[CERT-daily] Tageszusammenfassung - 23.07.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 22-07-2024 18:00 − Dienstag 23-07-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ US-Ausschuss lädt ein: Crowdstrike-CEO soll für IT-Panne Rede und Antwort stehen ∗∗∗
---------------------------------------------
Millionen von Windows-PCs konnten am Freitag plötzlich nicht mehr starten. Der Heimatschutzausschuss des US-Repräsentantenhauses will genau wissen, wie es dazu kam.
---------------------------------------------
https://www.golem.de/news/us-ausschuss-laedt-ein-crowdstrike-ceo-soll-fuer-it-panne-rede-und-antwort-stehen-2407-187318.html


∗∗∗ Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware ∗∗∗
---------------------------------------------
The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY.
---------------------------------------------
https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html


∗∗∗ Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress ∗∗∗
---------------------------------------------
Authorities in the UK infiltrated and disrupted the DDoS-for-hire service DigitalStress, and one suspect was arrested.
---------------------------------------------
https://www.securityweek.com/law-enforcement-disrupts-ddos-for-hire-service-digitalstress/


∗∗∗ FrostyGoop ICS Malware Left Ukrainian City’s Residents Without Heating ∗∗∗
---------------------------------------------
The FrostyGoop ICS malware was used recently in an attack against a Ukrainian energy firm that resulted in loss of heating for many buildings.
---------------------------------------------
https://www.securityweek.com/frostygoop-ics-malware-left-ukrainian-citys-residents-without-heating/


∗∗∗ Kriminelle nutzen weltweite IT-Ausfälle für Betrugsmaschen ∗∗∗
---------------------------------------------
Vorsicht, wenn Sie Anrufe oder E-Mails im Namen von Crowdstrike oder Microsoft erhalten. Die weltweiten IT-Ausfälle, die durch Crowdstrike verursacht wurden, werden nun von Kriminellen als Vorwand für verschiedene Betrugsmaschen genutzt.
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-nutzen-weltweite-it-ausfaelle-fuer-betrugsmaschen/


∗∗∗ Vorsicht vor gefälschten Anfragen im Namen der PORR ∗∗∗
---------------------------------------------
Kriminelle geben sich als Firma PORR aus und versenden betrügerische E-Mail-Anfragen. Sie werden gebeten, ein Angebot zu stellen und dazu die Ausschreibungsunterlagen auf www.ausschreibungen-porr.at zu verwenden. Dieser Link führt jedoch zu einem gefälschten Ondrive-Ordner!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-anfragen-im-namen-der-porr/


∗∗∗ Vulnerabilities in LangChain Gen AI ∗∗∗
---------------------------------------------
This article is a detailed study of CVE-2023-46229 and CVE-2023-44467, two vulnerabilities discovered by our researchers affecting generative AI framework LangChain.
---------------------------------------------
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/


∗∗∗ Daggerfly: Espionage Group Makes Major Update to Toolset ∗∗∗
---------------------------------------------
APT group appears to be using a shared framework to create Windows, Linux, macOS, and Android threats.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset


∗∗∗ Learning from the Recent Windows/Falcon Sensor Outage: Causes and Potential Improvement Strategies in Linux Using Open Source Solutions ∗∗∗
---------------------------------------------
How can a configuration file crash an OS? Because the real issue is not the configuration file itself, but the kernel driver using it. Let’s take a quick, non-technical tour of the potential reasons behind this situation, how it is addressed in the Linux kernel, and what you as users or customers can do to avoid such issues.
---------------------------------------------
https://www.circl.lu/pub/learning-from-falcon-sensor-outage/


∗∗∗ Exploiting CVE-2024-21412: A Stealer Campaign Unleashed ∗∗∗
---------------------------------------------
FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed


∗∗∗ So nicht: Wie sich ein Netzbetreiber in den Totalausfall manövriert hat ∗∗∗
---------------------------------------------
26 Stunden lang sind die Kunden eines großen Netzbetreibers offline. Damit auch Notruf, Banken, Kassen. 2 Jahre später wird deutlich, was schiefgelaufen ist.​
---------------------------------------------
https://heise.de/-9808767



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (gtk3 and jpegxl), Red Hat (kpatch-patch and thunderbird), SUSE (apache2, git, gnome-shell, java-11-openjdk, java-21-openjdk, kernel, kernel-firmware, kernel-firmware-nvidia-gspx-G06, libgit2, mozilla-nss, nodejs20, python-Django, and python312), and Ubuntu (linux-aws, linux-aws, linux-aws-5.4, linux-iot, linux-aws-5.15, pymongo, and ruby-rack).
---------------------------------------------
https://lwn.net/Articles/982939/


∗∗∗ Software-Distributionssystem TeamCity erinnert sich an gelöschte Zugangstoken ∗∗∗
---------------------------------------------
Angreifer können an sechs mittlerweile geschlossenen Sicherheitslücken in JetBrain TeamCity ansetzen.
---------------------------------------------
https://heise.de/-9810746


∗∗∗ 10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/07/10000-wordpress-sites-affected-by-high-severity-vulnerabilities-in-bookingpress-wordpress-plugin/


∗∗∗ National Instruments IO Trace ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01


∗∗∗ RADIUS Protocol Forgery Vulnerability (Blast-RADIUS) ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014


∗∗∗ Hitachi Energy AFS/AFR Series Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02


∗∗∗ National Instruments LabVIEW ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily