End-of-Day report
Timeframe: Donnerstag 02-05-2024 18:00 - Freitag 03-05-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Microsoft rolls out passkey auth for personal Microsoft accounts
Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [..] Microsoft had already added passkey support to Windows for logging into websites and applications, but with the additional support for Microsoft accounts, consumers can now easily log in without entering a password.
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-passkey-auth-for-personal-microsoft-accounts/
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796, (Thu, May 2nd)
Before diving into the vulnerability, a bit about the affected devices. LB-Link, the make of the devices affected by this vulnerability, produces various wireless equipment that is sometimes sold under different brands and labels. This will make it difficult to identify affected devices. These devices are often low-cost "no name" solutions or, in some cases, may even be embedded, which makes it even more difficult to find firmware updates. [..] And yes, the vulnerability evolves around the "user=admin" cookie and a command injection in the password parameter. This is too stupid to waste any more time on, but it is common enough to just give up and call it a day.
https://isc.sans.edu/diary/rss/30890
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It-s another lesson for web users to be careful what they click on, and to be wary of anything suspicious that pops up in their browser - even if it-s coming from a website that they would otherwise trust.
https://blog.sucuri.net/2024/05/mal-metrica-redirects-users-to-scam-sites.html
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Since January 2022, multiple nation-state-aligned hacking groups have been observed using Microsoft Graph API for C&C. This includes threat actors tracked as APT28, REF2924, Red Stinger, Flea, APT29, and OilRig.
https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html
Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters
A Europol-led operation dubbed -Pandora- has shut down a dozen phone scam centers, and arrested 21 suspects. [..] Beginning in December 2023, German investigators deployed more than 100 officers to trace the scam calls back to the source - call centers run by crooks - and then monitored them. That effort resulted in the interception of more than 1.3 million "nefarious conversations." Baden-Württemberg State Criminal Police officers had to set up a call center of their own so that they could contact potential victims, warning more than 80 percent of them.
https://go.theregister.com/feed/www.theregister.com/2024/05/03/operation_pandora_europol/
These Dangerous Scammers Don-t Even Bother to Hide Their Crimes
-Yahoo Boy- cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more. [..] While the Yahoo Boys have been active for years, all the experts spoken to for this piece say they should be treated more seriously by social media companies and law enforcement.
https://www.wired.com/story/yahoo-boys-scammers-facebook-telegram-tiktok-youtube/
Adding insult to injury: crypto recovery scams
Once your crypto has been stolen, it is extremely difficult to get back - be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over.
https://www.welivesecurity.com/en/scams/crypto-recovery-scams-insult-injury/
CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome
In this guest blog from Master of Pwn winner Manfred Paul, he details CVE-2024-2887 - a type confusion bug that occurs in both Google Chrome and Microsoft Edge (Chromium). He used this bug as a part of his winning exploit that led to code execution in the renderer of both browsers. This bug was quickly patched by both Google and Microsoft. Manfred has graciously provided this detailed write-up of the vulnerability and how he exploited it at the contest.
https://www.thezdi.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software-impacting critical infrastructure sectors, including the Healthcare and Public Health Sector.
https://www.cisa.gov/news-events/alerts/2024/05/02/cisa-and-fbi-release-secure-design-alert-urge-manufacturers-eliminate-directory-traversal
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (chromium, grub2, httpd, kernel, libcoap, matrix-synapse, python-pip, and rust-pythonize), Red Hat (kernel and libxml2), SUSE (kernel), and Ubuntu (eglibc, glibc and php7.4, php8.1, php8.2).
https://lwn.net/Articles/972351/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/