[CERT-daily] Tageszusammenfassung - 07.05.2024

Tue May 7 18:06:05 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 06-05-2024 18:00 − Dienstag 07-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Case Study: The Malicious Comment ∗∗∗
---------------------------------------------
How safe is your comments section? Discover how a seemingly innocent thank you comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures.
---------------------------------------------
https://thehackernews.com/2024/05/new-case-study-malicious-comment.html


∗∗∗ Ransomware evolves from mere extortion to psychological attacks ∗∗∗
---------------------------------------------
RSAC Ransomware infections and extortion attacks have become "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/05/07/ransomware_evolves_from_mere_extortion/


∗∗∗ Betrug am Telefon: Kriminelle täuschen hohe Abbuchungen vor ∗∗∗
---------------------------------------------
Vorsicht, wenn Ihnen jemand am Telefon erklärt, dass es „versteckte Abbuchungen“ von Ihrem Bankkonto gibt. Hierbei handelt es sich um eine Betrugsmasche. Um glaubwürdig zu wirken, nennen die Kriminellen persönliche Daten von Ihnen. Diese wurden aber im Zuge einer Phishing-Falle gesammelt. Legen Sie auf!
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-am-telefon-kriminelle-taeuschen-hohe-abbuchungen-vor/


∗∗∗ Ein Kopf (Administrator) der LockBit-Gruppe enttarnt? ∗∗∗
---------------------------------------------
Der "Kopf" und gleichzeitig Administrator der Ransomware-Gruppe LockBit ist laut Mitteilung der Strafverfolger identifiziert.
---------------------------------------------
https://www.borncity.com/blog/2024/05/07/ein-kopf-administrator-der-lockbit-gruppe-enttarnt/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak ∗∗∗
---------------------------------------------
Recently, we identified a novel network technique that bypasses VPN encapsulation. An attacker can use this technique to force a target user’s traffic off their VPN tunnel using built-in features of DHCP (Dynamic Host Configuration Protocol).
---------------------------------------------
https://www.leviathansecurity.com/blog/tunnelvision


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel), Gentoo (libjpeg-turbo, xar, and Xpdf), Red Hat (bind, dhcp and glibc), and SUSE (bouncycastle, curl, flatpak, less, and xen).
---------------------------------------------
https://lwn.net/Articles/972679/


∗∗∗ Android-Patchday: Angreifer können Rechte im System ausweiten ∗∗∗
---------------------------------------------
Google schließt am Android-Patchday mehrere Lücken, durch die Angreifer ihre Rechte ausweiten können.
---------------------------------------------
https://heise.de/-9710075


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ PTC Codebeamer ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-01


∗∗∗ SUBNET Substation Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily