------------------------
https://lwn.net/Articles/962506/


∗∗∗ Eight Vulnerabilities Disclosed in the AI Development Supply Chain ∗∗∗
---------------------------------------------
Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed. All have CVE numbers, one has critical severity, and seven have high severity. [..] They are: 
CVE-2023-6975: arbitrary file write in MLFLow, CVSS 9.8, 
CVE-2023-6753: arbitrary file write on Windows in MLFlow, CVSS 9.6, 
CVE-2023-6730: RCE in Hugging Face Transformers via RagRetriever.from_pretrained(), CVSS 9.0, 
CVE-2023-6940: server side template injection bypass in MLFlow, CVSS 9.0, 
CVE-2023-6976: arbitrary file upload patch bypass in MLFlow, CVSS 8.8, 
CVE-2023-31036: RCE via arbitrary file overwrite in Triton Inference Server, CVSS 7.5, 
CVE-2023-6909: local file inclusion in MLFlow, CVSS 7.5, 
CVE-2024-0964: LFI in Gradio, CVSS 7.5
---------------------------------------------
https://www.securityweek.com/eight-vulnerabilities-disclosed-in-the-ai-development-supply-chain/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily