Tageszusammenfassung - 30.04.2024

End-of-Day report

Timeframe: Montag 29-04-2024 18:00 - Dienstag 30-04-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Gefälschte SMS im Namen von Bundeskanzleramt

Vorsicht: Kriminelle geben sich als Bundeskanzleramt Österreich aus. In der SMS wird behauptet, dass eine Nachricht auf Sie wartet. Klicken Sie auf keinen Fall auf den Link, Sie werden auf eine gefälschte Webseite weitergeleitet.

https://www.watchlist-internet.at/news/gefaelschte-sms-im-namen-von-bundeskanzleramt/

FBI warns of fake verification schemes targeting dating app users

The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. [..] It starts with fraudsters approaching victims on a dating app or site and developing a romantic rapport. This lays the ground for requesting to take the conversation outside the platform onto a supposedly safer communications tool. At this stage, the fraudster sends a link to the victim that will take them to a seemingly legitimate verification platform where the victim will have to verify they're not a sexual offender.

https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/

Millions of Malicious Imageless Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. [..] Of the 4.79 million imageless Docker Hub repositories uncovered, 3.2 million of them are said to have been used as landing pages to redirect unsuspecting users to fraudulent sites as part of three broad campaigns.

https://thehackernews.com/2024/04/millions-of-malicious-imageless.html

The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen

McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages.

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-darkgate-menace-leveraging-autohotkey-attempt-to-evade-smartscreen/

Chrome 124 macht TLS-Handshake kaputt

Google hat kürzlich seinen Google Chrome-Browser in der Version 124 veröffentlicht. Neben Schwachstellen haben die Entwickler auch etwas an der TLS-Verschlüsselung (X25519Kyber768-Schlüsselkapselung für TLS) geändert. Inzwischen gibt es aber Rückmeldungen von Nutzern, die sich darüber beklagen, dass diese Änderung das TLS-Handshake zu Webservern kaputt machen kann. Das betrifft auch auf Chromium basierende Browser wie den Edge 124.

https://www.borncity.com/blog/2024/04/30/chrome-124-macht-tls-handshake-kaputt/

Google Play blockiert mehr als 2 Millionen Trojaner-Apps - Tendenz steigend

Dank strengerer Sicherheitschecks sperrte Google 2023 knapp 2,3 Millionen böse Apps aus. Trotz gesteigerter Bemühungen schlüpfen aber immer noch welche durch.

https://heise.de/-9703405

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. [..] The guidelines calls on management to act decisively on identified AI risks to enhance safety and security, ensuring that risk management controls are implemented and maintained to optimize the benefits of AI systems while minimizing adverse effects.

https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Debian (org-mode), Oracle (shim and tigervnc), Red Hat (ansible-core, avahi, buildah, container-tools:4.0, containernetworking-plugins, edk2, exfatprogs, fence-agents, file, freeglut, freerdp, frr, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, kernel, libjpeg-turbo, libnbd, LibRaw, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, mutt, openssl and openssl-fips-provider, osbuild and osbuild-composer, pam, pcp, pcs, perl, pmix, podman, python-jinja2, python3.11, python3.11-cryptography, python3.11-urllib3, qemu-kvm, qt5-qtbase, runc, skopeo, squashfs-tools, systemd, tcpdump, tigervnc, toolbox, traceroute, webkit2gtk3, wpa_supplicant, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), SUSE (docker, ffmpeg, ffmpeg-4, frr, and kernel), and Ubuntu (anope, freerdp3, and php7.0, php7.2, php7.4, php8.1).

https://lwn.net/Articles/971740/