[CERT-daily] Tageszusammenfassung - 12.11.2024

Tue Nov 12 18:21:45 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-11-2024 18:00 − Dienstag 12-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer


=====================
=       News        =
=====================


∗∗∗ Daten von Amazon-Mitarbeiter wurden in einem Hackerforum veröffentlicht ∗∗∗
---------------------------------------------
Der Datensatz dürfte von einem Immobilienverwalter stammen und auf die kritische Lücke in der Software von Moveit zurückgehen
---------------------------------------------
https://www.derstandard.at/story/3000000244555/daten-von-amazon-mitarbeiter-wurden-in-einem-hackerforum-veroeffentlicht


∗∗∗ ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI ∗∗∗
---------------------------------------------
New research reveals two vulnerabilities in Googles Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models.
---------------------------------------------
https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/


∗∗∗ 2023 Top Routinely Exploited Vulnerabilities ∗∗∗
---------------------------------------------
This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise ..
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a


∗∗∗ Building a Resilient Network Architecture: Key Trends for 2025 ∗∗∗
---------------------------------------------
As organizations continue to align their operational strategies with evolving digital ecosystems and technologies, the concept of network resilience has become a priority. A major mindset shift is that modern networks must be designed not just for speed and efficiency but also for flexibility, security, and the ability to hold out against ..
---------------------------------------------
https://levelblue.com/blogs/security-essentials/building-a-resilient-network-architecture-key-trends-for-2025


∗∗∗ LodaRAT: Established malware, new victim patterns ∗∗∗
---------------------------------------------
Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/11/12/lodarat-established-malware-new-victim-patterns/


∗∗∗ ICS Security Is a Team Sport ∗∗∗
---------------------------------------------
Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsights partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.
---------------------------------------------
https://www.bitsight.com/blog/ics-security-team-sport


∗∗∗ Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) ∗∗∗
---------------------------------------------
Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering.
---------------------------------------------
https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/


∗∗∗ SAP Patchday: Acht neue Sicherheitslücken, davon eine hochriskant ∗∗∗
---------------------------------------------
Admins können etwas entspannter auf den aktuellen SAP-Patchday schauen: Von acht neuen Sicherheitslücken gilt lediglich eine als hohes Risiko.
---------------------------------------------
https://heise.de/-10020168


∗∗∗ Attack of the Evil Baristas ∗∗∗
---------------------------------------------
I use the term “hacklore” to refer to the urban legends surrounding cybersecurity. Hacklore is everywhere, and this holiday season, you’re bound to hear it nonstop: “The Russians will load your phone with malware if you scan QR codes!” or “Hackers will steal your banking details if you use a USB charger at the airport!” and so on.
---------------------------------------------
https://medium.com/@boblord/attack-of-the-evil-baristas-b204436f0853


∗∗∗ Reverse Engineering: Finding Exploits in Video Games ∗∗∗
---------------------------------------------
In this guide, I'll walk you through how I create tools to find exploits in video games for bug bounty programs. Specifically, I'll focus on my research into the game Sword of Convallaria. This exploration is purely for educational purposes. As such, I have removed some of the assets as an exercise for ..
---------------------------------------------
https://shalzuth.com/Blog/FindingExploitsInGames


∗∗∗ Critical WPLMS WordPress Theme Vulnerability Puts Websites at Risk of RCE Attacks ∗∗∗
---------------------------------------------
A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in the WPLMS ..
---------------------------------------------
https://thecyberexpress.com/critical-wplms-wordpress-theme-vulnerability/


∗∗∗ Harnessing Chisel for Covert Operations: Unpacking a Multi-Stage PowerShell Campaign ∗∗∗
---------------------------------------------
The Cyble Research and Intelligence Lab (CRIL) has recently uncovered a sophisticated multi-stage infection chain, primarily driven by PowerShell scripts. This campaign, which targets organizations through a variety of ..
---------------------------------------------
https://thecyberexpress.com/new-powershell-campaign/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (gstreamer1-plugins-base), Debian (chromium, ghostscript, libarchive, mpg123, ruby-saml, and symfony), Fedora (buildah and podman), Red Hat (buildah, containernetworking-plugins, podman, skopeo, and xorg-x11-server-Xwayland), Slackware (wget), SUSE (pcp), and Ubuntu (linux, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, ..
---------------------------------------------
https://lwn.net/Articles/997903/


∗∗∗ Citrix Releases Security Updates for NetScaler and Citrix Session Recording ∗∗∗
---------------------------------------------
Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording


∗∗∗ November Security Update ∗∗∗
---------------------------------------------
At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers. Ivanti is ..
---------------------------------------------
https://www.ivanti.com/blog/november-2024-security-update


∗∗∗ XSA-464 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-464.html


∗∗∗ XSA-463 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-463.html


∗∗∗ Mehrere Schwachstelen in Siemens Energy Omnivise T3000 ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-schwachstelen-in-siemens-energy-omnivise-t3000/


∗∗∗ Zyxel security advisory for post-authentication command injection and buffer overflow vulnerabilities in GS1900 series switches ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily