[CERT-daily] Tageszusammenfassung - 14.05.2024

Tue May 14 18:09:22 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 13-05-2024 18:00 − Dienstag 14-05-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ PyPi package backdoors Macs using the Sliver pen-testing suite ∗∗∗
---------------------------------------------
A new package mimicked the popular requests library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/


∗∗∗ Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android ∗∗∗
---------------------------------------------
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/apple-and-google-add-alerts-for-unknown-bluetooth-trackers-to-ios-android/


∗∗∗ Incident response analyst report 2023 ∗∗∗
---------------------------------------------
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
---------------------------------------------
https://securelist.com/kaspersky-incident-response-report-2023/112504/


∗∗∗ Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated., (Tue, May 14th) ∗∗∗
---------------------------------------------
Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS.
---------------------------------------------
https://isc.sans.edu/diary/rss/30916


∗∗∗ Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls ∗∗∗
---------------------------------------------
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.
---------------------------------------------
https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html


∗∗∗ Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code ∗∗∗
---------------------------------------------
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.The most severe of the vulnerabilities are listed below -CVE-2024-25641 (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that
---------------------------------------------
https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html


∗∗∗ Log4J shows no sign of fading, spotted in 30% of CVE exploits ∗∗∗
---------------------------------------------
Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks, according to a Cato Networks survey. Enterprises are too trusting within their networks The Cato CTRL SASE Threat Report Q1 2024 provides insight into the security threats and their ..
---------------------------------------------
https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/


∗∗∗ Google Patches Second Chrome Zero-Day in One Week ∗∗∗
---------------------------------------------
Google has announced patches for another Chrome vulnerability that has been exploited in attacks. This is the second zero-day addressed by the company in one week and the third flaw leveraged in malicious attacks in 2024. The new zero-day, tracked as CVE-2024-4761, has been described as a high-severity out-of-bounds write issue ..
---------------------------------------------
https://www.securityweek.com/google-patches-second-chrome-zero-day-in-one-week/


∗∗∗ Falsche Gewinnbenachrichtigungen in echten Gewinnspielen ∗∗∗
---------------------------------------------
An einem Facebook-Gewinnspiel teilgenommen? Vorsicht, Kriminelle nutzen echte Gewinnspiele für Betrugsmaschen. Mit Fake-Profilen kommentieren sie die Kommentare der Teilnehmer:innen und behaupten, sie hätten gewonnen. Mit einem Link locken sie auf eine betrügerische Webseite. Wir zeigen Ihnen, wie Sie sicher an Gewinnspielen teilnehmen!
---------------------------------------------
https://www.watchlist-internet.at/news/falsche-gewinnbenachrichtigungen-in-echten-gewinnspielen/


∗∗∗ Foxit PDF Reader “Flawed Design” : Hidden Dangers Lurking in Common Tools ∗∗∗
---------------------------------------------
Heightened vulnerability: Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit PDF Reader. This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands, exploiting human psychology to manipulate users into accidentally providing ..
---------------------------------------------
https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/


∗∗∗ Guidance for organisations considering payment in ransomware incidents ∗∗∗
---------------------------------------------
Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.
---------------------------------------------
https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents


∗∗∗ Avast Q1/2024 Threat Report ∗∗∗
---------------------------------------------
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT CampaignThe post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
---------------------------------------------
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ TYPO3-CORE-SA-2024-010: Uncontrolled Resource Consumption in ShowImageController ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-core-sa-2024-010


∗∗∗ TYPO3-CORE-SA-2024-009: Cross-Site Scripting in ShowImageController ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-core-sa-2024-009


∗∗∗ TYPO3-CORE-SA-2024-008: Cross-Site Scripting in Form Manager Module ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-core-sa-2024-008


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
https://lwn.net/Articles/973667/


∗∗∗ Security Vulnerabilities fixed in Firefox ESR 115.11 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/


∗∗∗ Security Vulnerabilities fixed in Firefox 126 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily