End-of-Day report
Timeframe: Mittwoch 08-05-2024 18:00 - Freitag 10-05-2024 18:00
Handler: Alexander Riepl
Co-Handler: Thomas Pribitzer
News
Datenschutzvorfall: Dell informiert über Abfluss von Kundendaten
Zu den abgeflossenen Informationen zählen laut Dell Namen, Adressdaten sowie weitere Daten über Bestellungen und darin enthaltene Dell-Hardware.
https://www.golem.de/news/datenschutzvorfall-dell-informiert-ueber-abfluss-von-kundendaten-2405-184976.html
APT trends report Q1 2024
The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.
https://securelist.com/apt-trends-report-q1-2024/112473/
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery
Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet.
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
GhostStripe attack haunts self-driving cars by making them ignore road signs
Six boffins mostly hailing from Singapore-based universities have proven it's possible to attack autonomous vehicles by exploiting the system's reliance on camera-based computer vision and cause it to not recognize road signs.
https://go.theregister.com/feed/www.theregister.com/2024/05/10/baidu_apollo_hack/
Back to the Hype: An Update on How Cybercriminals Are Using GenAI
Generative AI continues to be misused and abused by malicious individuals. In this article, we dive into new criminal LLMs, criminal services with ChatGPT-like capabilities, and deepfakes being offered on criminal sites.
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai
Zscaler Investigates Hacking Claims After Data Offered for Sale
Zscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.
https://www.securityweek.com/zscaler-investigates-hacking-claims-after-data-offered-for-sale/
With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge
The nation-s top cybersecurity agency said 68 of the world-s leading software manufacturers have signed on to a voluntary pledge to design products that have security built in from the beginning.
https://therecord.media/secure-by-design-companies-cisa-rsa
In interview, LockbitSupp says authorities outed the wrong guy
The leader of the LockBit ransomware gang, who goes by the name LockbItSupp, told Click Here in an interview that international law enforcement has made a mistake.
https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit
Krypto-Betrüger: Sechs Österreicher festgenommen
Weil sie einen Online-Handel mit angeblich neuer Kryptowährung aufgezogen und damit Investoren abgezockt haben, wurden nun sechs Österreicher verhaftet.
https://heise.de/-9714300
Vulnerabilities
Security updates for Thursday
Security updates have been issued by AlmaLinux (ansible-core, avahi, bind, buildah, containernetworking-plugins, edk2, fence-agents, file, freeglut, freerdp, frr, git-lfs, gnutls, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, libjpeg-turbo, libnbd, LibRaw, libreswan, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, [...]
https://lwn.net/Articles/973071/
Security updates for Friday
Security updates have been issued by AlmaLinux (container-tools:4.0, container-tools:rhel8, git-lfs, glibc, libxml2, nodejs:18, and nodejs:20), Debian (dav1d and libpgjava), Fedora (kernel and pypy), Red Hat (glibc and nodejs:16), SUSE (ffmpeg, ffmpeg-4, ghostscript, go1.21, go1.22, less, python-python-jose, python-Werkzeug, and sssd), and Ubuntu (fossil, glib2.0, and libspreadsheet-parsexlsx-perl).
https://lwn.net/Articles/973206/
Admins müssen selbst handeln: PuTTY-Sicherheitslücke bedroht Citrix Hypervisor
Um XenCenter für Citrix Hypervisor abzusichern, müssen Admins händisch ein Sicherheitsupdate für das SSH-Tool PuTTY installieren.
https://heise.de/-9713898
Google Chrome: Exploit für Zero-Day-Lücke gesichtet
In Googles Webbrowser Chrome klafft eine Sicherheitslücke, für die ein Exploit existiert. Google reagiert mit einem Notfall-Update.
https://heise.de/-9714519
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
2024-05 Reference Advisory: Junos OS and Junos OS Evolved: Multiple CVEs reported in OpenSSH
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH