[CERT-daily] Tageszusammenfassung - 08.03.2024
Daily end-of-shift report
team at cert.at
Fri Mar 8 18:11:24 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-03-2024 18:00 − Freitag 08-03-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard ∗∗∗
---------------------------------------------
This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process.
---------------------------------------------
https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
∗∗∗ New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3 ∗∗∗
---------------------------------------------
In the past three weeks, we’ve started seeing an uptick in attacks from a new malware campaign targeting this same Popup Builder vulnerability. According to PublicWWW, over 3,300 websites have already been infected by this new campaign. Our own SiteCheck remote malware scanner has detected this malware on over 1,170 sites.
---------------------------------------------
https://blog.sucuri.net/2024/03/new-malware-campaign-found-exploiting-stored-xss-in-popup-builder-4-2-3.html
∗∗∗ Google-Präsenz verbessern? Vorsicht vor Abzocker-Unternehmen! ∗∗∗
---------------------------------------------
Unternehmen wenden sich derzeit an uns und berichten von unseriösen Anbietern, die sich als Kooperationspartner von Google ausgeben. Das Angebot: Sie helfen dabei, den Unternehmensauftritt bei Google zu verbessern, ein angebotenes Beratungsgespräch soll nach dem Gespräch bezahlt werden und koste einmalig bis zu 80 Euro. Doch weit gefehlt: Erfahrungsberichten zufolge tappt man hier in eine Abo-Falle, die nur schwer zu kündigen ist.
---------------------------------------------
https://www.watchlist-internet.at/news/abzocke-google-praesenz/
∗∗∗ Online scam taxonomy: the many ways to trick us ∗∗∗
---------------------------------------------
Because there are so many different types of online scams, we have compiled a list of scam taxonomy, shortly explaining what these scams mean. It’s important to stay vigilant against these threats, so it’s easier to avoid them.
---------------------------------------------
https://blog.f-secure.com/online-scam-taxonomy/
∗∗∗ Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities ∗∗∗
---------------------------------------------
Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. Campaigns that we were able to attribute to this actor targeted Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ.
---------------------------------------------
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
∗∗∗ Cisco: Angreifer können sich zum Root-Nutzer unter Linux machen ∗∗∗
---------------------------------------------
Cisco AppDynamics, Duo Authentication, Secure Client, Secure Client for Linux und Wireless Access Points der Small-Business-Reihe sind angreifbar. Sicherheitspatches stehen zum Download bereit.
---------------------------------------------
https://heise.de/-9649863
∗∗∗ Angeblicher Tesla-Hack mit Flipper Zero entpuppt sich als Sturm im Wasserglas ∗∗∗
---------------------------------------------
Mittels eines gefälschten Gast-WLANs im Tesla-Design könnten Angreifer an Superchargern oder in Service-Centern Zugänge abgreifen, warnen die Experten.
---------------------------------------------
https://heise.de/-9650018
=====================
= Vulnerabilities =
=====================
∗∗∗ pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE) ∗∗∗
---------------------------------------------
“pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. [..] If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them and gain code execution.
---------------------------------------------
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
∗∗∗ QNAP Security Advisories 2024-03-09 ∗∗∗
---------------------------------------------
Security Impact Rating: 1x Critical, 4x Medium
---------------------------------------------
https://www.qnap.com/en-us/security-advisories
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fontforge), Fedora (chromium, iwd, libell, and thunderbird), Oracle (buildah, kernel, skopeo, and tomcat), Red Hat (opencryptoki), Slackware (ghostscript), SUSE (go1.21, go1.22, google-oauth-java-client, jetty-minimal, openssl-1_0_0, python310, sudo, wpa_supplicant, and xmlgraphics-batik), and Ubuntu (libhtmlcleaner-java, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency-hwe-5.15, linux-nvidia, linux-azure, linux-azure-6.5, linux-hwe-6.5, mqtt-client, ncurses, and puma).
---------------------------------------------
https://lwn.net/Articles/964832/
∗∗∗ macOS 14.4 und mehr: Apple patcht schwere Sicherheitslücken ∗∗∗
---------------------------------------------
Apples Update-Reigen geht weiter: Nach iOS und iPadOS hat der Hersteller in der Nacht auf Freitag neue Versionen und Patches veröffentlicht, die für macOS, watchOS, tvOS und visionOS veröffentlicht. Neben kleineren Funktionserweiterungen und Bugfixes sollen die Aktualisierungen auch zwei gravierende Zero-Day-Schwachstellen im Kernel ausräumen, die nach Informationen von Apple wohl bereits aktiv für Angriffe ausgenutzt wurden.
---------------------------------------------
https://heise.de/-9649559
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list