[CERT-daily] Tageszusammenfassung - 06.05.2024

Mon May 6 18:42:29 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-05-2024 18:00 − Montag 06-05-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Vorsicht vor gefälschten RTR-Briefen ∗∗∗
---------------------------------------------
Kriminelle geben sich in einem Brief als Rundfunk und Telekom Regulierungs-GmbH (RTR) aus. Im Schreiben steht, dass für den Anschluss an Mobilfunknetze und die Wartung von Basisstationen ein Entgelt von € 8,90 zu bezahlen sei.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-rtr-briefen/


∗∗∗ Microsoft: Sicherheit oberste Priorität in Produkten, Diensten und intern ∗∗∗
---------------------------------------------
In einem internen Memo und einem Blogpost stellt Microsoft Security bei allen Entwicklungen an erste Stelle. Das gilt für Produkte wie Services. [..] Charlie Bell zufolge will sich sein Unternehmen strikt an die Vorgaben des CSRB halten.
---------------------------------------------
https://heise.de/-9708577


∗∗∗ Breaking down Microsoft’s pivot to placing cybersecurity as a top priority ∗∗∗
---------------------------------------------
Recently, Microsoft had quite frankly a kicking from the US Department of Homeland Security over their security practices in a Cyber Safety Review Board report. I’ve tried to keep as quiet as possible about this one for various reasons (and I was not involved in the CSRB report, even anonymously) — although long time followers will know I’ve been often critical of Microsoft’s security posture. The CSRB report is well worth a read — they did a great job. [..] As always, the proof is in the pudding, not the vendor blog. I think these changes will take a few years to start to work through, and fully expect a few more clanger breaches in the mean time. And that’s annoying but okay, because hard work is hard.
---------------------------------------------
https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01


∗∗∗ Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution ∗∗∗
---------------------------------------------
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet thats vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the latest version.
---------------------------------------------
https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html


∗∗∗ Lockbits seized site comes alive to tease new police announcements ∗∗∗
---------------------------------------------
The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbits-seized-site-comes-alive-to-tease-new-police-announcements/


∗∗∗ Why Your VPN May Not Be As Secure As It Claims ∗∗∗
---------------------------------------------
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a targets traffic off of the protection provided by their VPN without triggering any alerts to the user.
---------------------------------------------
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/


∗∗∗ Financial cyberthreats in 2023 ∗∗∗
---------------------------------------------
In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware.
---------------------------------------------
https://securelist.com/financial-threat-report-2023/112526/


∗∗∗ HijackLoader Updates ∗∗∗
---------------------------------------------
HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution. It uses a modular architecture, a feature that most loaders do not have – which we discussed in a previous HijackLoader blog. ThreatLabz researchers recently analyzed a new HijackLoader sample that has updated evasion techniques.
---------------------------------------------
https://www.zscaler.com/blogs/security-research/hijackloader-updates


∗∗∗ New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw ∗∗∗
---------------------------------------------
By WaqasA new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_sparkThis is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw
---------------------------------------------
https://www.hackread.com/goldoon-botnet-targeting-d-link-devices/


∗∗∗ End-to-end encryption may be the bane of cops, but they cant close that Pandoras Box ∗∗∗
---------------------------------------------
Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/05/05/e2ee_police/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (glibc, intel-microcode, less, libkf5ksieve, and ruby3.1), Fedora (chromium, gdcm, httpd, and stalld), Gentoo (Apache Commons BCEL, borgmatic, Dalli, firefox, HTMLDOC, ImageMagick, MediaInfo, MediaInfoLib, MIT krb5, MPlayer, mujs, Pillow, Python, PyPy3, QtWebEngine, Setuptools, strongSwan, and systemd), Oracle (grub2 and shim), Red Hat (git-lfs, kpatch-patch, unbound, and varnish), and SUSE (avahi, grafana and mybatis, java-11-openjdk, java-17-openjdk, skopeo, SUSE Manager Client Tools, SUSE Manager Salt Bundle, and SUSE Manager Server 4.3).
---------------------------------------------
https://lwn.net/Articles/972571/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily