[CERT-daily] Tageszusammenfassung - 23.10.2024

Wed Oct 23 18:14:45 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-10-2024 18:00 − Mittwoch 23-10-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ Exploit released for new Windows Server "WinReg" NTLM Relay attack
∗∗∗
---------------------------------------------
Proof-of-concept exploit code is now public for a vulnerability in
Microsofts Remote Registry client that could be used to take control of
a Windows domain by downgrading the security of the authentication
process.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/


∗∗∗ Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland
∗∗∗
---------------------------------------------
On the first day of Pwn2Own Ireland, participants demonstrated 52
zero-day vulnerabilities across a range of devices, earning a total of
$486,250 in cash prizes.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-52-zero-days-on-the-first-day-of-pwn2own-ireland/


∗∗∗ Fortinet warns of new critical FortiManager flaw used in zero-day
attacks ∗∗∗
---------------------------------------------
Fortinet publicly disclosed today a critical FortiManager API
vulnerability, tracked as CVE-2024-47575, that was exploited in
zero-day attacks to steal sensitive files containing configurations, IP
addresses, and credentials for managed devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/


∗∗∗ Android und iOS: Fest codierte Cloud-Zugangsdaten in populären Apps
entdeckt ∗∗∗
---------------------------------------------
Betroffen sind mehrere Apps mit teils Millionen von Downloads. Den
Entdeckern zufolge gefährdet dies nicht nur Backend-Dienste, sondern
auch Nutzerdaten.
---------------------------------------------
https://www.golem.de/news/android-und-ios-fest-codierte-cloud-zugangsdaten-in-populaeren-apps-entdeckt-2410-190106.html


∗∗∗ Grandoreiro, the global trojan with grandiose ambitions ∗∗∗
---------------------------------------------
In this report, Kaspersky experts analyze recent Grandoreiro campaigns,
new targets, tricks, and banking trojan versions.
---------------------------------------------
https://securelist.com/grandoreiro-banking-trojan/114257/


∗∗∗ The Crypto Game of Lazarus APT: Investors vs. Zero-days ∗∗∗
---------------------------------------------
Kaspersky GReAT experts break down the new campaign of Lazarus APT
which uses social engineering and exploits a zero-day vulnerability in
Google Chrome for financial gain.
---------------------------------------------
https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/


∗∗∗ CISA Warns of Active Exploitation of Microsoft SharePoint
Vulnerability (CVE-2024-38094) ∗∗∗
---------------------------------------------
A high-severity flaw impacting Microsoft SharePoint has been added to
the Known Exploited Vulnerabilities (KEV) catalog by the U.S.
Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday,
citing evidence of active ..
---------------------------------------------
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html


∗∗∗ Achtung Fake-Shop: sparhimmel24.de ∗∗∗
---------------------------------------------
sparhimmel24.de ist ein betrügerischer Online-Shop, der Sie mit
vermeintlichen Schnäppchen in die Falle lockt. Bestellungen werden
trotz Bezahlung nicht geliefert. Wir zeigen Ihnen wie Sie Fake-Shops
erkennen und sich vor Betrug schützen können.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-shop-sparhimmel24de


∗∗∗ Deceptive Delight: Jailbreak LLMs Through Camouflage and
Distraction ∗∗∗
---------------------------------------------
We examine an LLM jailbreaking technique called "Deceptive Delight," a
technique that mixes harmful topics with benign ones to trick AIs, with
a high success rate.The post Deceptive Delight: Jailbreak LLMs Through
Camouflage and Distraction appeared first on Unit 42.
---------------------------------------------
https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/


∗∗∗ Burning Zero Days: FortiJump FortiManager vulnerability used by
nation state in espionage via MSPs ∗∗∗
---------------------------------------------
Did you know there’s widespread exploitation of FortiNet products going
on using a zero day, and that there’s no CVE? Now you do.
---------------------------------------------
https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773


∗∗∗ Threat Spotlight: WarmCookie/BadSpace ∗∗∗
---------------------------------------------
WarmCookie is a malware family that emerged in April 2024 and has been
distributed via regularly conducted malspam and malvertising campaigns.
---------------------------------------------
https://blog.talosintelligence.com/warmcookie-analysis/


∗∗∗ Sicherheitslücke in Samsung-Android-Treiber wird angegriffen ∗∗∗
---------------------------------------------
Treiber für Samsungs Mobilprozessoren ermöglichen Angreifern das
Ausweiten ihrer Rechte. Google warnt vor laufenden Angriffen darauf.
---------------------------------------------
https://heise.de/-9991521


∗∗∗ Public Report: WhatsApp Contacts Security Assessment ∗∗∗
---------------------------------------------
In May 2024, Meta engaged NCC Group’s Cryptography Services practice to
perform a cryptography security assessment of selected aspects of the
WhatsApp Identity Proof Linked Storage (IPLS) protocol implementation.
IPLS underpins the WhatsApp Contacts solution, which aims to store ..
---------------------------------------------
https://www.nccgroup.com/us/research-blog/public-report-whatsapp-contacts-security-assessment/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber
Devices ∗∗∗
---------------------------------------------
InterMesh Subscriber devices contain multiple vulnerabilities that
could allow an unauthenticated remote attacker to execute arbitrary
code with root privileges. CVSS v4.0 Base Score: 10.0, CVE-2024-47901
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-333468.html?ste_sid=2330958ec0c3ccf337b577f5ee658f6c


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dmitry, libheif, and
python-sql), Fedora (suricata and wireshark), SUSE (cargo-c,
libeverest, protobuf, and qemu), and Ubuntu (golang-1.22, libheif,
unbound, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/995293/


∗∗∗ 2024-10-21: Cyber Security Advisory - ABB Relion 611, 615, 620, 630
series, REX610, REX640, SMU615, SSC600, Arctic solution, COM600, SPA
ZC-400, SUE3000 Guidelines to Prevent Unauthorized Modifications of
Firmware and Configuration ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Authenticated Remote Code Execution in multiple Xerox printers ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily