Tageszusammenfassung - 16.10.2024

End-of-Day report

Timeframe: Dienstag 15-10-2024 18:00 - Mittwoch 16-10-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

ASEC and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)

AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares the joint analysis report -Operation Code on Toast by TA-RedAnt- which details the findings of the ASEC and NCSC joint analysis and the responses to the threat.

https://asec.ahnlab.com/en/83877/

Exfiltration over Telegram Bots: Skidding Infostealer Logs

Bitsight-s visibility over infostealer malware which exfiltrates over Telegram suggests that the most infected countries are the USA, Turkey, and Russia, followed by India and Germany.

https://www.bitsight.com/blog/exfiltration-over-telegram-bots-skidding-infostealer-logs

EDRSilencer red team tool used in attacks to bypass security

A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles.

https://www.bleepingcomputer.com/news/security/edrsilencer-red-team-tool-used-in-attacks-to-bypass-security/

Mehrere Dienste betroffen: Microsoft warnt Kunden vor Datenverlust beim Logging

Durch einen Softwarefehler hat Microsoft einige für seine Kunden wichtige Protokolldaten verloren. Betroffen sind mehrere Clouddienste des Konzerns.

https://www.golem.de/news/mehrere-dienste-betroffen-microsoft-warnt-kunden-vor-datenverlust-beim-logging-2410-189901.html

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

https://thehackernews.com/2024/10/new-linux-variant-of-fastcash-malware.html

Windows 11 24H2: Probleme mit VPN-Verbindungen, Direct Access -

Seit Microsoft Windows 11 24H2 allgemein freigegeben hat, sind mir Meldungen zu Problemen rund um das Thema VPN-Verbindungen (CheckPoint VPN, WireGuard, Direct Access) untergekommen. Ich fasse mal einige dieser Meldungen in einem Beitrag zusammen, auch um ein Bild zu bekommen, ob es nur Einzelfälle sind oder ob mehr Leute betroffen sind.

https://www.borncity.com/blog/2024/10/15/windows-11-24h2-probleme-mit-vpn-verbindungen-direct-access/

Windows 11 24H2: Recall nicht deinstallierbar -

Trotz gegenteiliger Zusicherungen stellt sich momentan heraus, dass Microsofts umstrittene Funktion Recall sich nicht [ohne Kollateralschäden] unter Windows 11 24H2 deinstallieren lässt - das Ganze ist aktuell aber wohl noch im Fluss.

https://www.borncity.com/blog/2024/10/16/windows-11-24h2-recall-nicht-deinstallierbar/

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

https://www.trendmicro.com/en_us/research/24/j/fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.html

Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows

The idea of this blog post is to use open-source software tools to analyze unknown binaries for buffer overflows. In particular we are focusing on using Ollama3 to access multiple large language models. Ollama is a platform designed to simplify the deployment and usage of LLMs on local machines.This enables private data to be held locally instead of being sent to a cloud for processing.

https://www.nccgroup.com/us/research-blog/comparing-ai-against-traditional-static-analysis-tools-to-highlight-buffer-overflows/

Vulnerabilities

Oracle Critical Patch Update Advisory - October 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory.

https://www.oracle.com/security-alerts/cpuoct2024.html

Security updates for Wednesday

Security updates have been issued by AlmaLinux (buildah, containernetworking-plugins, and skopeo), Fedora (pdns-recursor and valkey), Mageia (unbound), Red Hat (fence-agents, firefox, java-11-openjdk, python-setuptools, python3-setuptools, resource-agents, and thunderbird), SUSE (etcd-for-k8s, libsonivox3, rubygem-puma, and unbound), and Ubuntu (apr, libarchive, linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, nano, and vim).

https://lwn.net/Articles/994436/

HP-DesignJet-Drucker: Angreifer können SMTP-Server-Logins abgreifen

Wie aus einer Warnmeldung hervorgeht, ist die Schwachstelle (CVE-2024-5749) mit dem Bedrohungsgrad "hoch" eingestuft. Klappen Attacken, sind SMTP-Server-Zugangsdaten einsehbar. Wie so ein Angriff ablaufen könnte, führen die HP-Entwickler derzeit nicht aus. Konkret davon betroffen sind die DesignJet-Modelle T730 und T830.

https://heise.de/-9983364