End-of-Day report
Timeframe: Freitag 11-10-2024 18:00 - Montag 14-10-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security.
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/
Google warns uBlock Origin and other extensions may be disabled soon
Googles Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the companys deprecation of the Manifest V2 extension specification.
https://www.bleepingcomputer.com/news/google/google-warns-ublock-origin-and-other-extensions-may-be-disabled-soon/
Microsoft-s guidance to help mitigate Kerberoasting
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks. Microsoft is sharing recommended actions administrators can take now to help prevent successful Kerberoasting cyberattacks.
https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the credentials of those users.
https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html
Chatbot Traps: How to Avoid Job Scams
While the strategies outlined here can help you detect AI-powered scams, it is important to recognise that AI technology is advancing rapidly. Many current weaknesses-such as difficulties with complex questions or live conversations-may diminish as AI continues to improve.
https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams
Casio says ransomware attack exposed info of employees, customers and business partners
Japanese electronics manufacturer Casio confirmed on Friday that a cyber incident announced earlier this week was a ransomware attack that potentially exposed the information of employees, customers, business partners and affiliates.
https://therecord.media/casio-ransomware-attack-exposed-emplyee-customer-data
Achtung: Neue textbasierte QR-Code-Phishing-Varianten
Sicherheitsforscher von Barracuda sind auf eine neue Variante zur Gestaltung von Phishing-Nachrichten gestoßen. Diese verwenden QR-Codes aus textbasierten ASCII/Unicode-Zeichen, statt wie üblich aus statischen Bildern erstellt zu werden, um herkömmliche Sicherheitsmaßnahmen zu umgehen.
https://www.borncity.com/blog/2024/10/13/achtung-neue-textbasierte-qr-code-phishing-varianten/
Sicherheitslücke in Ecovacs-Saugrobotern erlaubt Remote-Steuerung durch Hacker
In den USA häufen sich Fälle, in denen gehackte Saugroboter offenbar fremdgesteuert Beleidigungen zurufen und Bilder über die interne Kamera übertragen.
https://heise.de/-9979104
Vulnerabilities
Notfall-Update: Tor-Nutzer über kritische Firefox-Lücke attackiert
Eine kritische Firefox-Schwachstelle betrifft auch den Tor-Browser und Thunderbird. Patches stehen bereit, kommen für einige Tor-Nutzer aber zu spät.
https://www.golem.de/news/notfall-update-tor-nutzer-ueber-kritische-firefox-luecke-attackiert-2410-189766.html
Moxa: Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances
The first vulnerability, CVE-2024-9137, allows attackers to manipulate device configurations without authentication. The second vulnerability, CVE-2024-9139, permits OS command injection through improperly restricted commands, potentially enabling attackers to execute arbitrary codes.
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances
Security updates for Monday
Security updates have been issued by Debian (docker.io, libreoffice, node-dompurify, python-reportlab, and thunderbird), Fedora (buildah, chromium, kernel, kernel-headers, libgsf, mosquitto, p7zip, podman, python-cramjam, python-virtualenv, redis, rust-async-compression, rust-brotli, rust-brotli-decompressor, rust-libcramjam, rust-libcramjam0.2, rust-nu-command, rust-nu-protocol, rust-redlib, rust-tower-http, thunderbird, and webkit2gtk4.0), Oracle (.NET 6.0, .NET 8.0, e2fsprogs, firefox, golang, openssl, python3-setuptools, systemd, and thunderbird), SUSE (chromium, firefox, java-jwt, libmozjs-128-0, libwireshark18, ntpd-rs, OpenIPMI, thunderbird, and wireshark), and Ubuntu (firefox, python2.7, python3.5, thunderbird, and ubuntu-advantage-desktop-daemon).
https://lwn.net/Articles/994080/
Sicherheitsupdate: Angreifer können Netzwerkanalysetool Wireshark crashen lassen
Wireshark ist in einer gegen mögliche Angriffe abgesicherten Version erschienen. Darin haben die Entwickler auch mehrere Bugs gefixt.
https://heise.de/-9979991
ZDI-24-1374: IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1374/
ZDI-24-1369: Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1369/
Security Vulnerability fixed in Firefox 131.0.3
https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/