End-of-Day report
Timeframe: Montag 12-08-2024 18:00 - Dienstag 13-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
APT trends report Q2 2024
The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.
https://securelist.com/apt-trends-report-q2-2024/113275/
AMD won-t patch Sinkclose security bug on older Zen CPUs
Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly underhand malware and rogue insiders, though the chip designer is only patching models made since 2020.
https://go.theregister.com/feed/www.theregister.com/2024/08/13/amd_sinkclose_patches/
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
Because apps talking like pirates and creating ASCII art never gets old Despite worries about criminals using prompt injection to trick large language models (LLMs) into leaking sensitive data or performing other destructive actions, most of these types of AI shenanigans come from job seekers trying to get their resumes past automated HR screeners - and people protesting generative AI for various reasons, according to Russian security biz Kaspersky.
https://go.theregister.com/feed/www.theregister.com/2024/08/13/who_uses_llm_prompt_injection/
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
On August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerability, which has been assigned a CVSS score of 9.8, allows threat actors to perform pre-authentication remote code execution (RCE). While testing a patch for CVE-2024-36104, SonicWall researchers discovered that unauthenticated access was permitted to the ProgramExport endpoint, potentially enabling the execution of arbitrary code.
https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz
Post-Quantum Cryptography Standards Officially Announced by NIST - a History and Explanation
NIST has formally published three post-quantum cryptography standards from the competition it held to develop cryptography able to withstand the anticipated quantum computing decryption of current asymmetric encryption.
https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/
Falsche Mitteilung im Namen des Bundeskanzleramtes über Entschädigungszahlungen
Kriminelle versenden im Namen des Bundeskanzleramtes gefälschte E-Mails über eine Entschädigungszahlung für die Wasser- und Energierechnung. Im E-Mail steht, dass Sie - 102,49 erhalten. Für den Erhalt der Summe, müssen Sie aber auf einen Link klicken.
https://www.watchlist-internet.at/news/falsche-mitteilung-im-namen-des-bundeskanzleramtes-ueber-entschaedigungszahlungen/
Harnessing LLMs for Automating BOLA Detection
Learn about BOLABuster, an LLM-driven tool automating BOLA vulnerability detection in web applications. Issues have already been identified in multiple projects.
https://unit42.paloaltonetworks.com/automated-bola-detection-and-ai/
Strafverfolgern gelingt Schlag gegen Radar/Dispossessor Ransomwaregruppe
Es ist der nächste Schlag gegen Cyberkriminelle. Strafverfolger aus den USA (FBI), Großbritannien und Deutschland ist es gelungen, die Infrastruktur der Ransomwaregruppe Radar/Dispossessor zu zerschlagen.
https://www.borncity.com/blog/2024/08/13/strafverfolgern-gelingt-schlag-gegen-radar-dispossessor-ransomwaregruppe/
Hackers Leak 1.4 Billion Tencent User Accounts Online
Massive data leak exposes 1.4 billion Tencent user accounts. Leaked data includes emails, phone numbers, and QQ IDs potentially linked to the -Mother of All Breaches- (MOAB).
https://hackread.com/hackers-leak-1-4-billion-tencent-user-accounts-online/
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
This report delves into the intricacies of the CryptoCore group-s scam and analyses their modus operandi. We will describe key exploited events, including hijacked YouTube accounts and deepfake videos, alongside a technical analysis of the fraudulent sites. One purpose of this study is to present a fundamental analysis - and key statistics - of fraudulent wallets that have received profits in the millions of dollars, as well as provide statistical data on detections, showing how victims are lured into suspicious websites and ultimately end up crypto scam victims.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/
Ivanti warns of critical vTM auth bypass with public exploit
Tracked as CVE-2024-7593, this auth bypass vulnerability is due to an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels.
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/
Vulnerabilities
Ivanti: August Security Update
Today, fixes have been released for the following solutions: Ivanti Neurons for ITSM, Ivanti Avalanche and Ivanti Virtual Traffic Manager (vTM).
https://www.ivanti.com/blog/august-security-update
Security updates for Tuesday
Security updates have been issued by Debian (kernel and roundcube), Fedora (microcode_ctl, pypy, python2.7, and python3.6), Oracle (389-ds-base, httpd, kernel, kernel-container, and linux-firmware), Red Hat (kernel-rt), SUSE (firefox, kubernetes1.23, libqt5-qtbase, openssl-1_1, python-gunicorn, python-Twisted, python-urllib3, and qt6-base), and Ubuntu (linux-aws-5.15, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.8, linux-oracle-5.15, and qemu).
https://lwn.net/Articles/985481/
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps
SAP has released 25 security notes on August 2024 Security Patch Day, including for critical vulnerabilities in BusinessObjects and Build Apps.
https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-businessobjects-build-apps/
CISA Releases Ten Industrial Control Systems Advisories
AVEVA SuiteLink Server, Rockwell Automation, Ocean Data Systems
https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-releases-ten-industrial-control-systems-advisories
Splunk: SVD-2024-0801: Third-Party Package Updates in Python for Scientific Computing - August 2024
https://advisory.splunk.com//advisories/SVD-2024-0801
Lenovo: NVIDIA GPU Display Driver - July 2024
http://support.lenovo.com/product_security/PS500637-NVIDIA-GPU-DISPLAY-DRIVER-JULY-2024
Lenovo: LDCC and LADM Privilege Escalation Vulnerabilities
http://support.lenovo.com/product_security/PS500636-LDCC-AND-LADM-PRIVILEGE-ESCALATION-VULNERABILITIES
0patch: The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
https://blog.0patch.com/2024/01/the-eventlogcrasher-0day-for-remotely.html
tenable: [R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.2.1, 6.3.0 and 6.4.0: SC-202408.1
https://www.tenable.com/security/tns-2024-13