Tageszusammenfassung - 12.11.2024

End-of-Day report

Timeframe: Montag 11-11-2024 18:00 - Dienstag 12-11-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Daten von Amazon-Mitarbeiter wurden in einem Hackerforum veröffentlicht

Der Datensatz dürfte von einem Immobilienverwalter stammen und auf die kritische Lücke in der Software von Moveit zurückgehen

https://www.derstandard.at/story/3000000244555/daten-von-amazon-mitarbeiter-wurden-in-einem-hackerforum-veroeffentlicht

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

New research reveals two vulnerabilities in Googles Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models.

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

2023 Top Routinely Exploited Vulnerabilities

This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise ..

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

Building a Resilient Network Architecture: Key Trends for 2025

As organizations continue to align their operational strategies with evolving digital ecosystems and technologies, the concept of network resilience has become a priority. A major mindset shift is that modern networks must be designed not just for speed and efficiency but also for flexibility, security, and the ability to hold out against ..

https://levelblue.com/blogs/security-essentials/building-a-resilient-network-architecture-key-trends-for-2025

LodaRAT: Established malware, new victim patterns

Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.

https://www.rapid7.com/blog/post/2024/11/12/lodarat-established-malware-new-victim-patterns/

ICS Security Is a Team Sport

Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsights partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.

https://www.bitsight.com/blog/ics-security-team-sport

Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)

Well, we-re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it-s in Citrix-s -Virtual Apps and Desktops- offering.

https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/

SAP Patchday: Acht neue Sicherheitslücken, davon eine hochriskant

Admins können etwas entspannter auf den aktuellen SAP-Patchday schauen: Von acht neuen Sicherheitslücken gilt lediglich eine als hohes Risiko.

https://heise.de/-10020168

Attack of the Evil Baristas

I use the term -hacklore- to refer to the urban legends surrounding cybersecurity. Hacklore is everywhere, and this holiday season, you-re bound to hear it nonstop: -The Russians will load your phone with malware if you scan QR codes!- or -Hackers will steal your banking details if you use a USB charger at the airport!- and so on.

https://medium.com/@boblord/attack-of-the-evil-baristas-b204436f0853

Reverse Engineering: Finding Exploits in Video Games

In this guide, I'll walk you through how I create tools to find exploits in video games for bug bounty programs. Specifically, I'll focus on my research into the game Sword of Convallaria. This exploration is purely for educational purposes. As such, I have removed some of the assets as an exercise for ..

https://shalzuth.com/Blog/FindingExploitsInGames

Critical WPLMS WordPress Theme Vulnerability Puts Websites at Risk of RCE Attacks

A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in the WPLMS ..

https://thecyberexpress.com/critical-wplms-wordpress-theme-vulnerability/

Harnessing Chisel for Covert Operations: Unpacking a Multi-Stage PowerShell Campaign

The Cyble Research and Intelligence Lab (CRIL) has recently uncovered a sophisticated multi-stage infection chain, primarily driven by PowerShell scripts. This campaign, which targets organizations through a variety of ..

https://thecyberexpress.com/new-powershell-campaign/

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by AlmaLinux (gstreamer1-plugins-base), Debian (chromium, ghostscript, libarchive, mpg123, ruby-saml, and symfony), Fedora (buildah and podman), Red Hat (buildah, containernetworking-plugins, podman, skopeo, and xorg-x11-server-Xwayland), Slackware (wget), SUSE (pcp), and Ubuntu (linux, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, ..

https://lwn.net/Articles/997903/

Citrix Releases Security Updates for NetScaler and Citrix Session Recording

Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control ..

https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording

November Security Update

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers. Ivanti is ..

https://www.ivanti.com/blog/november-2024-security-update

Zyxel security advisory for post-authentication command injection and buffer overflow vulnerabilities in GS1900 series switches

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024