End-of-Day report
Timeframe: Freitag 26-04-2024 18:00 - Montag 29-04-2024 18:01
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Winrar: Gefälschte Ausgaben unter Linux möglich und MotW-Probleme in Windows
Die Version 7.00 der Archiv-Software Winrar schließt auch Sicherheitslücken. Unter Linux lassen sich Ausgaben fälschen, in Windows MotW-Markierungen. [..] Winrar 7.00 wurde schon vor einigen Wochen veröffentlicht.
https://heise.de/-9701474
Okta warns of "unprecedented" credential stuffing attacks on customers
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. [..] Okta also provides in its advisory a list of more generic recommendations that can help mitigate the risk of account takover.
https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/
D-Link NAS Device Backdoor Abused, (Mon, Apr 29th)
End of March, NetworkSecurityFish disclosed a vulnerability in various D-Link NAS devices. The vulnerability allows access to the device using the user "messagebus" without credentials. [..] Initial exploit attempts were detected as soon as April 8th. The vulnerability is particularly dangerous as some affected devices are no longer supported by DLink, and no patch is expected to be released.
https://isc.sans.edu/diary/rss/30878
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. [..] The security defect has been addressed in version 4.4.0 released on April 24, 2024, following responsible disclosure.
https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html
Discord dismantles Spy.pet site that snooped on millions of users
The site, which has been slurping up public data on Discord users since November of last year, was outed to the world last week after it was discovered the platform contained messages belonging to nearly 620 million users from more than 14,000 Discord servers. Any and all of the data was available for a price - Spy.pet offered to help law enforcement, people spying on their friends, or even those training AI models.
https://go.theregister.com/feed/www.theregister.com/2024/04/29/infosec_in_brief/
Google-Bewertungen entfernen lassen? Vorsicht vor entferno.at
entferno.at verspricht, Google-Rezensionen entfernen zu lassen - angeblich mit einer Erfolgsquote von 95 Prozent. Wer auf dieses Angebot eingeht, wird aber enttäuscht, denn trotz Bezahlung wurden in aktuellen Fällen keine Bewertungen gelöscht und auf schriftliche und telefonische Anfragen wurde nicht mehr reagiert. Das Geld ist weg!
https://www.watchlist-internet.at/news/google-bewertungen-entfernen-lassen-vorsicht-vor-entfernoat/
From IcedID to Dagon Locker Ransomware in 29 Days
In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. [..] This case had a TTR (time to ransomware) of 29 days.
https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
Britische Regierung verbietet Geräte mit schwachen Passwörtern
Unternehmen sind gesetzlich verpflichtet, ihre Geräte vor Cyberkriminellen zu schützen. Smartphones mit unsicheren Passwörtern müssen künftig gemeldet werden.
https://heise.de/-9702215
Vulnerabilities
Security updates for Monday
Security updates have been issued by AlmaLinux (buildah, go-toolset:rhel8, golang, java-11-openjdk, java-21-openjdk, libreswan, thunderbird, and tigervnc), Debian (chromium, emacs, frr, mediawiki, ruby-rack, trafficserver, and zabbix), Fedora (chromium, grub2, python-idna, and python-reportlab), Mageia (chromium-browser-stable, firefox, opencryptoki, and thunderbird), Red Hat (container-tools:4.0, container-tools:rhel8, git-lfs, and shim), SUSE (frr, java-11-openjdk, java-1_8_0-openjdk, kernel, pdns-recursor, and shim), and Ubuntu (apache2, cpio, curl, glibc, gnutls28, less, libvirt, and pillow).
https://lwn.net/Articles/971487/
Qnap schließt NAS-Sicherheitslücken aus Hacker-Wettbewerb Pwn2Own
NAS-Modelle von Qnap sind verwundbar. Nun hat der Hersteller Sicherheitsupdates für das Betriebssystem und Apps veröffentlicht.
https://heise.de/-9701977
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/