[CERT-daily] Tageszusammenfassung - 10.05.2024
Daily end-of-shift report
team at cert.at
Fri May 10 18:07:18 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 08-05-2024 18:00 − Freitag 10-05-2024 18:00
Handler: Alexander Riepl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Datenschutzvorfall: Dell informiert über Abfluss von Kundendaten ∗∗∗
---------------------------------------------
Zu den abgeflossenen Informationen zählen laut Dell Namen, Adressdaten sowie weitere Daten über Bestellungen und darin enthaltene Dell-Hardware.
---------------------------------------------
https://www.golem.de/news/datenschutzvorfall-dell-informiert-ueber-abfluss-von-kundendaten-2405-184976.html
∗∗∗ APT trends report Q1 2024 ∗∗∗
---------------------------------------------
The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.
---------------------------------------------
https://securelist.com/apt-trends-report-q1-2024/112473/
∗∗∗ Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery ∗∗∗
---------------------------------------------
Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet.
---------------------------------------------
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
∗∗∗ GhostStripe attack haunts self-driving cars by making them ignore road signs ∗∗∗
---------------------------------------------
Six boffins mostly hailing from Singapore-based universities have proven it's possible to attack autonomous vehicles by exploiting the system's reliance on camera-based computer vision and cause it to not recognize road signs.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/05/10/baidu_apollo_hack/
∗∗∗ Back to the Hype: An Update on How Cybercriminals Are Using GenAI ∗∗∗
---------------------------------------------
Generative AI continues to be misused and abused by malicious individuals. In this article, we dive into new criminal LLMs, criminal services with ChatGPT-like capabilities, and deepfakes being offered on criminal sites.
---------------------------------------------
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai
∗∗∗ Zscaler Investigates Hacking Claims After Data Offered for Sale ∗∗∗
---------------------------------------------
Zscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.
---------------------------------------------
https://www.securityweek.com/zscaler-investigates-hacking-claims-after-data-offered-for-sale/
∗∗∗ With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge ∗∗∗
---------------------------------------------
The nation’s top cybersecurity agency said 68 of the world’s leading software manufacturers have signed on to a voluntary pledge to design products that have security built in from the beginning.
---------------------------------------------
https://therecord.media/secure-by-design-companies-cisa-rsa
∗∗∗ In interview, LockbitSupp says authorities outed the wrong guy ∗∗∗
---------------------------------------------
The leader of the LockBit ransomware gang, who goes by the name LockbItSupp, told Click Here in an interview that international law enforcement has made a mistake.
---------------------------------------------
https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit
∗∗∗ Krypto-Betrüger: Sechs Österreicher festgenommen ∗∗∗
---------------------------------------------
Weil sie einen Online-Handel mit angeblich neuer Kryptowährung aufgezogen und damit Investoren abgezockt haben, wurden nun sechs Österreicher verhaftet.
---------------------------------------------
https://heise.de/-9714300
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (ansible-core, avahi, bind, buildah, containernetworking-plugins, edk2, fence-agents, file, freeglut, freerdp, frr, git-lfs, gnutls, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, libjpeg-turbo, libnbd, LibRaw, libreswan, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, [...]
---------------------------------------------
https://lwn.net/Articles/973071/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (container-tools:4.0, container-tools:rhel8, git-lfs, glibc, libxml2, nodejs:18, and nodejs:20), Debian (dav1d and libpgjava), Fedora (kernel and pypy), Red Hat (glibc and nodejs:16), SUSE (ffmpeg, ffmpeg-4, ghostscript, go1.21, go1.22, less, python-python-jose, python-Werkzeug, and sssd), and Ubuntu (fossil, glib2.0, and libspreadsheet-parsexlsx-perl).
---------------------------------------------
https://lwn.net/Articles/973206/
∗∗∗ Admins müssen selbst handeln: PuTTY-Sicherheitslücke bedroht Citrix Hypervisor ∗∗∗
---------------------------------------------
Um XenCenter für Citrix Hypervisor abzusichern, müssen Admins händisch ein Sicherheitsupdate für das SSH-Tool PuTTY installieren.
---------------------------------------------
https://heise.de/-9713898
∗∗∗ Google Chrome: Exploit für Zero-Day-Lücke gesichtet ∗∗∗
---------------------------------------------
In Googles Webbrowser Chrome klafft eine Sicherheitslücke, für die ein Exploit existiert. Google reagiert mit einem Notfall-Update.
---------------------------------------------
https://heise.de/-9714519
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ 2024-05 Reference Advisory: Junos OS and Junos OS Evolved: Multiple CVEs reported in OpenSSH ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list