[CERT-daily] Tageszusammenfassung - 04.09.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 03-09-2024 18:00 − Mittwoch 04-09-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ YubiKeys klonen? ∗∗∗
---------------------------------------------
Heute gab es dazu eine reißerische Meldung: diese lassen sich klonen. [..] Das ist mal klarerweise nicht gut. Aber wie so oft bei Schlagzeilen dieser Art lohnt es sich, genauer zu lesen, was eigentlich passiert ist, und wie realistisch die Angriffe wirklich sind.
---------------------------------------------
https://www.cert.at/de/blog/2024/9/yubikeys-eucleak


∗∗∗ Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers ∗∗∗
---------------------------------------------
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package downloads.
---------------------------------------------
https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html


∗∗∗ Hackers inject malicious JS in Cisco store to steal credit cards, credentials ∗∗∗
---------------------------------------------
Ciscos site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-inject-malicious-js-in-cisco-store-to-steal-credit-cards-credentials/


∗∗∗ Mallox ransomware: in-depth analysis and evolution ∗∗∗
---------------------------------------------
In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc.
---------------------------------------------
https://securelist.com/mallox-ransomware/113529/


∗∗∗ Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion ∗∗∗
---------------------------------------------
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html


∗∗∗ Advanced forensic techniques for recovering hidden data in wearable device ∗∗∗
---------------------------------------------
This blog post covers how forensic skills and tooling can be used to recover potentially sensitive data left on phones from devices such as Google’s Fitbit. The principles and techniques here also apply to similar products with similar functionality. 
---------------------------------------------
https://www.pentestpartners.com/security-blog/advanced-forensic-techniques-for-recovering-hidden-data-in-wearable-device/


∗∗∗ Vorsicht vor US Green Card Lotterie Anbietern wie AmericanGC.com ∗∗∗
---------------------------------------------
Die USA gelten für viele als Wunschziel fürs Auswandern. Über die Green Card Lotterie wird bis zu 50.000 Menschen jährlich eine Einwanderung mit Greencard ermöglicht. Der Andrang auf diese Lotterie ist groß und das machen sich auch unseriöse und betrügerische Anbieter wie AmericanGC.com zunutze.
---------------------------------------------
https://www.watchlist-internet.at/news/green-card-americangccom/


∗∗∗ US-Behörden sollen Internet-Routing absichern ∗∗∗
---------------------------------------------
Das Weiße Haus macht Druck auf Behörden: Sie sollen ihre Netzrouten kryptografisch absichern. Erst dann können Fehler auffallen.​
---------------------------------------------
https://heise.de/-9856483


∗∗∗ Mesh-WLAN von Plume Design: Teure Bespitzelung ∗∗∗
---------------------------------------------
Mesh-Netzwerke sind gut gegen WLAN-Funklöcher. Doch Vorsicht: Ein US-Hersteller überwacht mit seinen Routern und Extendern Nutzer und gibt munter vertrauliche Daten weiter. Eine Recherche von Erik Bärwaldt (Datenschutz, WLAN)
---------------------------------------------
https://www.golem.de/news/mesh-wlan-von-plume-design-teure-bespitzelung-2409-188679.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, nodejs:18, python-urllib3, and skopeo), Debian (firefox-esr and openssl), Fedora (apr and seamonkey), Red Hat (podman), Slackware (mozilla and seamonkey), SUSE (bubblewrap and flatpak, buildah, docker, dovecot23, ffmpeg, frr, go1.21-openssl, graphviz, java-1_8_0-openj9, kubernetes1.26, kubernetes1.27, kubernetes1.28, openssl-1_0_0, openssl-3, perl-DBI, python-aiohttp, python-Django, python-WebOb, thunderbird, tiff, ucode-intel, unbound, webkit2gtk3, and xen), and Ubuntu (drupal7 and twisted).
---------------------------------------------
https://lwn.net/Articles/988746/


∗∗∗ Android Patchday: Updates schließen mehrere hochriskante Lücken ∗∗∗
---------------------------------------------
Jetzt ist es an den Handy-Herstellern, die sicherheitsrelevanten Fehlerkorrekturen in Firmware-Updates für die Android-Smartphones zu gießen und an die betroffenen Kunden zu verteilen.
---------------------------------------------
https://heise.de/-9856847


∗∗∗ WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN67963942/


∗∗∗ Progress: OpenEdge Third-Party Vulnerabilities Fixed In OpenEdge LTS Update 11.7.20 ∗∗∗
---------------------------------------------
https://community.progress.com/s/article/OpenEdge-Third-Party-Vulnerabilities-Fixed-In-OpenEdge-LTS-Update-11-7-20


∗∗∗ Hitachi Energy: Multiple vulnerabilities in Hitachi Energy MicroSCADA X SYS600 product ∗∗∗
---------------------------------------------
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Zyxel security advisory for OS command injection vulnerability in APs and security router devices ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024


∗∗∗ Zyxel security advisory for buffer overflow vulnerability in some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-some-5g-nr-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-security-router-devices-09-03-2024


∗∗∗ Mozilla: Security Vulnerabilities fixed in Firefox and Focus ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/


∗∗∗ C-MOR: Mehrere Sicherheitsschwachstellen in Videoüberwachungssoftware C-MOR (SYSS-2024-020 bis -030) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030


∗∗∗ F5: K000140908: MySQL Server vulnerabiliity CVE-2024-21134 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000140908

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily