Tageszusammenfassung - 05.04.2024

End-of-Day report

Timeframe: Donnerstag 04-04-2024 18:00 - Freitag 05-04-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Fake AI law firms are sending fake DMCA threats to generate fake SEO gains

If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a "DMCA Copyright Infringement Notice" in late March from "Commonwealth Legal," representing the "Intellectual Property division" of Tech4Gods.

https://arstechnica.com/?p=2014933


Continuation Flood: DoS-Angriffstechnik legt HTTP/2-Server ohne Botnetz lahm

Für einen erfolgreichen Angriff ist in einigen Fällen nur eine einzige TCP-Verbindung erforderlich. Es kommt zu einer Überlastung von Systemressourcen.

https://www.golem.de/news/continuation-flood-dos-angriffstechnik-legt-http-2-server-ohne-botnetz-lahm-2404-183857.html


AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. [..] To mitigate the issue, it's recommended to enable IMDSv2 with Hop Limit so as to prevent pods from accessing the Instance Metadata Service (IMDS) and obtaining the role of a Node within the cluster.

https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html


Bing ad for NordVPN leads to SecTopRAT

Threat actors are luring victims to a fake NordVPN website that installs a Remote Access Trojan.

https://www.malwarebytes.com/blog/threat-intelligence/2024/04/bing-ad-for-nordvpn-leads-to-sectoprat


Neue Dreiecksbetrugsmasche: Kriminelle bestellen in Ihrem Namen

Sie kaufen online ein, bezahlen und erhalten die gewünschte Ware. Doch nach einigen Wochen erreicht Sie plötzlich eine Mahnung, ein Inkassoschreiben oder sogar eine Betrugsanzeige. Der Grund: Eine nicht bezahlte Rechnung von einem Onlineshop, bei dem Sie gar nichts bestellt haben. In diesem Fall wurden Sie und der Onlineshop betrogen. Wir zeigen Ihnen wie diese neue Masche funktioniert und wie Sie sich schützen können.

https://www.watchlist-internet.at/news/neue-dreiecksbetrugsmasche-kriminelle-bestellen-in-ihrem-namen/


The Illusion of Privacy: Geolocation Risks in Modern Dating Apps

Key takeaways Introduction Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature is quite useful for coordinating meetups, indicating whether a potential match is just a short distance away or a kilometer apart. However, openly sharing your distance with other users can create serious security issues. The risks become apparent when you consider the potential misuse by a curious individual armed with advanced knowledge of techniques like trilateration.

https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/

Vulnerabilities

Security updates for Friday

Security updates have been issued by Debian (cockpit), Mageia (python-pygments), Red Hat (nodejs), Slackware (httpd and nghttp2), SUSE (avahi, gradle, gradle-bootstrap, and squid), and Ubuntu (xorg-server, xwayland).

https://lwn.net/Articles/968561/


Lexmark: Hochriskante Lücken erlauben Codeschmuggel auf Drucker

Lexmark warnt vor Sicherheitslücken in diversen Drucker-Firmwares. Angreifer können Schadcode einschleusen. Updates sind verfügbar.

https://heise.de/-9675861


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/