End-of-Day report
Timeframe: Donnerstag 15-02-2024 18:00 - Freitag 16-02-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
RansomHouse gang automates VMware ESXi attacks with new MrAgent tool
The RansomHouse ransomware operation has created a new tool named MrAgent that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.
https://www.bleepingcomputer.com/news/security/ransomhouse-gang-automates-vmware-esxi-attacks-with-new-mragent-tool/
Berliner Kritis-Lieferant: PSI Software nimmt Systeme nach Cyberangriff offline
Der Softwarekonzern beliefert unter anderem Betreiber von Energienetzen und Verkehrsinfrastrukturen sowie Kunden aus den Bereichen Industrie und Logistik.
https://www.golem.de/news/berliner-kritis-lieferant-psi-software-nimmt-systeme-nach-cyberangriff-offline-2402-182289.html
Phishing und Spoofing: BSI gibt Hinweise zur E-Mail-Authentifizierung
Gewappnet mit Standards wie SPF, DKIM und DMARC könnten Anbieter selbst neue Angriffe wie SMTP-Smuggling erschweren, heißt es in einer Technischen Richtlinie.
https://www.heise.de/-9631309
F5 behebt 20 Sicherheitslücken in Big-IP-Loadbalancer, WAF und nginx
Unter anderem konnten Angreifer eigenen Code in den Loadbalancer einschmuggeln, nginx hingegen verschluckte sich an HTTP3/QUIC-Anfragen.
https://www.heise.de/-9629983
Falsche DHL-Boten fordern am Telefon SMS-Code für vermeintliche Paketzustellung
Kriminelle ergaunern SMS-Codes für Paket-Zustellungen. Dabei geben sich die Täter gegenüber potenziellen Opfern als angebliche DHL-Mitarbeiter aus.
https://www.heise.de/-9630541
Alpha Ransomware Emerges From NetWalker Ashes
Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation.
https://symantec-enterprise-blogs.security.com/threat-intelligence/alpha-netwalker-ransomware
Vulnerabilities
CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that its being likely exploited in Akira ransomware attacks.
https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html
Security updates for Friday
Security updates have been issued by Mageia (bind), Red Hat (.NET 8.0 and kpatch-patch), SUSE (golang-github-prometheus-alertmanager, java-1_8_0-openj9, kernel, libaom, openssl-3, postgresql15, salt, SUSE Manager Client Tools, SUSE Manager Server 4.3, and webkit2gtk3), and Ubuntu (shadow).
https://lwn.net/Articles/962506/
Eight Vulnerabilities Disclosed in the AI Development Supply Chain
Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed. All have CVE numbers, one has critical severity, and seven have high severity. [..] They are:
CVE-2023-6975: arbitrary file write in MLFLow, CVSS 9.8,
CVE-2023-6753: arbitrary file write on Windows in MLFlow, CVSS 9.6,
CVE-2023-6730: RCE in Hugging Face Transformers via RagRetriever.from_pretrained(), CVSS 9.0,
CVE-2023-6940: server side template injection bypass in MLFlow, CVSS 9.0,
CVE-2023-6976: arbitrary file upload patch bypass in MLFlow, CVSS 8.8,
CVE-2023-31036: RCE via arbitrary file overwrite in Triton Inference Server, CVSS 7.5,
CVE-2023-6909: local file inclusion in MLFlow, CVSS 7.5,
CVE-2024-0964: LFI in Gradio, CVSS 7.5
https://www.securityweek.com/eight-vulnerabilities-disclosed-in-the-ai-development-supply-chain/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/