Tageszusammenfassung - 13.08.2024

End-of-Day report

Timeframe: Montag 12-08-2024 18:00 - Dienstag 13-08-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

https://securelist.com/apt-trends-report-q2-2024/113275/


AMD won-t patch Sinkclose security bug on older Zen CPUs

Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly underhand malware and rogue insiders, though the chip designer is only patching models made since 2020.

https://go.theregister.com/feed/www.theregister.com/2024/08/13/amd_sinkclose_patches/


Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls

Because apps talking like pirates and creating ASCII art never gets old Despite worries about criminals using prompt injection to trick large language models (LLMs) into leaking sensitive data or performing other destructive actions, most of these types of AI shenanigans come from job seekers trying to get their resumes past automated HR screeners - and people protesting generative AI for various reasons, according to Russian security biz Kaspersky.

https://go.theregister.com/feed/www.theregister.com/2024/08/13/who_uses_llm_prompt_injection/


CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz

On August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerability, which has been assigned a CVSS score of 9.8, allows threat actors to perform pre-authentication remote code execution (RCE). While testing a patch for CVE-2024-36104, SonicWall researchers discovered that unauthenticated access was permitted to the ProgramExport endpoint, potentially enabling the execution of arbitrary code.

https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz


Post-Quantum Cryptography Standards Officially Announced by NIST - a History and Explanation

NIST has formally published three post-quantum cryptography standards from the competition it held to develop cryptography able to withstand the anticipated quantum computing decryption of current asymmetric encryption.

https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/


Falsche Mitteilung im Namen des Bundeskanzleramtes über Entschädigungszahlungen

Kriminelle versenden im Namen des Bundeskanzleramtes gefälschte E-Mails über eine Entschädigungszahlung für die Wasser- und Energierechnung. Im E-Mail steht, dass Sie - 102,49 erhalten. Für den Erhalt der Summe, müssen Sie aber auf einen Link klicken.

https://www.watchlist-internet.at/news/falsche-mitteilung-im-namen-des-bundeskanzleramtes-ueber-entschaedigungszahlungen/


Harnessing LLMs for Automating BOLA Detection

Learn about BOLABuster, an LLM-driven tool automating BOLA vulnerability detection in web applications. Issues have already been identified in multiple projects.

https://unit42.paloaltonetworks.com/automated-bola-detection-and-ai/


Strafverfolgern gelingt Schlag gegen Radar/Dispossessor Ransomwaregruppe

Es ist der nächste Schlag gegen Cyberkriminelle. Strafverfolger aus den USA (FBI), Großbritannien und Deutschland ist es gelungen, die Infrastruktur der Ransomwaregruppe Radar/Dispossessor zu zerschlagen.

https://www.borncity.com/blog/2024/08/13/strafverfolgern-gelingt-schlag-gegen-radar-dispossessor-ransomwaregruppe/


Hackers Leak 1.4 Billion Tencent User Accounts Online

Massive data leak exposes 1.4 billion Tencent user accounts. Leaked data includes emails, phone numbers, and QQ IDs potentially linked to the -Mother of All Breaches- (MOAB).

https://hackread.com/hackers-leak-1-4-billion-tencent-user-accounts-online/


CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations

This report delves into the intricacies of the CryptoCore group-s scam and analyses their modus operandi. We will describe key exploited events, including hijacked YouTube accounts and deepfake videos, alongside a technical analysis of the fraudulent sites. One purpose of this study is to present a fundamental analysis - and key statistics - of fraudulent wallets that have received profits in the millions of dollars, as well as provide statistical data on detections, showing how victims are lured into suspicious websites and ultimately end up crypto scam victims.

https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/


Ivanti warns of critical vTM auth bypass with public exploit

Tracked as CVE-2024-7593, this auth bypass vulnerability is due to an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels.

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/

Vulnerabilities

Ivanti: August Security Update

Today, fixes have been released for the following solutions: Ivanti Neurons for ITSM, Ivanti Avalanche and Ivanti Virtual Traffic Manager (vTM).

https://www.ivanti.com/blog/august-security-update


Security updates for Tuesday

Security updates have been issued by Debian (kernel and roundcube), Fedora (microcode_ctl, pypy, python2.7, and python3.6), Oracle (389-ds-base, httpd, kernel, kernel-container, and linux-firmware), Red Hat (kernel-rt), SUSE (firefox, kubernetes1.23, libqt5-qtbase, openssl-1_1, python-gunicorn, python-Twisted, python-urllib3, and qt6-base), and Ubuntu (linux-aws-5.15, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.8, linux-oracle-5.15, and qemu).

https://lwn.net/Articles/985481/


SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

SAP has released 25 security notes on August 2024 Security Patch Day, including for critical vulnerabilities in BusinessObjects and Build Apps.

https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-businessobjects-build-apps/


CISA Releases Ten Industrial Control Systems Advisories

AVEVA SuiteLink Server, Rockwell Automation, Ocean Data Systems

https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-releases-ten-industrial-control-systems-advisories


Splunk: SVD-2024-0801: Third-Party Package Updates in Python for Scientific Computing - August 2024

https://advisory.splunk.com//advisories/SVD-2024-0801


Lenovo: NVIDIA GPU Display Driver - July 2024

http://support.lenovo.com/product_security/PS500637-NVIDIA-GPU-DISPLAY-DRIVER-JULY-2024


Lenovo: LDCC and LADM Privilege Escalation Vulnerabilities

http://support.lenovo.com/product_security/PS500636-LDCC-AND-LADM-PRIVILEGE-ESCALATION-VULNERABILITIES


0patch: The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It

https://blog.0patch.com/2024/01/the-eventlogcrasher-0day-for-remotely.html


tenable: [R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.2.1, 6.3.0 and 6.4.0: SC-202408.1

https://www.tenable.com/security/tns-2024-13