End-of-Day report
Timeframe: Montag 13-05-2024 18:00 - Dienstag 14-05-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular requests library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate ..
https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/
Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with ..
https://www.bleepingcomputer.com/news/security/apple-and-google-add-alerts-for-unknown-bluetooth-trackers-to-ios-android/
Incident response analyst report 2023
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
https://securelist.com/kaspersky-incident-response-report-2023/112504/
Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated., (Tue, May 14th)
Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS.
https://isc.sans.edu/diary/rss/30916
Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.
https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.The most severe of the vulnerabilities are listed below -CVE-2024-25641 (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that
https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html
Log4J shows no sign of fading, spotted in 30% of CVE exploits
Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks, according to a Cato Networks survey. Enterprises are too trusting within their networks The Cato CTRL SASE Threat Report Q1 2024 provides insight into the security threats and their ..
https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/
Google Patches Second Chrome Zero-Day in One Week
Google has announced patches for another Chrome vulnerability that has been exploited in attacks. This is the second zero-day addressed by the company in one week and the third flaw leveraged in malicious attacks in 2024. The new zero-day, tracked as CVE-2024-4761, has been described as a high-severity out-of-bounds write issue ..
https://www.securityweek.com/google-patches-second-chrome-zero-day-in-one-week/
Falsche Gewinnbenachrichtigungen in echten Gewinnspielen
An einem Facebook-Gewinnspiel teilgenommen? Vorsicht, Kriminelle nutzen echte Gewinnspiele für Betrugsmaschen. Mit Fake-Profilen kommentieren sie die Kommentare der Teilnehmer:innen und behaupten, sie hätten gewonnen. Mit einem Link locken sie auf eine betrügerische Webseite. Wir zeigen Ihnen, wie Sie sicher an Gewinnspielen teilnehmen!
https://www.watchlist-internet.at/news/falsche-gewinnbenachrichtigungen-in-echten-gewinnspielen/
Foxit PDF Reader -Flawed Design- : Hidden Dangers Lurking in Common Tools
Heightened vulnerability: Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit PDF Reader. This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands, exploiting human psychology to manipulate users into accidentally providing ..
https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/
Guidance for organisations considering payment in ransomware incidents
Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.
https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT CampaignThe post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/
Vulnerabilities
TYPO3-CORE-SA-2024-010: Uncontrolled Resource Consumption in ShowImageController
https://typo3.org/security/advisory/typo3-core-sa-2024-010
TYPO3-CORE-SA-2024-009: Cross-Site Scripting in ShowImageController
https://typo3.org/security/advisory/typo3-core-sa-2024-009
TYPO3-CORE-SA-2024-008: Cross-Site Scripting in Form Manager Module
https://typo3.org/security/advisory/typo3-core-sa-2024-008
Security updates for Tuesday
https://lwn.net/Articles/973667/
Security Vulnerabilities fixed in Firefox ESR 115.11
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/
Security Vulnerabilities fixed in Firefox 126
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/