Tageszusammenfassung - 28.11.2023

End-of-Day report

Timeframe: Montag 27-11-2023 18:00 - Dienstag 28-11-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner

News

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspaces domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges.

https://thehackernews.com/2023/11/design-flaw-in-google-workspace-could.html

LostTrust Ransomware

The LostTrust ransomware family has a fairly small victim pool and has compromised victims earlier this year. The encryptor has similar characteristcs to the MetaEncryptor ransomware family including code flow and strings which indicates that the encryptor is a variant from the original MetaEncryptor source.

https://www.shadowstackre.com/analysis/losttrust

Slovenian power company hit by ransomware

Slovenian power generation company Holding Slovenske Elektrarne (HSE) has been hit by ransomware and has had some of its data encrypted. The attack HSE is a state-owned company that controls numerous hydroelectric, thermal and coal-fired power plants. The company has declined to share any details about the cyber intrusion, but has confirmed that operation of its power plants has not been affected.

https://www.helpnetsecurity.com/2023/11/28/slovenian-power-company-ransomware/

Exploitation of Critical ownCloud Vulnerability Begins

Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.

https://www.securityweek.com/exploitation-of-critical-owncloud-vulnerability-begins/

Webinar: Sicheres Online-Shopping

Darf ich Artikel immer zurücksenden und wie lange habe ich dafür Zeit? Was ist das Rücktrittsrecht und welche Zahlungsmethoden gelten als sicher? Dieses Webinar gibt rechtliche Tipps und Infos zum sicheren Online-Einkauf. Nehmen Sie kostenlos teil: Montag, 11. Dezember 2023, 18:30 - 20:00 Uhr via zoom

https://www.watchlist-internet.at/news/webinar-sicheres-online-shopping-2/

Betrügerische Plattform für Sportwetten: xxwin.bet

xxwin.bet ist eine betrügerische Online-Plattform für Sportwetten. Die Plattform wird meist in fragwürdigen Telegram-Kanälen empfohlen. Wenn Sie dort einzahlen, verlieren Sie Ihr Geld, denn die Plattform zahlt keine Gewinne aus.

https://www.watchlist-internet.at/news/betruegerische-plattform-fuer-sportwetten-xxwinbet/

Vulnerabilities

Missing Certificate Validation & User Enumeration in Anveo Mobile App and Server

The Anveo Mobile App (Windows version) does not validate server certificates and therefore enables man-in-the-middle attacks. The Anveo Server is also vulnerable against user enumeration because of different error messages for existing vs. non-existing users. The vendor was unresponsive and did not reply to our communication attempts and even deleted our comment to request a contact on LinkedIn, see the timeline section further below.

https://sec-consult.com/vulnerability-lab/advisory/missing-certificate-validation-user-enumeration/

Security updates for Tuesday

Security updates have been issued by Debian (cryptojs, fastdds, mediawiki, and minizip), Fedora (chromium, kubernetes, and thunderbird), Mageia (lilypond, mariadb, and packages), Red Hat (firefox, linux-firmware, and thunderbird), SUSE (compat-openssl098, gstreamer-plugins-bad, squashfs, squid, thunderbird, vim, and xerces-c), and Ubuntu (libtommath, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, perl, and python3.8, python3.10, python3.11).

https://lwn.net/Articles/953099/

Critical Vulnerability Found in Ray AI Framework

Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client. A remote attacker can abuse this issue to submit or delete jobs without authentication. Furthermore, the attacker could retrieve sensitive information and execute arbitrary code, Bishop Fox says.

https://www.securityweek.com/critical-vulnerability-found-in-ray-ai-framework/

Zyxel security advisory for multiple vulnerabilities in firewalls and APs

CVEs: CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps