[CERT-daily] Tageszusammenfassung - 19.09.2024
Daily end-of-shift report
team at cert.at
Thu Sep 19 18:49:34 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 18-09-2024 18:00 − Donnerstag 19-09-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Clever GitHub Scanner campaign abusing repos to push malware ∗∗∗
---------------------------------------------
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. [..] The domain, github-scanner[.]com is not affiliated with GitHub and is being used to deliver malware to visitors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/
∗∗∗ Sicherheitsexperte: Müssen uns nicht vor explodierenden Handys fürchten ∗∗∗
---------------------------------------------
Nach Explosionswellen im Libanon sorgen sich manche nun um die eigenen Smartphones. Cyberexperte Joe Pichelmayr sieht da aber wenig Gefahr.
---------------------------------------------
https://futurezone.at/digital-life/sicherheitsexperte-handys-smartphone-explodierende-pager-libanon-hacker-supply-chain/402949928
∗∗∗ Google Cloud Document AI flaw (still) allows data theft despite bounty payout ∗∗∗
---------------------------------------------
Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information. [..] A Google spokesperson has told us in response to the above: [..] We developed a fix and are actively working to roll it out.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/09/17/google_cloud_document_ai_flaw/
∗∗∗ Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware ∗∗∗
---------------------------------------------
In this blog, we’ll examine the mechanics of AsyncRAT, how it spreads by masquerading as cracked software, and the steps you can take to protect yourself from this increasingly common cyber threat.
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cracked-software-or-cyber-trap-the-rising-danger-of-asyncrat-malware/
∗∗∗ Solar Cybersecurity And The Nuances Of Renewable Energy Integration ∗∗∗
---------------------------------------------
The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems.
---------------------------------------------
https://www.tripwire.com/state-of-security/solar-cybersecurity-and-nuances-renewable-energy-integration
∗∗∗ Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool ∗∗∗
---------------------------------------------
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers.
---------------------------------------------
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
∗∗∗ Betrugsfall mit tegut teo-App und fiktiver Mitarbeiternummer ∗∗∗
---------------------------------------------
Im Prozess sagte der Angeklagte: "Ich war zu der Zeit arbeitslos. Für die Märkte gibt es eine App und da konnte man bei Bezahlungsmitteln die Mitarbeiternummer als Karte hinterlegen. Ich habe es einfach mit einer zufälligen Zahl probiert, und es hat direkt geklappt.
---------------------------------------------
https://www.borncity.com/blog/2024/09/19/betrugsfall-mit-tegut-teo-app-und-fiktiver-mitarbeiternummer/
∗∗∗ Aktuelle Phishing-Masche: Terminwunsch für Telefonat mit angeblicher Sparkasse ∗∗∗
---------------------------------------------
Die Verbraucherzentrale NRW warnt vor einer aktuellen Phishing-Masche. Angeblich will die Sparkasse einen Termin für ein Telefonat.
---------------------------------------------
https://heise.de/-9909574
∗∗∗ Discord startet Ende-zu-Ende-Verschlüsselung für Audio- und Video-Chats ∗∗∗
---------------------------------------------
Um die Privatsphäre zu wahren, verschlüsselt der Onlinedienst Discord ab sofort bestimmte Formen des Nachrichtenaustauschs Ende-zu-Ende.
---------------------------------------------
https://heise.de/-9909594
=====================
= Vulnerabilities =
=====================
∗∗∗ VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server ∗∗∗
---------------------------------------------
CVE-2024-7490 There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution.
---------------------------------------------
https://kb.cert.org/vuls/id/138043
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat and tinyproxy), Fedora (frr, microcode_ctl, python3.10, python3.12, python3.6, and ruby), Oracle (expat, fence-agents, firefox, ghostscript, java-1.8.0-openjdk, kernel, and thunderbird), Red Hat (firefox, openssl, ruby:3.3, and thunderbird), SUSE (clamav, ffmpeg-4, kernel, libmfx, python3, python312, runc, ucode-intel, and wireshark), and Ubuntu (apache2, git, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle).
---------------------------------------------
https://lwn.net/Articles/990877/
∗∗∗ GitLab Patches Critical Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. [..] The issue, tracked as CVE-2024-45409 (CVSS score of 10/10), only affects GitLab CE/EE instances that have been configured to use SAML-based authentication.
---------------------------------------------
https://www.securityweek.com/gitlab-patches-critical-authentication-bypass-vulnerability/
∗∗∗ DSA-5772-1 libreoffice - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00185.html
∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024) ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-9-2024-to-september-15-2024/
∗∗∗ MegaSys Computer Technologies Telenium Online Web Application ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-04
∗∗∗ IDEC PLCs ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-02
∗∗∗ Kastle Systems Access Control System ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05
∗∗∗ IDEC CORPORATION WindLDR and WindO/I-NV4 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-03
∗∗∗ Rockwell Automation RSLogix 5 and RSLogix 500 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list