October 2024 - rwth-security - lists.rwth-aachen.de

CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete
by Bernd Kohler 04 Oct '24

04 Oct '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete Files and Run Code as SYSTEM" --> "... Avast has addressed this vulnerability in version 24.2 and later of their antivirus software ... prioritize updating to the latest version ..." VG Bernd [0] https://securityonline.info/cve-2024-5102-avast-antivirus-flaw-could-allow-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra
by Bernd Kohler 02 Oct '24

02 Oct '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw" --> Update auf Version 8.8.15 Patch 46 / 9.0.0 Patch 41 / 10.0.9, oder 10.1.1 (Released vom 0409.2024, siehe [1] VG Bernd [0] https://thehackernews.com/2024/10/researchers-sound-alarm-on-active.html [1] https://wiki.zimbra.com/wiki/Security_Center -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 1

A Network of AI ‘Nudify’ Sites Are a Front for Notorious Russian Hackers
by Bernd Kohler 02 Oct '24

02 Oct '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "A Network of AI ‘Nudify’ Sites Are a Front for Notorious Russian Hackers" --> "... AI to ‘nudify’ any photos uploaded are actually designed to infect users with powerful credential stealing malware ..." --> "... After uploading a photo to nudify, one of the sites then said a “trial is ready for download.” ..." --> "... download ultimately ends in the installation of RedLine infostealer malware ..." --> "... Some of the malware was distributed by Dropbox links ..." VG Bernd [0] https://www.404media.co/a-network-of-ai-nudify-sites-are-a-front-for-notori… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm
by Bernd Kohler 01 Oct '24

01 Oct '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet" VG Bernd [0] https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.h… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

𝜇CFI: Formal Verification of Microarchitectural Control-flow Integrity
by Bernd Kohler 01 Oct '24

01 Oct '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "𝜇CFI: Formal Verification of Microarchitectural Control-flow Integrity" VG Bernd [0] https://comsec.ethz.ch/research/hardware-design-security/mucfi/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0