End-of-Day report
Timeframe: Dienstag 22-10-2024 18:00 - Mittwoch 23-10-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Alexander Riepl
News
Exploit released for new Windows Server "WinReg" NTLM Relay attack
Proof-of-concept exploit code is now public for a vulnerability in
Microsofts Remote Registry client that could be used to take control of
a Windows domain by downgrading the security of the authentication
process.
https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/
Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland
On the first day of Pwn2Own Ireland, participants demonstrated 52
zero-day vulnerabilities across a range of devices, earning a total of
$486,250 in cash prizes.
https://www.bleepingcomputer.com/news/security/hackers-exploit-52-zero-days-on-the-first-day-of-pwn2own-ireland/
Fortinet warns of new critical FortiManager flaw used in zero-day
attacks
Fortinet publicly disclosed today a critical FortiManager API
vulnerability, tracked as CVE-2024-47575, that was exploited in
zero-day attacks to steal sensitive files containing configurations, IP
addresses, and credentials for managed devices.
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
Android und iOS: Fest codierte Cloud-Zugangsdaten in populären Apps
entdeckt
Betroffen sind mehrere Apps mit teils Millionen von Downloads. Den
Entdeckern zufolge gefährdet dies nicht nur Backend-Dienste, sondern
auch Nutzerdaten.
https://www.golem.de/news/android-und-ios-fest-codierte-cloud-zugangsdaten-in-populaeren-apps-entdeckt-2410-190106.html
Grandoreiro, the global trojan with grandiose ambitions
In this report, Kaspersky experts analyze recent Grandoreiro campaigns,
new targets, tricks, and banking trojan versions.
https://securelist.com/grandoreiro-banking-trojan/114257/
The Crypto Game of Lazarus APT: Investors vs. Zero-days
Kaspersky GReAT experts break down the new campaign of Lazarus APT
which uses social engineering and exploits a zero-day vulnerability in
Google Chrome for financial gain.
https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
CISA Warns of Active Exploitation of Microsoft SharePoint
Vulnerability (CVE-2024-38094)
A high-severity flaw impacting Microsoft SharePoint has been added to
the Known Exploited Vulnerabilities (KEV) catalog by the U.S.
Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday,
citing evidence of active ..
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html
Achtung Fake-Shop: sparhimmel24.de
sparhimmel24.de ist ein betrügerischer Online-Shop, der Sie mit
vermeintlichen Schnäppchen in die Falle lockt. Bestellungen werden
trotz Bezahlung nicht geliefert. Wir zeigen Ihnen wie Sie Fake-Shops
erkennen und sich vor Betrug schützen können.
https://www.watchlist-internet.at/news/achtung-fake-shop-sparhimmel24de
Deceptive Delight: Jailbreak LLMs Through Camouflage and
Distraction
We examine an LLM jailbreaking technique called "Deceptive Delight," a
technique that mixes harmful topics with benign ones to trick AIs, with
a high success rate.The post Deceptive Delight: Jailbreak LLMs Through
Camouflage and Distraction appeared first on Unit 42.
https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/
Burning Zero Days: FortiJump FortiManager vulnerability used by
nation state in espionage via MSPs
Did you know there-s widespread exploitation of FortiNet products going
on using a zero day, and that there-s no CVE? Now you do.
https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been
distributed via regularly conducted malspam and malvertising campaigns.
https://blog.talosintelligence.com/warmcookie-analysis/
Sicherheitslücke in Samsung-Android-Treiber wird angegriffen
Treiber für Samsungs Mobilprozessoren ermöglichen Angreifern das
Ausweiten ihrer Rechte. Google warnt vor laufenden Angriffen darauf.
https://heise.de/-9991521
Public Report: WhatsApp Contacts Security Assessment
In May 2024, Meta engaged NCC Group-s Cryptography Services practice to
perform a cryptography security assessment of selected aspects of the
WhatsApp Identity Proof Linked Storage (IPLS) protocol implementation.
IPLS underpins the WhatsApp Contacts solution, which aims to store ..
https://www.nccgroup.com/us/research-blog/public-report-whatsapp-contacts-security-assessment/
Vulnerabilities
SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber
Devices
InterMesh Subscriber devices contain multiple vulnerabilities that
could allow an unauthenticated remote attacker to execute arbitrary
code with root privileges. CVSS v4.0 Base Score: 10.0, CVE-2024-47901
https://cert-portal.siemens.com/productcert/html/ssa-333468.html?ste_sid=2330958ec0c3ccf337b577f5ee658f6c
Security updates for Wednesday
Security updates have been issued by Debian (dmitry, libheif, and
python-sql), Fedora (suricata and wireshark), SUSE (cargo-c,
libeverest, protobuf, and qemu), and Ubuntu (golang-1.22, libheif,
unbound, and webkit2gtk).
https://lwn.net/Articles/995293/
2024-10-21: Cyber Security Advisory - ABB Relion 611, 615, 620, 630
series, REX610, REX640, SMU615, SSC600, Arctic solution, COM600, SPA
ZC-400, SUE3000 Guidelines to Prevent Unauthorized Modifications of
Firmware and Configuration
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch
Authenticated Remote Code Execution in multiple Xerox printers
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/