End-of-Day report
Timeframe: Donnerstag 04-04-2024 18:00 - Freitag 05-04-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Fake AI law firms are sending fake DMCA threats to generate fake SEO gains
If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a "DMCA Copyright Infringement Notice" in late March from "Commonwealth Legal," representing the "Intellectual Property division" of Tech4Gods.
https://arstechnica.com/?p=2014933
Continuation Flood: DoS-Angriffstechnik legt HTTP/2-Server ohne Botnetz lahm
Für einen erfolgreichen Angriff ist in einigen Fällen nur eine einzige TCP-Verbindung erforderlich. Es kommt zu einer Überlastung von Systemressourcen.
https://www.golem.de/news/continuation-flood-dos-angriffstechnik-legt-http-2-server-ohne-botnetz-lahm-2404-183857.html
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. [..] To mitigate the issue, it's recommended to enable IMDSv2 with Hop Limit so as to prevent pods from accessing the Instance Metadata Service (IMDS) and obtaining the role of a Node within the cluster.
https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html
Bing ad for NordVPN leads to SecTopRAT
Threat actors are luring victims to a fake NordVPN website that installs a Remote Access Trojan.
https://www.malwarebytes.com/blog/threat-intelligence/2024/04/bing-ad-for-nordvpn-leads-to-sectoprat
Neue Dreiecksbetrugsmasche: Kriminelle bestellen in Ihrem Namen
Sie kaufen online ein, bezahlen und erhalten die gewünschte Ware. Doch nach einigen Wochen erreicht Sie plötzlich eine Mahnung, ein Inkassoschreiben oder sogar eine Betrugsanzeige. Der Grund: Eine nicht bezahlte Rechnung von einem Onlineshop, bei dem Sie gar nichts bestellt haben. In diesem Fall wurden Sie und der Onlineshop betrogen. Wir zeigen Ihnen wie diese neue Masche funktioniert und wie Sie sich schützen können.
https://www.watchlist-internet.at/news/neue-dreiecksbetrugsmasche-kriminelle-bestellen-in-ihrem-namen/
The Illusion of Privacy: Geolocation Risks in Modern Dating Apps
Key takeaways Introduction Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature is quite useful for coordinating meetups, indicating whether a potential match is just a short distance away or a kilometer apart. However, openly sharing your distance with other users can create serious security issues. The risks become apparent when you consider the potential misuse by a curious individual armed with advanced knowledge of techniques like trilateration.
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (cockpit), Mageia (python-pygments), Red Hat (nodejs), Slackware (httpd and nghttp2), SUSE (avahi, gradle, gradle-bootstrap, and squid), and Ubuntu (xorg-server, xwayland).
https://lwn.net/Articles/968561/
Lexmark: Hochriskante Lücken erlauben Codeschmuggel auf Drucker
Lexmark warnt vor Sicherheitslücken in diversen Drucker-Firmwares. Angreifer können Schadcode einschleusen. Updates sind verfügbar.
https://heise.de/-9675861
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/