Tageszusammenfassung - 19.09.2024

End-of-Day report

Timeframe: Mittwoch 18-09-2024 18:00 - Donnerstag 19-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Clever GitHub Scanner campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. [..] The domain, github-scanner[.]com is not affiliated with GitHub and is being used to deliver malware to visitors.

https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/

Sicherheitsexperte: Müssen uns nicht vor explodierenden Handys fürchten

Nach Explosionswellen im Libanon sorgen sich manche nun um die eigenen Smartphones. Cyberexperte Joe Pichelmayr sieht da aber wenig Gefahr.

https://futurezone.at/digital-life/sicherheitsexperte-handys-smartphone-explodierende-pager-libanon-hacker-supply-chain/402949928

Google Cloud Document AI flaw (still) allows data theft despite bounty payout

Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information. [..] A Google spokesperson has told us in response to the above: [..] We developed a fix and are actively working to roll it out.

https://go.theregister.com/feed/www.theregister.com/2024/09/17/google_cloud_document_ai_flaw/

Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware

In this blog, we-ll examine the mechanics of AsyncRAT, how it spreads by masquerading as cracked software, and the steps you can take to protect yourself from this increasingly common cyber threat.

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cracked-software-or-cyber-trap-the-rising-danger-of-asyncrat-malware/

Solar Cybersecurity And The Nuances Of Renewable Energy Integration

The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems.

https://www.tripwire.com/state-of-security/solar-cybersecurity-and-nuances-renewable-energy-integration

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers.

https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/

Betrugsfall mit tegut teo-App und fiktiver Mitarbeiternummer

Im Prozess sagte der Angeklagte: "Ich war zu der Zeit arbeitslos. Für die Märkte gibt es eine App und da konnte man bei Bezahlungsmitteln die Mitarbeiternummer als Karte hinterlegen. Ich habe es einfach mit einer zufälligen Zahl probiert, und es hat direkt geklappt.

https://www.borncity.com/blog/2024/09/19/betrugsfall-mit-tegut-teo-app-und-fiktiver-mitarbeiternummer/

Aktuelle Phishing-Masche: Terminwunsch für Telefonat mit angeblicher Sparkasse

Die Verbraucherzentrale NRW warnt vor einer aktuellen Phishing-Masche. Angeblich will die Sparkasse einen Termin für ein Telefonat.

https://heise.de/-9909574

Discord startet Ende-zu-Ende-Verschlüsselung für Audio- und Video-Chats

Um die Privatsphäre zu wahren, verschlüsselt der Onlinedienst Discord ab sofort bestimmte Formen des Nachrichtenaustauschs Ende-zu-Ende.

https://heise.de/-9909594

Vulnerabilities

VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server

CVE-2024-7490 There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution.

https://kb.cert.org/vuls/id/138043

Security updates for Thursday

Security updates have been issued by Debian (expat and tinyproxy), Fedora (frr, microcode_ctl, python3.10, python3.12, python3.6, and ruby), Oracle (expat, fence-agents, firefox, ghostscript, java-1.8.0-openjdk, kernel, and thunderbird), Red Hat (firefox, openssl, ruby:3.3, and thunderbird), SUSE (clamav, ffmpeg-4, kernel, libmfx, python3, python312, runc, ucode-intel, and wireshark), and Ubuntu (apache2, git, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle).

https://lwn.net/Articles/990877/

GitLab Patches Critical Authentication Bypass Vulnerability

GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. [..] The issue, tracked as CVE-2024-45409 (CVSS score of 10/10), only affects GitLab CE/EE instances that have been configured to use SAML-based authentication.

https://www.securityweek.com/gitlab-patches-critical-authentication-bypass-vulnerability/

DSA-5772-1 libreoffice - security update

https://lists.debian.org/debian-security-announce/2024/msg00185.html

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024)

https://www.wordfence.com/blog/2024/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-9-2024-to-september-15-2024/