[CERT-daily] Tageszusammenfassung - 21.11.2024

Thu Nov 21 18:21:59 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-11-2024 18:00 − Donnerstag 21-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Fortinet VPN design flaw hides successful brute-force attacks ∗∗∗
---------------------------------------------
A design flaw in the Fortinet VPN servers logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fortinet-vpn-design-flaw-hides-successful-brute-force-attacks/


∗∗∗ Wegen Sicherheitslücke: D-Link drängt auf Entsorgung älterer Router ∗∗∗
---------------------------------------------
Mehrere D-Link-Router, von denen einige erst vor wenigen Monaten den EOL-Status erreicht haben, sind angreifbar. Patches gibt es nicht.
---------------------------------------------
https://www.golem.de/news/wegen-sicherheitsluecke-d-link-draengt-auf-entsorgung-aelterer-router-2411-191007.html


∗∗∗ Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation ∗∗∗
---------------------------------------------
Authored by: M. Authored by: M, Mohanasundaram and Neil Tyagi In today’s rapidly evolving cyber landscape, malware threats ..
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lumma-stealer-on-the-rise-how-telegram-channels-are-fueling-malware-proliferation/


∗∗∗ Azure Key Vault Tradecraft with BARK ∗∗∗
---------------------------------------------
This post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment.
---------------------------------------------
https://posts.specterops.io/azure-key-vault-tradecraft-with-bark-24163abc8de3


∗∗∗ “Free Hugs” – What to be Wary of in Hugging Face – Part 2 ∗∗∗
---------------------------------------------
Enjoy Threat Modeling? Try Threats in Models! Previously… In part 1 of this 4-part blog, we discussed Hugging Face, the potentially dangerous trust relationship between Hugging Face users and the ReadMe file, exploiting users who ..
---------------------------------------------
https://checkmarx.com/blog/free-hugs-what-to-be-wary-of-in-hugging-face-part-2/


∗∗∗ New Report Reveals Hidden Risks: How Internet-Exposed Systems Threaten Critical Infrastructure ∗∗∗
---------------------------------------------
A new Censys report found 145,000 exposed ICSs and thousands of insecure human-machine interfaces (HMIs), providing attackers with an accessible path to disrupt critical operations. Real-world examples underscore the danger, with Iranian and Russian-backed hackers exploiting HMIs to manipulate water systems in Pennsylvania and Texas. GreyNoise research ..
---------------------------------------------
https://www.greynoise.io/blog/new-report-reveals-hidden-risks-how-internet-exposed-systems-threaten-critical-infrastructure


∗∗∗ Finding Bugs in Chrome with CodeQL ∗∗∗
---------------------------------------------
This blog post discusses how to use a static analysis tool called CodeQL to search for vulnerabilities in Chrome.
---------------------------------------------
https://bughunters.google.com/blog/5085111480877056/finding-bugs-in-chrome-with-codeql


∗∗∗ Spelunking in Comments and Documentation for Security Footguns ∗∗∗
---------------------------------------------
Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. We cover officially documented, or at least previously discussed, code functionality that could unexpectedly introduce vulnerabilities. Well-documented behavior is not always what it appears!
---------------------------------------------
https://blog.includesecurity.com/2024/11/spelunking-in-comments-and-documentation-for-security-footguns/


∗∗∗ Azure Detection Engineering: Log idiosyncrasies you should know about ∗∗∗
---------------------------------------------
We share a few inconsistencies found in Azure logs which make detection engineering more challenging.
---------------------------------------------
https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (kernel, NetworkManager-libreswan, and openssl), Fedora (chromium and llvm-test-suite), Mageia (thunderbird), and Ubuntu (linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,, linux-azure, and ruby2.7).
---------------------------------------------
https://lwn.net/Articles/998949/


∗∗∗ Progress Kemp LoadMaster OS Command Injection Vulnerability ∗∗∗
---------------------------------------------
FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks
---------------------------------------------
https://fortiguard.fortinet.com/outbreak-alert/kemp-loadmaster-os-command-injection


∗∗∗ ZDI-24-1532: 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1532/


∗∗∗ Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2024-008


∗∗∗ Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2024-007


∗∗∗ Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2024-005


∗∗∗ Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2024-004


∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2024-003


∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2024-003

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily