[CERT-daily] Tageszusammenfassung - 14.10.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-10-2024 18:00 − Montag 14-10-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server ∗∗∗
---------------------------------------------
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/


∗∗∗ Google warns uBlock Origin and other extensions may be disabled soon ∗∗∗
---------------------------------------------
Googles Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the companys deprecation of the Manifest V2 extension specification.
---------------------------------------------
https://www.bleepingcomputer.com/news/google/google-warns-ublock-origin-and-other-extensions-may-be-disabled-soon/


∗∗∗ Microsoft’s guidance to help mitigate Kerberoasting ∗∗∗
---------------------------------------------
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks. Microsoft is sharing recommended actions administrators can take now to help prevent successful Kerberoasting cyberattacks.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/


∗∗∗ Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration ∗∗∗
---------------------------------------------
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the credentials of those users.
---------------------------------------------
https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html


∗∗∗ Chatbot Traps: How to Avoid Job Scams ∗∗∗
---------------------------------------------
While the strategies outlined here can help you detect AI-powered scams, it is important to recognise that AI technology is advancing rapidly. Many current weaknesses—such as difficulties with complex questions or live conversations—may diminish as AI continues to improve.
---------------------------------------------
https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams


∗∗∗ Casio says ransomware attack exposed info of employees, customers and business partners ∗∗∗
---------------------------------------------
Japanese electronics manufacturer Casio confirmed on Friday that a cyber incident announced earlier this week was a ransomware attack that potentially exposed the information of employees, customers, business partners and affiliates.
---------------------------------------------
https://therecord.media/casio-ransomware-attack-exposed-emplyee-customer-data


∗∗∗ Achtung: Neue textbasierte QR-Code-Phishing-Varianten ∗∗∗
---------------------------------------------
Sicherheitsforscher von Barracuda sind auf eine neue Variante zur Gestaltung von Phishing-Nachrichten gestoßen. Diese verwenden QR-Codes aus textbasierten ASCII/Unicode-Zeichen, statt wie üblich aus statischen Bildern erstellt zu werden, um herkömmliche Sicherheitsmaßnahmen zu umgehen.
---------------------------------------------
https://www.borncity.com/blog/2024/10/13/achtung-neue-textbasierte-qr-code-phishing-varianten/


∗∗∗ Sicherheitslücke in Ecovacs-Saugrobotern erlaubt Remote-Steuerung durch Hacker ∗∗∗
---------------------------------------------
In den USA häufen sich Fälle, in denen gehackte Saugroboter offenbar fremdgesteuert Beleidigungen zurufen und Bilder über die interne Kamera übertragen.
---------------------------------------------
https://heise.de/-9979104



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Notfall-Update: Tor-Nutzer über kritische Firefox-Lücke attackiert ∗∗∗
---------------------------------------------
Eine kritische Firefox-Schwachstelle betrifft auch den Tor-Browser und Thunderbird. Patches stehen bereit, kommen für einige Tor-Nutzer aber zu spät.
---------------------------------------------
https://www.golem.de/news/notfall-update-tor-nutzer-ueber-kritische-firefox-luecke-attackiert-2410-189766.html


∗∗∗ Moxa: Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances ∗∗∗
---------------------------------------------
The first vulnerability, CVE-2024-9137, allows attackers to manipulate device configurations without authentication. The second vulnerability, CVE-2024-9139, permits OS command injection through improperly restricted commands, potentially enabling attackers to execute arbitrary codes.
---------------------------------------------
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (docker.io, libreoffice, node-dompurify, python-reportlab, and thunderbird), Fedora (buildah, chromium, kernel, kernel-headers, libgsf, mosquitto, p7zip, podman, python-cramjam, python-virtualenv, redis, rust-async-compression, rust-brotli, rust-brotli-decompressor, rust-libcramjam, rust-libcramjam0.2, rust-nu-command, rust-nu-protocol, rust-redlib, rust-tower-http, thunderbird, and webkit2gtk4.0), Oracle (.NET 6.0, .NET 8.0, e2fsprogs, firefox, golang, openssl, python3-setuptools, systemd, and thunderbird), SUSE (chromium, firefox, java-jwt, libmozjs-128-0, libwireshark18, ntpd-rs, OpenIPMI, thunderbird, and wireshark), and Ubuntu (firefox, python2.7, python3.5, thunderbird, and ubuntu-advantage-desktop-daemon).
---------------------------------------------
https://lwn.net/Articles/994080/


∗∗∗ Sicherheitsupdate: Angreifer können Netzwerkanalysetool Wireshark crashen lassen ∗∗∗
---------------------------------------------
Wireshark ist in einer gegen mögliche Angriffe abgesicherten Version erschienen. Darin haben die Entwickler auch mehrere Bugs gefixt.
---------------------------------------------
https://heise.de/-9979991


∗∗∗ ZDI-24-1374: IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1374/


∗∗∗ ZDI-24-1369: Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1369/


∗∗∗ Security Vulnerability fixed in Firefox 131.0.3 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily