[CERT-daily] Tageszusammenfassung - 17.06.2024

Mon Jun 17 18:11:48 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-06-2024 18:00 − Montag 17-06-2024 18:02
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New Linux malware is controlled through emojis sent from Discord ∗∗∗
---------------------------------------------
The malware is similar to many other backdoors/botnets used in different attacks, allowing threat actors to execute commands, take screenshots, steal files, deploy additional payloads, and search for files. However, its use of Discord and emojis as a command and control (C2) platform makes the malware stand out from others and could allow it to bypass security software that looks for text-based commands.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-linux-malware-is-controlled-through-emojis-sent-from-discord/


∗∗∗ New ARM TIKTAG attack impacts Google Chrome, Linux systems ∗∗∗
---------------------------------------------
A new speculative execution attack named "TIKTAG" targets ARMs Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. [..] Leaking those tags does not directly expose sensitive data such as passwords, encryption keys, or personal information. However, it can theoretically allow attackers to undermine the protections provided by MTE, rendering the security system ineffective against stealthy memory corruption attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-arm-tiktag-attack-impacts-google-chrome-linux-systems/


∗∗∗ Ransomware Roundup – Shinra and Limpopo Ransomware ∗∗∗
---------------------------------------------
he Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/ransomware-roundup-shinra-and-limpopo-ransomware


∗∗∗ Ivanti Endpoint Manager: Exploit für kritische Lücke aufgetaucht ∗∗∗
---------------------------------------------
Ende Mai wurden teils kritische Sicherheitslücken in Ivantis Endpoint Manager (EPM) bekannt. Inzwischen haben IT-Sicherheitsforscher einen Proof-of-Concept-Exploit für eine davon veröffentlicht.
---------------------------------------------
https://heise.de/-9765685


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, libreoffice, podman, python-idna, rpm-ostree, and ruby), Debian (atril, chromium, ffmpeg, libndp, libvpx, nano, plasma-workspace, pymongo, roundcube, sendmail, and thunderbird), Fedora (booth and thunderbird), Mageia (aom, atril, libvpx, nano, nss, firefox, and vte), Red Hat (linux-firmware), SUSE (bind, booth, mariadb, openssl-1_1, php7, php8, and webkit2gtk3), and Ubuntu (linux-azure, linux-azure-fde, linux-azure, linux-gke, and linux-nvidia-6.5).
---------------------------------------------
https://lwn.net/Articles/978709/


∗∗∗ Sicherheitsupdates: Angreifer können Asus-Router kompromittieren ∗∗∗
---------------------------------------------
Mehrere WLAN-Router von Asus sind verwundbar und Angreifer können auf sie zugreifen. Updates lösen mehrere Sicherheitsprobleme. [..] Wie aus dem Sicherheitsbereich der Asus-Website hervorgeht, sind von der „kritischen“ Schwachstelle (CVE-2024-3080) die WLAN-Router-Modelle RT-AC68U, RTAC86U, RT-AX57, RT-AX58U, RT-AX88U, XT8_V2 und XT8 betroffen.
---------------------------------------------
https://heise.de/-9765067


∗∗∗ Nextcloud: Angreifer können Zwei-Faktor-Authentifizierung umgehen ∗∗∗
---------------------------------------------
Die Clouddienst-Software Nextcloud ist verwundbar. In aktuellen Versionen haben die Entwickler mehrere Sicherheitslücken geschlossen. [..] Am gefährlichsten gelten zwei Lücken in Nextcloud und Nextcloud Enterprise. An diesen Stellen können Angreifer die Rechte von Freigaben ausweiten (CVE-2024-37882 "hoch") oder die Zwei-Faktor-Authentifizierung umgehen (CVE-2024-37313 "hoch"). Wie solche Attacken ablaufen könnten, führen die Entwickler derzeit nicht aus.
---------------------------------------------
https://heise.de/-9766062


∗∗∗ Vulnerability Summary for the Week of June 10, 2024 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/bulletins/sb24-169

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily