Tageszusammenfassung - 21.11.2024

End-of-Day report

Timeframe: Mittwoch 20-11-2024 18:00 - Donnerstag 21-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Fortinet VPN design flaw hides successful brute-force attacks

A design flaw in the Fortinet VPN servers logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins.

https://www.bleepingcomputer.com/news/security/fortinet-vpn-design-flaw-hides-successful-brute-force-attacks/

Wegen Sicherheitslücke: D-Link drängt auf Entsorgung älterer Router

Mehrere D-Link-Router, von denen einige erst vor wenigen Monaten den EOL-Status erreicht haben, sind angreifbar. Patches gibt es nicht.

https://www.golem.de/news/wegen-sicherheitsluecke-d-link-draengt-auf-entsorgung-aelterer-router-2411-191007.html

Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation

Authored by: M. Authored by: M, Mohanasundaram and Neil Tyagi In today-s rapidly evolving cyber landscape, malware threats ..

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lumma-stealer-on-the-rise-how-telegram-channels-are-fueling-malware-proliferation/

Azure Key Vault Tradecraft with BARK

This post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment.

https://posts.specterops.io/azure-key-vault-tradecraft-with-bark-24163abc8de3

-Free Hugs- - What to be Wary of in Hugging Face - Part 2

Enjoy Threat Modeling? Try Threats in Models! Previously- In part 1 of this 4-part blog, we discussed Hugging Face, the potentially dangerous trust relationship between Hugging Face users and the ReadMe file, exploiting users who ..

https://checkmarx.com/blog/free-hugs-what-to-be-wary-of-in-hugging-face-part-2/

New Report Reveals Hidden Risks: How Internet-Exposed Systems Threaten Critical Infrastructure

A new Censys report found 145,000 exposed ICSs and thousands of insecure human-machine interfaces (HMIs), providing attackers with an accessible path to disrupt critical operations. Real-world examples underscore the danger, with Iranian and Russian-backed hackers exploiting HMIs to manipulate water systems in Pennsylvania and Texas. GreyNoise research ..

https://www.greynoise.io/blog/new-report-reveals-hidden-risks-how-internet-exposed-systems-threaten-critical-infrastructure

Finding Bugs in Chrome with CodeQL

This blog post discusses how to use a static analysis tool called CodeQL to search for vulnerabilities in Chrome.

https://bughunters.google.com/blog/5085111480877056/finding-bugs-in-chrome-with-codeql

Spelunking in Comments and Documentation for Security Footguns

Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. We cover officially documented, or at least previously discussed, code functionality that could unexpectedly introduce vulnerabilities. Well-documented behavior is not always what it appears!

https://blog.includesecurity.com/2024/11/spelunking-in-comments-and-documentation-for-security-footguns/

Azure Detection Engineering: Log idiosyncrasies you should know about

We share a few inconsistencies found in Azure logs which make detection engineering more challenging.

https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about

Vulnerabilities

Security updates for Thursday

Security updates have been issued by AlmaLinux (kernel, NetworkManager-libreswan, and openssl), Fedora (chromium and llvm-test-suite), Mageia (thunderbird), and Ubuntu (linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,, linux-azure, and ruby2.7).

https://lwn.net/Articles/998949/

Progress Kemp LoadMaster OS Command Injection Vulnerability

FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks

https://fortiguard.fortinet.com/outbreak-alert/kemp-loadmaster-os-command-injection

ZDI-24-1532: 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1532/