[CERT-daily] Tageszusammenfassung - 15.10.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 14-10-2024 18:00 − Dienstag 15-10-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ TrickMo malware steals Android PINs using fake lock screen ∗∗∗
---------------------------------------------
Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickmo-malware-steals-android-pins-using-fake-lock-screen/


∗∗∗ New FIDO proposal lets you securely move passkeys across platforms ∗∗∗
---------------------------------------------
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-fido-proposal-lets-you-securely-move-passkeys-across-platforms/


∗∗∗ BEC-ware the phish (part 1). Investigating incidents in M365 ∗∗∗
---------------------------------------------
This blog post is the first of three, that look at the key steps for an effective investigation, response, and remediation to email-based threats in M365. Part two covers response actions as well as short- and long-term remediations to prevent attackers getting back in. Part three considers the native detection and prevention options in M365.
---------------------------------------------
https://www.pentestpartners.com/security-blog/bec-ware-the-phish-part-1-investigating-incidents-in-m365/


∗∗∗ Vorsicht vor Anrufen vom „Bankbetrugssystem Österreich“ ∗∗∗
---------------------------------------------
Derzeit werden uns wieder vermehrt Tonbandanrufe gemeldet. Eine computergenerierte Stimme gibt sich als Bankbetrugssystem Österreich aus und behauptet, dass eine Zahlung von 1500 Euro abgelehnt wurde und Ihr Konto möglicherweise gehackt wurde. Sie werden aufgefordert, die Taste „1“ zu drücken, um mit einer echten Person verbunden zu werden. Legen Sie auf, das ist Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-anrufen-vom-bankbetrugssystem-oesterreich/


∗∗∗ New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users ∗∗∗
---------------------------------------------
ESET Research found the Telekopye scam network targeting Booking.com and Airbnb. Scammers use phishing pages via compromised accounts to steal personal and payment details from travelers.
---------------------------------------------
https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/


∗∗∗ CISA Adds Three Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability, 
CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability, 
CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog


∗∗∗ Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024 ∗∗∗
---------------------------------------------
Today wed like to share a recent journey into (yet another) SSLVPN appliance vulnerability - a Format String vulnerability, unusually, in Fortinets FortiGate devices. It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild.
---------------------------------------------
https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Splunk Security Advisories 2024-10-14 ∗∗∗
---------------------------------------------
Splunk released 12 security advisories: 4x high, 8x medium
---------------------------------------------
https://advisory.splunk.com//advisories


∗∗∗ Kritische Schwachstellen in Industrieroutern mbNET ∗∗∗
---------------------------------------------
In industriellen Fernwartungsgateways und Industrieroutern mbNET wurden mehrere, teils schwerwiegende Sicherheitsschwachstellen identifiziert. Sie er­mög­li­chen es, das Gerät vollständig zu kompromittieren sowie verschlüsselte Konfigurationen zu entschlüsseln.
---------------------------------------------
https://www.syss.de/pentest-blog/kritische-schwachstellen-in-industrieroutern-mbnet-syss-2024-059-bis-065


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (container-tools:rhel8, firefox, OpenIPMI, podman, and thunderbird), Debian (libapache-mod-jk, php7.4, and webkit2gtk), Fedora (edk2, koji, libgsf, rust-hyper-rustls, rust-reqwest, rust-rustls-native-certs, rust-rustls-native-certs0.7, rust-tonic, rust-tonic-build, rust-tonic-types, rust-tower, rust-tower-http, rust-tower-http0.5, and rust-tower0.4), Mageia (packages and thunderbird), Oracle (bind, container-tools:ol8, kernel, kernel-container, OpenIPMI, podman, and thunderbird), Red Hat (container-tools:rhel8, containernetworking-plugins, podman, and skopeo), SUSE (argocd-cli, bsdtar, keepalived, kernel, kyverno, libmozjs-115-0, libmozjs-128-0, libmozjs-78-0, OpenIPMI, opensc, php8, thunderbird, and xen), and Ubuntu (configobj, haproxy, imagemagick, nginx, and postgresql-10, postgresql-9.3).
---------------------------------------------
https://lwn.net/Articles/994268/


∗∗∗ WordPress plugin Jetpack fixes nearly decade-old critical security flaw ∗∗∗
---------------------------------------------
The popular WordPress plugin Jetpack has released a critical security update, addressing a vulnerability that could have affected 27 million websites. [..] The flaw, which is not believed to have been exploited, was found in the plugin’s contact form feature and had remained unpatched since 2016. This vulnerability could be exploited by any logged-in user on a site to read forms submitted by other users, according to Jetpack engineer Jeremy Herve.
---------------------------------------------
https://therecord.media/wordpress-jetpack-plugin-fixes-flaw


∗∗∗ ZDI-24-1382: QEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1382/


∗∗∗ Zahlreiche Schwachstellen im Rittal IoT Interface & CMC III Processing Unit ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstellen-im-rittal-iot-interface-cmc-iii-processing-unit/


∗∗∗ GitHub Enterprise Server (GHES) Security Update Advisory (CVE-2024-9487) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/83868/


∗∗∗ Kubernetes: CVE-2024-9594 ∗∗∗
---------------------------------------------
https://github.com/kubernetes/kubernetes/issues/128007


∗∗∗ Kubernetes: CVE-2024-9486 ∗∗∗
---------------------------------------------
https://github.com/kubernetes/kubernetes/issues/128006

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily