[CERT-daily] Tageszusammenfassung - 25.09.2024

Wed Sep 25 18:54:33 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 24-09-2024 18:00 − Mittwoch 25-09-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ ChatGPT macOS Flaw Couldve Enabled Long-Term Spyware via Memory Function ∗∗∗
---------------------------------------------
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions," security researcher Johann Rehberger said.
---------------------------------------------
https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html


∗∗∗ Schon wieder: Offizielles Twitter-Konto OpenAIs von Krypto-Betrügern übernommen ∗∗∗
---------------------------------------------
Der offizielle Twitter-Account der Pressestelle von ChatGPT-Anbieter OpenAI wurde von Betrügern übernommen und genutzt, um eine Fake-Kryptowährung zu promoten.
---------------------------------------------
https://heise.de/-9953073


∗∗∗ AI-Generated Malware Found in the Wild ∗∗∗
---------------------------------------------
HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper.
---------------------------------------------
https://www.securityweek.com/ai-generated-malware-found-in-the-wild/


∗∗∗ Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz ∗∗∗
---------------------------------------------
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more.
---------------------------------------------
https://unit42.paloaltonetworks.com/phishing-platform-sniper-dz-unique-tactics/


∗∗∗ LummaC2: Obfuscation Through Indirect Control Flow ∗∗∗
---------------------------------------------
This blog post delves into the analysis of a control flow obfuscation technique employed by recent LummaC2 (LUMMAC.V2) stealer samples. In addition to the traditional control flow flattening technique used in older versions, the malware now leverages customized control flow indirection to manipulate the execution of the malware.
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/


∗∗∗ Modified LockBit and Conti ransomware shows up in DragonForce gang’s attacks ∗∗∗
---------------------------------------------
The manufacturing, real estate and transportation industries are recent targets of the cybercrime operation known as DragonForce. Researchers say its serving up versions of LockBit and Conti to affiliates.
---------------------------------------------
https://therecord.media/lockbit-conti-dragonforce-ransomware-cybercrime


∗∗∗ Shedding Light on Election Deepfakes ∗∗∗
---------------------------------------------
Contrary to popular belief, deepfakes — AI-crafted audio files, images, or videos that depict events and statements that never occurred; a portmanteau of “deep learning” and “fake” — are not all intrinsically malicious. [..] Let’s take a look at the state of deepfakes during the 2020 elections, how it’s currently making waves in the 2024 election cycle, and how voters can tell truth from digital deception.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/shedding-light-on-election-deepfakes/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ 20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin ∗∗∗
---------------------------------------------
This vulnerability makes it possible for an authenticated attacker to change the email of any user, including an administrator, which allows them to reset the password and take over the account and website. [..] After providing full disclosure details, the developer released a patch on September 23, 2024. [..] CVE ID: CVE-2024-8290
---------------------------------------------
https://www.wordfence.com/blog/2024/09/20000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-wcfm-woocommerce-frontend-manager-wordpress-plugin/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (booth), Gentoo (Xpdf), Oracle (go-toolset:ol8, golang, grafana, grafana-pcp, kernel, libnbd, openssl, pcp, and ruby:3.3), Red Hat (container-tools:rhel8, go-toolset:rhel8, golang, kernel, and kernel-rt), SUSE (apr, cargo-audit, chromium, obs-service-cargo, python311, python36, quagga, traefik, and xen), and Ubuntu (intel-microcode, linux-azure-fde-5.15, and puma).
---------------------------------------------
https://lwn.net/Articles/991701/


∗∗∗ WatchGuard SSO and Moodle ∗∗∗
---------------------------------------------
rt-sa-2024-008: WatchGuard SSO Client Denial-of-Service, 
rt-sa-2024-007: WatchGuard SSO Agent Telnet Authentication Bypass, 
rt-sa-2024-006: WatchGuard SSO Protocol is Unencrypted and Unauthenticated, 
rt-sa-2024-009: Moodle: Remote Code Execution via Calculated Questions
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/


∗∗∗ Teamviewer: Hochriskante Lücken ermöglichen Rechteausweitung ∗∗∗
---------------------------------------------
In den Teamviewer-Remote-Clients können Angreifer eine unzureichende kryptografische Prüfung von Treiberinstallationen missbrauchen, um ihre Rechte auszuweiten und Treiber zu installieren (CVE-2024-7479, CVE-2024-7481; beide CVSS 8.8, Risiko "hoch"). [..] Die seit Dienstag dieser Woche verfügbare Version 15.58.4 oder neuere schließen diese Sicherheitslücken.
---------------------------------------------
https://heise.de/-9953034


∗∗∗ XenServer and Citrix Hypervisor Security Update for CVE-2024-45817 ∗∗∗
---------------------------------------------
https://support.citrix.com/s/article/CTX691646-xenserver-and-citrix-hypervisor-security-update-for-cve202445817?language=en_US


∗∗∗ Schwachstelle in BlackBerry CylanceOPTICS Windows Installer Package ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/schwachstelle-in-blackberry-cylanceoptics-windows-installer-package/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily