End-of-Day report
Timeframe: Dienstag 24-09-2024 18:00 - Mittwoch 25-09-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
ChatGPT macOS Flaw Couldve Enabled Long-Term Spyware via Memory Function
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions," security researcher Johann Rehberger said.
https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html
Schon wieder: Offizielles Twitter-Konto OpenAIs von Krypto-Betrügern übernommen
Der offizielle Twitter-Account der Pressestelle von ChatGPT-Anbieter OpenAI wurde von Betrügern übernommen und genutzt, um eine Fake-Kryptowährung zu promoten.
https://heise.de/-9953073
AI-Generated Malware Found in the Wild
HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper.
https://www.securityweek.com/ai-generated-malware-found-in-the-wild/
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more.
https://unit42.paloaltonetworks.com/phishing-platform-sniper-dz-unique-tactics/
LummaC2: Obfuscation Through Indirect Control Flow
This blog post delves into the analysis of a control flow obfuscation technique employed by recent LummaC2 (LUMMAC.V2) stealer samples. In addition to the traditional control flow flattening technique used in older versions, the malware now leverages customized control flow indirection to manipulate the execution of the malware.
https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
Modified LockBit and Conti ransomware shows up in DragonForce gang-s attacks
The manufacturing, real estate and transportation industries are recent targets of the cybercrime operation known as DragonForce. Researchers say its serving up versions of LockBit and Conti to affiliates.
https://therecord.media/lockbit-conti-dragonforce-ransomware-cybercrime
Shedding Light on Election Deepfakes
Contrary to popular belief, deepfakes - AI-crafted audio files, images, or videos that depict events and statements that never occurred; a portmanteau of -deep learning- and -fake- - are not all intrinsically malicious. [..] Let-s take a look at the state of deepfakes during the 2020 elections, how it-s currently making waves in the 2024 election cycle, and how voters can tell truth from digital deception.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/shedding-light-on-election-deepfakes/
Vulnerabilities
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM - WooCommerce Frontend Manager WordPress Plugin
This vulnerability makes it possible for an authenticated attacker to change the email of any user, including an administrator, which allows them to reset the password and take over the account and website. [..] After providing full disclosure details, the developer released a patch on September 23, 2024. [..] CVE ID: CVE-2024-8290
https://www.wordfence.com/blog/2024/09/20000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-wcfm-woocommerce-frontend-manager-wordpress-plugin/
Security updates for Wednesday
Security updates have been issued by Debian (booth), Gentoo (Xpdf), Oracle (go-toolset:ol8, golang, grafana, grafana-pcp, kernel, libnbd, openssl, pcp, and ruby:3.3), Red Hat (container-tools:rhel8, go-toolset:rhel8, golang, kernel, and kernel-rt), SUSE (apr, cargo-audit, chromium, obs-service-cargo, python311, python36, quagga, traefik, and xen), and Ubuntu (intel-microcode, linux-azure-fde-5.15, and puma).
https://lwn.net/Articles/991701/
WatchGuard SSO and Moodle
rt-sa-2024-008: WatchGuard SSO Client Denial-of-Service,
rt-sa-2024-007: WatchGuard SSO Agent Telnet Authentication Bypass,
rt-sa-2024-006: WatchGuard SSO Protocol is Unencrypted and Unauthenticated,
rt-sa-2024-009: Moodle: Remote Code Execution via Calculated Questions
https://www.redteam-pentesting.de/en/advisories/
Teamviewer: Hochriskante Lücken ermöglichen Rechteausweitung
In den Teamviewer-Remote-Clients können Angreifer eine unzureichende kryptografische Prüfung von Treiberinstallationen missbrauchen, um ihre Rechte auszuweiten und Treiber zu installieren (CVE-2024-7479, CVE-2024-7481; beide CVSS 8.8, Risiko "hoch"). [..] Die seit Dienstag dieser Woche verfügbare Version 15.58.4 oder neuere schließen diese Sicherheitslücken.
https://heise.de/-9953034
XenServer and Citrix Hypervisor Security Update for CVE-2024-45817
https://support.citrix.com/s/article/CTX691646-xenserver-and-citrix-hypervisor-security-update-for-cve202445817?language=en_US
Schwachstelle in BlackBerry CylanceOPTICS Windows Installer Package
https://sec-consult.com/de/vulnerability-lab/advisory/schwachstelle-in-blackberry-cylanceoptics-windows-installer-package/