[CERT-daily] Tageszusammenfassung - 31.10.2024

Thu Oct 31 19:09:02 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 30-10-2024 18:00 − Donnerstag 31-10-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers ∗∗∗
---------------------------------------------
On October 30, the community reported existence of malicious code within versions 2.0.5, 2.0.6, and 2.0.7 of the npm package. The package maintainers replied and confirmed the attackers were able to take over the NPM package using a leaked automation token which was used to automate publications of NPM packages.
---------------------------------------------
https://checkmarx.com/blog/with-2fa-enabled-npm-package-lottie-player-taken-over-by-attackers/


∗∗∗ GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI ∗∗∗
---------------------------------------------
Affected devices are typically high-cost live streaming cameras, sometimes exceeding several thousand dollars. [..] Affected devices use VHD PTZ camera firmware < 6.3.40 used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63. These cameras, which feature an embedded web server allowing for direct access by web browser, are reportedly deployed in environments where reliability and privacy are crucial, including: Industrial and manufacturing plants [..] Business conferences [..] Healthcare settings [..] State and local government environments [..] Houses of worship
---------------------------------------------
https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai


∗∗∗ Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files ∗∗∗
---------------------------------------------
Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/


∗∗∗ Discovering Hidden Vulnerabilities in Portainer with CodeQL ∗∗∗
---------------------------------------------
In this blog, we will show how we used CodeQL to find these vulnerabilities and even wrote custom queries to find a specific vulnerability.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/discovering-hidden-vulnerabilities-in-portainer-with-codeql


∗∗∗ Loose-lipped neural networks and lazy scammers ∗∗∗
---------------------------------------------
As large language models improve, their strengths and weaknesses, as well as the tasks they do well or poorly, are becoming better understood. Threat actors are exploring applications of this technology in a range of automation scenarios. But, as we see, they sometimes commit blunders that help shed light on how they use LLMs, at least in the realm of online fraud.
---------------------------------------------
https://securelist.com/llm-phish-blunders/114367/


∗∗∗ Mounting memory with MemProcFS for advanced memory forensics ∗∗∗
---------------------------------------------
Whilst this blog does not intend to go into any detail into some of the most popular tools available to analyse memory, nor a deep dive into analysis techniques it is intended to provide high level information about some significant enhances to memory forensics in the last few years and the difference in tooling. This also covers three memory forensic tools; many others are available.
---------------------------------------------
https://www.pentestpartners.com/security-blog/mounting-memory-with-memprocfs-for-advanced-memory-forensics/


∗∗∗ The Persistent Perimeter Threat: Strategic Insights from a Multi-Year APT Campaign Targeting Edge Devices ∗∗∗
---------------------------------------------
Discover insights from a multi-year APT campaign that exploited network perimeter vulnerabilities to target high-value entities, revealing critical gaps in edge device security.
---------------------------------------------
https://www.greynoise.io/blog/the-persistent-perimeter-threat-strategic-insights-from-a-multi-year-apt-campaign-targeting-edge-devices


∗∗∗ Auditing K3s Clusters ∗∗∗
---------------------------------------------
K3s shares a great deal with standard Kubernetes, but its lightweight implementation comes with some challenges and opportunities in the security sphere.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/auditing-k3s-clusters/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ LiteSpeed Cache WordPress plugin bug lets hackers get admin access ∗∗∗
---------------------------------------------
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. [..] The newly discovered high-severity flaw tracked as CVE-2024-50550 is caused by a weak hash check in the plugin's "role simulation" feature, designed to simulate user roles to aid the crawler in site scans from different user levels.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/litespeed-cache-wordpress-plugin-bug-lets-hackers-get-admin-access/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and openssl), Fedora (firefox, libarchive, micropython, NetworkManager-libreswan, and xorg-x11-server-Xwayland), Red Hat (nano), Slackware (mozilla-firefox, mozilla-thunderbird, tigervnc, and xorg), SUSE (389-ds, Botan, go1.21-openssl, govulncheck-vulndb, java-11-openjdk, lxc, python-Werkzeug, and uwsgi), and Ubuntu (firefox, libarchive, linux-azure-fde, linux-azure-fde-5.15, python-pip, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
---------------------------------------------
https://lwn.net/Articles/996526/


∗∗∗ Drupal: Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2024-055


∗∗∗ Bosch: DoS vulnerability on IndraDrive ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-315415.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily