Tageszusammenfassung - 14.05.2024

End-of-Day report

Timeframe: Montag 13-05-2024 18:00 - Dienstag 14-05-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

PyPi package backdoors Macs using the Sliver pen-testing suite

A new package mimicked the popular requests library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate ..

https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/


Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android

On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with ..

https://www.bleepingcomputer.com/news/security/apple-and-google-add-alerts-for-unknown-bluetooth-trackers-to-ios-android/


Incident response analyst report 2023

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.

https://securelist.com/kaspersky-incident-response-report-2023/112504/


Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated., (Tue, May 14th)

Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS.

https://isc.sans.edu/diary/rss/30916


Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.

https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html


Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.The most severe of the vulnerabilities are listed below -CVE-2024-25641 (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that

https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html


Log4J shows no sign of fading, spotted in 30% of CVE exploits

Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks, according to a Cato Networks survey. Enterprises are too trusting within their networks The Cato CTRL SASE Threat Report Q1 2024 provides insight into the security threats and their ..

https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/


Google Patches Second Chrome Zero-Day in One Week

Google has announced patches for another Chrome vulnerability that has been exploited in attacks. This is the second zero-day addressed by the company in one week and the third flaw leveraged in malicious attacks in 2024. The new zero-day, tracked as CVE-2024-4761, has been described as a high-severity out-of-bounds write issue ..

https://www.securityweek.com/google-patches-second-chrome-zero-day-in-one-week/


Falsche Gewinnbenachrichtigungen in echten Gewinnspielen

An einem Facebook-Gewinnspiel teilgenommen? Vorsicht, Kriminelle nutzen echte Gewinnspiele für Betrugsmaschen. Mit Fake-Profilen kommentieren sie die Kommentare der Teilnehmer:innen und behaupten, sie hätten gewonnen. Mit einem Link locken sie auf eine betrügerische Webseite. Wir zeigen Ihnen, wie Sie sicher an Gewinnspielen teilnehmen!

https://www.watchlist-internet.at/news/falsche-gewinnbenachrichtigungen-in-echten-gewinnspielen/


Foxit PDF Reader -Flawed Design- : Hidden Dangers Lurking in Common Tools

Heightened vulnerability: Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit PDF Reader. This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands, exploiting human psychology to manipulate users into accidentally providing ..

https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/


Guidance for organisations considering payment in ransomware incidents

Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.

https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents


Avast Q1/2024 Threat Report

Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT CampaignThe post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.

https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/


Vulnerabilities

TYPO3-CORE-SA-2024-010: Uncontrolled Resource Consumption in ShowImageController

https://typo3.org/security/advisory/typo3-core-sa-2024-010


TYPO3-CORE-SA-2024-009: Cross-Site Scripting in ShowImageController

https://typo3.org/security/advisory/typo3-core-sa-2024-009


TYPO3-CORE-SA-2024-008: Cross-Site Scripting in Form Manager Module

https://typo3.org/security/advisory/typo3-core-sa-2024-008


Security updates for Tuesday

https://lwn.net/Articles/973667/


Security Vulnerabilities fixed in Firefox ESR 115.11

https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/


Security Vulnerabilities fixed in Firefox 126

https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/