Tageszusammenfassung - 03.05.2024

End-of-Day report

Timeframe: Donnerstag 02-05-2024 18:00 - Freitag 03-05-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Microsoft rolls out passkey auth for personal Microsoft accounts

Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [..] Microsoft had already added passkey support to Windows for logging into websites and applications, but with the additional support for Microsoft accounts, consumers can now easily log in without entering a password.

https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-passkey-auth-for-personal-microsoft-accounts/


Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796, (Thu, May 2nd)

Before diving into the vulnerability, a bit about the affected devices. LB-Link, the make of the devices affected by this vulnerability, produces various wireless equipment that is sometimes sold under different brands and labels. This will make it difficult to identify affected devices. These devices are often low-cost "no name" solutions or, in some cases, may even be embedded, which makes it even more difficult to find firmware updates. [..] And yes, the vulnerability evolves around the "user=admin" cookie and a command injection in the password parameter. This is too stupid to waste any more time on, but it is common enough to just give up and call it a day.

https://isc.sans.edu/diary/rss/30890


Mal.Metrica Redirects Users to Scam Sites

One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It-s another lesson for web users to be careful what they click on, and to be wary of anything suspicious that pops up in their browser - even if it-s coming from a website that they would otherwise trust.

https://blog.sucuri.net/2024/05/mal-metrica-redirects-users-to-scam-sites.html


Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Since January 2022, multiple nation-state-aligned hacking groups have been observed using Microsoft Graph API for C&C. This includes threat actors tracked as APT28, REF2924, Red Stinger, Flea, APT29, and OilRig.

https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html


Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters

A Europol-led operation dubbed -Pandora- has shut down a dozen phone scam centers, and arrested 21 suspects. [..] Beginning in December 2023, German investigators deployed more than 100 officers to trace the scam calls back to the source - call centers run by crooks - and then monitored them. That effort resulted in the interception of more than 1.3 million "nefarious conversations." Baden-Württemberg State Criminal Police officers had to set up a call center of their own so that they could contact potential victims, warning more than 80 percent of them.

https://go.theregister.com/feed/www.theregister.com/2024/05/03/operation_pandora_europol/


These Dangerous Scammers Don-t Even Bother to Hide Their Crimes

-Yahoo Boy- cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more. [..] While the Yahoo Boys have been active for years, all the experts spoken to for this piece say they should be treated more seriously by social media companies and law enforcement.

https://www.wired.com/story/yahoo-boys-scammers-facebook-telegram-tiktok-youtube/


Adding insult to injury: crypto recovery scams

Once your crypto has been stolen, it is extremely difficult to get back - be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over.

https://www.welivesecurity.com/en/scams/crypto-recovery-scams-insult-injury/


CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome

In this guest blog from Master of Pwn winner Manfred Paul, he details CVE-2024-2887 - a type confusion bug that occurs in both Google Chrome and Microsoft Edge (Chromium). He used this bug as a part of his winning exploit that led to code execution in the renderer of both browsers. This bug was quickly patched by both Google and Microsoft. Manfred has graciously provided this detailed write-up of the vulnerability and how he exploited it at the contest.

https://www.thezdi.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome


CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software-impacting critical infrastructure sectors, including the Healthcare and Public Health Sector.

https://www.cisa.gov/news-events/alerts/2024/05/02/cisa-and-fbi-release-secure-design-alert-urge-manufacturers-eliminate-directory-traversal

Vulnerabilities

Security updates for Friday

Security updates have been issued by Fedora (chromium, grub2, httpd, kernel, libcoap, matrix-synapse, python-pip, and rust-pythonize), Red Hat (kernel and libxml2), SUSE (kernel), and Ubuntu (eglibc, glibc and php7.4, php8.1, php8.2).

https://lwn.net/Articles/972351/


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/