[CERT-daily] Tageszusammenfassung - 17.05.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 16-05-2024 18:00 − Freitag 17-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Zahlungsaufforderungen der IDS EU zu Ihrer Domain ignorieren! ∗∗∗
---------------------------------------------
Österreichische Unternehmen erhalten aktuell Zahlungsaufforderungen einer IDS EU bzw. ids-eu.org und idseu.org. Die Forderungen sollen eine Domainregistrierung betreffen. Bei genauerem Hinsehen offenbart sich, dass IDS EU in Verbindung zu einem früheren Betrug steht, zu welchem die Watchlist Internet bereits berichtete. Es gilt: Nichts bezahlen und die Forderung ignorieren!
---------------------------------------------
https://www.watchlist-internet.at/news/zahlungsaufforderungen-ids-eu-ignorieren/


∗∗∗ Aufklärung nach Cyberangriff: BSI setzt Microsoft juristisch unter Druck ∗∗∗
---------------------------------------------
Seit Monaten versucht das BSI, von Microsoft Auskünfte zu einem Cyberangriff von 2023 zu erhalten. Inzwischen hat die Behörde ein Verwaltungsverfahren eröffnet.
---------------------------------------------
https://www.golem.de/news/aufklaerung-nach-cyberangriff-bsi-setzt-microsoft-juristisch-unter-druck-2405-185221.html


∗∗∗ Another PDF Streams Example: Extracting JPEGs, (Fri, May 17th) ∗∗∗
---------------------------------------------
In this diary entry, I will show how file-magic.py can augment JSON data produced by pdf-parser.py with file-type information that an then be used by myjson-filter.py to filter out files you are interested in. As an example, I will extract all JPEGs from a PDF document.
---------------------------------------------
https://isc.sans.edu/diary/rss/30924


∗∗∗ New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data ∗∗∗
---------------------------------------------
Dubbed Antidot and spotted in early May, the malware masquerades as a Google Play update and employs overlay attacks to harvest victims’ credentials.  [..] “The Antidot malware utilizes the MediaProjection feature to capture the display content of the compromised device. It then encodes this content and transmits it to the command-and-control (C&C) server,” Cyble explains.
---------------------------------------------
https://www.securityweek.com/new-antidot-android-trojan-allows-cybercriminals-to-hack-devices-steal-data/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SAP Security Patch Day – May 2024 ∗∗∗
---------------------------------------------
On 14th of May 2024, SAP Security Patch Day saw the release of 14 new Security Notes. Further, there were 3 updates to previously released Security Notes.
---------------------------------------------
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium, firefox, and podman), Mageia (chromium-browser-stable, ghostscript, and java-1.8.0, java-11, java-17, java-latest), Red Hat (bind, Firefox, firefox, gnutls, httpd:2.4, and thunderbird), SUSE (glibc, opera, and python-Pillow), and Ubuntu (dotnet7, dotnet8, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.5, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-signed, linux-signed-aws, linux-signed-aws-6.5, linux-starfive, linux-starfive-6.5, linux, linux-aws, linux-azure-4.15, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi).
---------------------------------------------
https://lwn.net/Articles/974055/


∗∗∗ QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) ∗∗∗
---------------------------------------------
The first four of these bugs have patches available. These bugs are fixed in the following products: QTS 5.1.6.2722 build 20240402 and later, QuTS hero h5.1.6.2734 build 20240414 and later [..] However, the remaining bugs still have no fixes available, even after an extended period. Those who are affected by these bugs are advised to consider taking such systems offline, or to heavily restrict access until patches are available.
---------------------------------------------
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/


∗∗∗ Trellix ePolicy Orchestrator ermöglicht Rechteausweitung ∗∗∗
---------------------------------------------
Vor zwei Sicherheitslücken in ePolicy Orchestrator warnt Hersteller Trellix. Bösartige Akteure können ihre Rechte ausweiten.
---------------------------------------------
https://heise.de/-9722391


∗∗∗ WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN85380030/


∗∗∗ Rechteausweitung durch unsichere Standardkonfiguration im CI-Out-of-Office Manager (SYSS-2024-013) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/rechteausweitung-durch-unsichere-standardkonfiguration-im-ci-out-of-office-manager-syss-2024-013


∗∗∗ Mattermost security update Desktop App v5.8.0 released ∗∗∗
---------------------------------------------
https://mattermost.com/blog/mattermost-security-update-desktop-app-v5-8-0-released/


∗∗∗ Palo Alto Networks: CVE-2024-3661 Impact of TunnelVision Vulnerability (Severity: LOW) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2024-3661


∗∗∗ F5: K000139652 : Intel CPU vulnerability CVE-2023-23583 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000139652


∗∗∗ F5: K000139643 : Node-tar vulnerability CVE-2024-28863 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000139643

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily