Tageszusammenfassung - 27.11.2024

End-of-Day report

Timeframe: Dienstag 26-11-2024 18:05 - Mittwoch 27-11-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.

https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/


Betrug auf Telegram und WhatsApp mit Fake Job angeboten

Unterhalb finden Sie unseren Bericht des Telegram Betrugs und wie wir es sogar geschafft haben die Betrüger auszutricksen. Außerdem geben wir Ticks und Tricks, was Sie machen können und wie Sie solch einen Betrug erkennen.

https://www.zettasecure.com/post/betrug-auf-telegram-und-whatsapp-mit-fake-job-angeboten


Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720.

https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html


Gaming Engines: An Undetected Playground for Malware Loaders

Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal.

https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/


New NachoVPN attack uses rogue VPN servers to install malicious updates

A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them.

https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/


Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns

Welcome to the second part of our investigation into the Rockstar kit, please check out part one here.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa-phishing-as-a-service-paas-noteworthy-email-campaigns/


Researchers Discover "Bootkitty" - First UEFI Bootkit Targeting Linux Kernels

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.

https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html


BEC-ware the Phish (part 3): Detect and Prevent Incidents in M365

This blog discusses a few options in M365, such as guidance on configuring threat and alert policies and how to deal with these alerts downstream in the SIEM.

https://www.pentestpartners.com/security-blog/bec-ware-the-phish-part-3-detect-and-prevent-incidents-in-m365/


Modern solutions against cross-site attacks

This article is about cross-site leak attacks and what recent defenses have been introduced to counter them. I also want to finally answer the question why web security best practices is always opt-in and finally how YOU can get increased security controls.

https://frederikbraun.de/modern-solutions-xsleaks.html

Vulnerabilities

Palo Alto Globalprotect: Schadcode-Lücke durch unzureichende Zertifikatsprüfung

Die Entdecker der Sicherheitslücke von Amberwolf schreiben in ihrer detaillierten Analyse, dass die Globalprotect-VPN-Clients sowohl unter macOS als auch unter Windows anfällig für das Ausführen von Schadcode aus dem Netz und der Ausweitung der Rechte sind, und zwar durch den automatischen Update-Mechanismus (CVE-2024-5921, CVSS-B 7.2, Risiko "hoch"). Zwar erfordert der Update-Prozess, dass MSI-Dateien signiert sind, jedoch können Angreifer den PanGPS-Dienst zum Installieren eines bösartigen, dadurch vertrautem Root-Zertifikat missbrauchen.

https://heise.de/-10178649


Microsoft patcht teils kritische Lücken außer der Reihe

Microsoft hat in der Nacht zum Mittwoch vier Sicherheitsmitteilungen veröffentlicht. [..] Einige Updates müssen Nutzer installieren.

https://www.heise.de/-10178400


Security updates for Wednesday

Security updates have been issued by Debian (mpg123 and php8.2), Fedora (libsndfile, mingw-glib2, mingw-libsoup, mingw-python3, and qbittorrent), Oracle (pam:1.5.1 and perl-App-cpanminus), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (mozilla), SUSE (firefox, rclone, tomcat, tomcat10, and xen), and Ubuntu (gh, libsoup2.4, libsoup3, pygments, TinyGLTF, and twisted).

https://lwn.net/Articles/999897/


GitLab Patch Release: 17.6.1, 17.5.3, 17.4.5

https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/


HPE Insight Remote Support: Monitoring-Software ermöglicht Codeschmuggel

https://www.heise.de/-10178034


WebKitGTK and WPE WebKit Security Advisory WSA-2024-0007

https://webkitgtk.org/security/WSA-2024-0007.html


Synology-SA-24:27 DSM

https://www.synology.com/en-global/support/security/Synology_SA_24_27


Synology-SA-24:26 BeeDrive for desktop

https://www.synology.com/en-global/support/security/Synology_SA_24_26


Omada Identity: Stored Cross-Site Scripting in Omada Identity

https://sec-consult.com/de/vulnerability-lab/advisory/stored-xss-in-omada-identity/


F5: K000148716: REXML vulnerability CVE-2024-41123

https://my.f5.com/manage/s/article/K000148716


F5: K000148692: Qt vulnerability CVE-2023-34410

https://my.f5.com/manage/s/article/K000148692


F5: K000148690: Qt vulnerability CVE-2023-32573

https://my.f5.com/manage/s/article/K000148690