[CERT-daily] Tageszusammenfassung - 19.11.2024

Tue Nov 19 19:04:08 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-11-2024 18:00 − Dienstag 19-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Spotify abused to promote pirated software and game cheats ∗∗∗
---------------------------------------------
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/


∗∗∗ New Helldown Ransomware Variant Expands Attacks to VMware and Linux Systems ∗∗∗
---------------------------------------------
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus."Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia ..
---------------------------------------------
https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html


∗∗∗ Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble ∗∗∗
---------------------------------------------
If you didnt fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.
---------------------------------------------
https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/


∗∗∗ Veritas Enterprise Vault: Kritische Codeschmuggel-Lücken in Archivsoftware ∗∗∗
---------------------------------------------
In Vertias Enterprise Vault können Angreifer kritische Lücke zum Einschleusen von Schadcode missbrauchen.
---------------------------------------------
https://www.heise.de/news/Veritas-Enterprise-Vault-Kritische-Codeschmuggel-Luecken-in-Archivsoftware-10053675.html


∗∗∗ Kritische Palo-Alto-Lücke: Details und Patches sind da, CISA warnt vor Exploit ∗∗∗
---------------------------------------------
Fast drei Wochen nach ersten Exploit-Gerüchten hat der Hersteller nun endlich reagiert, trickst aber. Derweil warnt die US-Cyberbehörde vor Angriffen.
---------------------------------------------
https://www.heise.de/news/Kritische-Palo-Alto-Luecke-Patches-sind-da-CISA-warnt-vor-Exploit-10051696.html


∗∗∗ FreeBSD Foundation releases Bhyve and Capsicum security audit ∗∗∗
---------------------------------------------
The FreeBSD Foundation has announced the release of a security audit report conducted by security firm Synacktiv. The audit uncovered a number of vulnerabilities: Most of these vulnerabilities have been addressed through official FreeBSD Project security advisories, which offer detailed information about each vulnerability, its impact, and the measures ..
---------------------------------------------
https://lwn.net/Articles/998615/


∗∗∗ FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications ∗∗∗
---------------------------------------------
We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications.
---------------------------------------------
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/


∗∗∗ The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation ∗∗∗
---------------------------------------------
In the previous post, we introduced the concept of Third-Party Risk Management (TPRM) and its importance in today’s interconnected world. Now, let us have a look at the practical aspects of building a solid TPRM program and why it is important for your company. 1. Start with a Third-Party Inventory The first step in building ..
---------------------------------------------
https://blog.nviso.eu/2024/11/19/the-importance-of-establishing-a-solid-third-party-risk-management-framework-for-risk-mitigation/


∗∗∗ Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden ∗∗∗
---------------------------------------------
A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked ..
---------------------------------------------
https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/


∗∗∗ Threat Actors Hijack Misconfigured Servers for Live Sports Streaming ∗∗∗
---------------------------------------------
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new ..
---------------------------------------------
https://blog.aquasec.com/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming


∗∗∗ Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 ∗∗∗
---------------------------------------------
Note: Since this is breaking news and more details are being released, were updating this ..
---------------------------------------------
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/


∗∗∗ NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates ∗∗∗
---------------------------------------------
CVEs awaiting analysis by the NVD have broken the 20,000 mark, after the security community noticed its enrichment activity slowed to nearly a halt again last week. NIST failed to meet its self-imposed deadline of ..
---------------------------------------------
https://socket.dev/blog/nvd-backlog-tops-20-000-cves


∗∗∗ Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets ∗∗∗
---------------------------------------------
In October 2024, Socket discovered a widespread npm malware campaign using Ethereum smart contracts to evade detection and maintain control over infected systems. Building on our initial research and equipped with analyses of the ..
---------------------------------------------
https://socket.dev/blog/exploiting-npm-to-build-a-blockchain-powered-botnet


∗∗∗ Extending Burp Suite for fun and profit – The Montoya way – Part 7 ∗∗∗
---------------------------------------------
Last time we saw how to develop an extension that will add custom active and passive checks to the Burp Scanner. Today we will modify that extension to detect serialization issues using ..
---------------------------------------------
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/


∗∗∗ U.S. Extradites and Charges Alleged Phobos Ransomware Admin ∗∗∗
---------------------------------------------
The United States secured the extradition of a Russian national from South Korea who is allegedly the mastermind behind the notorious Phobos ransomware. Evgenii Ptitsyn, 42, is accused of administering the Phobos ..
---------------------------------------------
https://thecyberexpress.com/us-charges-alleged-phobos-ransomware-admin/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ ZDI-24-1516: Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-51503.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1516/


∗∗∗ ZDI-24-1517: McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-49592.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1517/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, ..
---------------------------------------------
https://lwn.net/Articles/998755/


∗∗∗ Oracle Security Alert for CVE-2024-21287 - 18 November 2024 ∗∗∗
---------------------------------------------
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily