Tageszusammenfassung - 23.10.2024

End-of-Day report

Timeframe: Dienstag 22-10-2024 18:00 - Mittwoch 23-10-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Alexander Riepl

News

Exploit released for new Windows Server "WinReg" NTLM Relay attack

Proof-of-concept exploit code is now public for a vulnerability in Microsofts Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process.

https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/


Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes.

https://www.bleepingcomputer.com/news/security/hackers-exploit-52-zero-days-on-the-first-day-of-pwn2own-ireland/


Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/


Android und iOS: Fest codierte Cloud-Zugangsdaten in populären Apps entdeckt

Betroffen sind mehrere Apps mit teils Millionen von Downloads. Den Entdeckern zufolge gefährdet dies nicht nur Backend-Dienste, sondern auch Nutzerdaten.

https://www.golem.de/news/android-und-ios-fest-codierte-cloud-zugangsdaten-in-populaeren-apps-entdeckt-2410-190106.html


Grandoreiro, the global trojan with grandiose ambitions

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions.

https://securelist.com/grandoreiro-banking-trojan/114257/


The Crypto Game of Lazarus APT: Investors vs. Zero-days

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.

https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/


CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active ..

https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html


Achtung Fake-Shop: sparhimmel24.de

sparhimmel24.de ist ein betrügerischer Online-Shop, der Sie mit vermeintlichen Schnäppchen in die Falle lockt. Bestellungen werden trotz Bezahlung nicht geliefert. Wir zeigen Ihnen wie Sie Fake-Shops erkennen und sich vor Betrug schützen können.

https://www.watchlist-internet.at/news/achtung-fake-shop-sparhimmel24de


Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate.The post Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction appeared first on Unit 42.

https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/


Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

Did you know there-s widespread exploitation of FortiNet products going on using a zero day, and that there-s no CVE? Now you do.

https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773


Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

https://blog.talosintelligence.com/warmcookie-analysis/


Sicherheitslücke in Samsung-Android-Treiber wird angegriffen

Treiber für Samsungs Mobilprozessoren ermöglichen Angreifern das Ausweiten ihrer Rechte. Google warnt vor laufenden Angriffen darauf.

https://heise.de/-9991521


Public Report: WhatsApp Contacts Security Assessment

In May 2024, Meta engaged NCC Group-s Cryptography Services practice to perform a cryptography security assessment of selected aspects of the WhatsApp Identity Proof Linked Storage (IPLS) protocol implementation. IPLS underpins the WhatsApp Contacts solution, which aims to store ..

https://www.nccgroup.com/us/research-blog/public-report-whatsapp-contacts-security-assessment/


Vulnerabilities

SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber Devices

InterMesh Subscriber devices contain multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. CVSS v4.0 Base Score: 10.0, CVE-2024-47901

https://cert-portal.siemens.com/productcert/html/ssa-333468.html?ste_sid=2330958ec0c3ccf337b577f5ee658f6c


Security updates for Wednesday

Security updates have been issued by Debian (dmitry, libheif, and python-sql), Fedora (suricata and wireshark), SUSE (cargo-c, libeverest, protobuf, and qemu), and Ubuntu (golang-1.22, libheif, unbound, and webkit2gtk).

https://lwn.net/Articles/995293/


2024-10-21: Cyber Security Advisory - ABB Relion 611, 615, 620, 630 series, REX610, REX640, SMU615, SSC600, Arctic solution, COM600, SPA ZC-400, SUE3000 Guidelines to Prevent Unauthorized Modifications of Firmware and Configuration

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch


Authenticated Remote Code Execution in multiple Xerox printers

https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/