End-of-Day report
Timeframe: Montag 29-04-2024 18:00 - Dienstag 30-04-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Gefälschte SMS im Namen von Bundeskanzleramt
Vorsicht: Kriminelle geben sich als Bundeskanzleramt Österreich aus. In der SMS wird behauptet, dass eine Nachricht auf Sie wartet. Klicken Sie auf keinen Fall auf den Link, Sie werden auf eine gefälschte Webseite weitergeleitet.
https://www.watchlist-internet.at/news/gefaelschte-sms-im-namen-von-bundeskanzleramt/
FBI warns of fake verification schemes targeting dating app users
The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. [..] It starts with fraudsters approaching victims on a dating app or site and developing a romantic rapport. This lays the ground for requesting to take the conversation outside the platform onto a supposedly safer communications tool. At this stage, the fraudster sends a link to the victim that will take them to a seemingly legitimate verification platform where the victim will have to verify they're not a sexual offender.
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/
Millions of Malicious Imageless Containers Planted on Docker Hub Over 5 Years
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. [..] Of the 4.79 million imageless Docker Hub repositories uncovered, 3.2 million of them are said to have been used as landing pages to redirect unsuspecting users to fraudulent sites as part of three broad campaigns.
https://thehackernews.com/2024/04/millions-of-malicious-imageless.html
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen
McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-darkgate-menace-leveraging-autohotkey-attempt-to-evade-smartscreen/
Chrome 124 macht TLS-Handshake kaputt
Google hat kürzlich seinen Google Chrome-Browser in der Version 124 veröffentlicht. Neben Schwachstellen haben die Entwickler auch etwas an der TLS-Verschlüsselung (X25519Kyber768-Schlüsselkapselung für TLS) geändert. Inzwischen gibt es aber Rückmeldungen von Nutzern, die sich darüber beklagen, dass diese Änderung das TLS-Handshake zu Webservern kaputt machen kann. Das betrifft auch auf Chromium basierende Browser wie den Edge 124.
https://www.borncity.com/blog/2024/04/30/chrome-124-macht-tls-handshake-kaputt/
Google Play blockiert mehr als 2 Millionen Trojaner-Apps - Tendenz steigend
Dank strengerer Sicherheitschecks sperrte Google 2023 knapp 2,3 Millionen böse Apps aus. Trotz gesteigerter Bemühungen schlüpfen aber immer noch welche durch.
https://heise.de/-9703405
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. [..] The guidelines calls on management to act decisively on identified AI risks to enhance safety and security, ensuring that risk management controls are implemented and maintained to optimize the benefits of AI systems while minimizing adverse effects.
https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (org-mode), Oracle (shim and tigervnc), Red Hat (ansible-core, avahi, buildah, container-tools:4.0, containernetworking-plugins, edk2, exfatprogs, fence-agents, file, freeglut, freerdp, frr, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, kernel, libjpeg-turbo, libnbd, LibRaw, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, mutt, openssl and openssl-fips-provider, osbuild and osbuild-composer, pam, pcp, pcs, perl, pmix, podman, python-jinja2, python3.11, python3.11-cryptography, python3.11-urllib3, qemu-kvm, qt5-qtbase, runc, skopeo, squashfs-tools, systemd, tcpdump, tigervnc, toolbox, traceroute, webkit2gtk3, wpa_supplicant, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), SUSE (docker, ffmpeg, ffmpeg-4, frr, and kernel), and Ubuntu (anope, freerdp3, and php7.0, php7.2, php7.4, php8.1).
https://lwn.net/Articles/971740/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
ChromeOS: Long Term Support Channel Update for ChromeOS
http://chromereleases.googleblog.com/2024/04/long-term-support-channel-update-for_29.html
[R1] Nessus Network Monitor 6.4.0 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2024-07
Delta Electronics CNCSoft-G2 DOPSoft
https://www.cisa.gov/news-events/cybersecurity-advisories/icsa-24-121-01