Tageszusammenfassung - 16.02.2024

End-of-Day report

Timeframe: Donnerstag 15-02-2024 18:00 - Freitag 16-02-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

RansomHouse gang automates VMware ESXi attacks with new MrAgent tool

The RansomHouse ransomware operation has created a new tool named MrAgent that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.

https://www.bleepingcomputer.com/news/security/ransomhouse-gang-automates-vmware-esxi-attacks-with-new-mragent-tool/


Berliner Kritis-Lieferant: PSI Software nimmt Systeme nach Cyberangriff offline

Der Softwarekonzern beliefert unter anderem Betreiber von Energienetzen und Verkehrsinfrastrukturen sowie Kunden aus den Bereichen Industrie und Logistik.

https://www.golem.de/news/berliner-kritis-lieferant-psi-software-nimmt-systeme-nach-cyberangriff-offline-2402-182289.html


Phishing und Spoofing: BSI gibt Hinweise zur E-Mail-Authentifizierung

Gewappnet mit Standards wie SPF, DKIM und DMARC könnten Anbieter selbst neue Angriffe wie SMTP-Smuggling erschweren, heißt es in einer Technischen Richtlinie.

https://www.heise.de/-9631309


F5 behebt 20 Sicherheitslücken in Big-IP-Loadbalancer, WAF und nginx

Unter anderem konnten Angreifer eigenen Code in den Loadbalancer einschmuggeln, nginx hingegen verschluckte sich an HTTP3/QUIC-Anfragen.

https://www.heise.de/-9629983


Falsche DHL-Boten fordern am Telefon SMS-Code für vermeintliche Paketzustellung

Kriminelle ergaunern SMS-Codes für Paket-Zustellungen. Dabei geben sich die Täter gegenüber potenziellen Opfern als angebliche DHL-Mitarbeiter aus.

https://www.heise.de/-9630541


Alpha Ransomware Emerges From NetWalker Ashes

Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation.

https://symantec-enterprise-blogs.security.com/threat-intelligence/alpha-netwalker-ransomware

Vulnerabilities

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that its being likely exploited in Akira ransomware attacks.

https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html


Security updates for Friday

Security updates have been issued by Mageia (bind), Red Hat (.NET 8.0 and kpatch-patch), SUSE (golang-github-prometheus-alertmanager, java-1_8_0-openj9, kernel, libaom, openssl-3, postgresql15, salt, SUSE Manager Client Tools, SUSE Manager Server 4.3, and webkit2gtk3), and Ubuntu (shadow).

https://lwn.net/Articles/962506/


Eight Vulnerabilities Disclosed in the AI Development Supply Chain

Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed. All have CVE numbers, one has critical severity, and seven have high severity. [..] They are: CVE-2023-6975: arbitrary file write in MLFLow, CVSS 9.8, CVE-2023-6753: arbitrary file write on Windows in MLFlow, CVSS 9.6, CVE-2023-6730: RCE in Hugging Face Transformers via RagRetriever.from_pretrained(), CVSS 9.0, CVE-2023-6940: server side template injection bypass in MLFlow, CVSS 9.0, CVE-2023-6976: arbitrary file upload patch bypass in MLFlow, CVSS 8.8, CVE-2023-31036: RCE via arbitrary file overwrite in Triton Inference Server, CVSS 7.5, CVE-2023-6909: local file inclusion in MLFlow, CVSS 7.5, CVE-2024-0964: LFI in Gradio, CVSS 7.5

https://www.securityweek.com/eight-vulnerabilities-disclosed-in-the-ai-development-supply-chain/


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/