Tageszusammenfassung - 10.05.2024

End-of-Day report

Timeframe: Mittwoch 08-05-2024 18:00 - Freitag 10-05-2024 18:00 Handler: Alexander Riepl Co-Handler: Thomas Pribitzer

News

Datenschutzvorfall: Dell informiert über Abfluss von Kundendaten

Zu den abgeflossenen Informationen zählen laut Dell Namen, Adressdaten sowie weitere Daten über Bestellungen und darin enthaltene Dell-Hardware.

https://www.golem.de/news/datenschutzvorfall-dell-informiert-ueber-abfluss-von-kundendaten-2405-184976.html


APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

https://securelist.com/apt-trends-report-q1-2024/112473/


Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet.

https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html


GhostStripe attack haunts self-driving cars by making them ignore road signs

Six boffins mostly hailing from Singapore-based universities have proven it's possible to attack autonomous vehicles by exploiting the system's reliance on camera-based computer vision and cause it to not recognize road signs.

https://go.theregister.com/feed/www.theregister.com/2024/05/10/baidu_apollo_hack/


Back to the Hype: An Update on How Cybercriminals Are Using GenAI

Generative AI continues to be misused and abused by malicious individuals. In this article, we dive into new criminal LLMs, criminal services with ChatGPT-like capabilities, and deepfakes being offered on criminal sites.

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai


Zscaler Investigates Hacking Claims After Data Offered for Sale

Zscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.

https://www.securityweek.com/zscaler-investigates-hacking-claims-after-data-offered-for-sale/


With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge

The nation-s top cybersecurity agency said 68 of the world-s leading software manufacturers have signed on to a voluntary pledge to design products that have security built in from the beginning.

https://therecord.media/secure-by-design-companies-cisa-rsa


In interview, LockbitSupp says authorities outed the wrong guy

The leader of the LockBit ransomware gang, who goes by the name LockbItSupp, told Click Here in an interview that international law enforcement has made a mistake.

https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit


Krypto-Betrüger: Sechs Österreicher festgenommen

Weil sie einen Online-Handel mit angeblich neuer Kryptowährung aufgezogen und damit Investoren abgezockt haben, wurden nun sechs Österreicher verhaftet.

https://heise.de/-9714300

Vulnerabilities

Security updates for Thursday

Security updates have been issued by AlmaLinux (ansible-core, avahi, bind, buildah, containernetworking-plugins, edk2, fence-agents, file, freeglut, freerdp, frr, git-lfs, gnutls, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, libjpeg-turbo, libnbd, LibRaw, libreswan, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, [...]

https://lwn.net/Articles/973071/


Security updates for Friday

Security updates have been issued by AlmaLinux (container-tools:4.0, container-tools:rhel8, git-lfs, glibc, libxml2, nodejs:18, and nodejs:20), Debian (dav1d and libpgjava), Fedora (kernel and pypy), Red Hat (glibc and nodejs:16), SUSE (ffmpeg, ffmpeg-4, ghostscript, go1.21, go1.22, less, python-python-jose, python-Werkzeug, and sssd), and Ubuntu (fossil, glib2.0, and libspreadsheet-parsexlsx-perl).

https://lwn.net/Articles/973206/


Admins müssen selbst handeln: PuTTY-Sicherheitslücke bedroht Citrix Hypervisor

Um XenCenter für Citrix Hypervisor abzusichern, müssen Admins händisch ein Sicherheitsupdate für das SSH-Tool PuTTY installieren.

https://heise.de/-9713898


Google Chrome: Exploit für Zero-Day-Lücke gesichtet

In Googles Webbrowser Chrome klafft eine Sicherheitslücke, für die ein Exploit existiert. Google reagiert mit einem Notfall-Update.

https://heise.de/-9714519


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


2024-05 Reference Advisory: Junos OS and Junos OS Evolved: Multiple CVEs reported in OpenSSH

https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH