September 2024 - rwth-security - lists.rwth-aachen.de

Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems
by Bernd Kohler 07 Oct '24

07 Oct '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure" --> "... October 6: Full public disclosure of the vulnerability details ..." --> "was there for more than a decade" [1] --> OS-Updates sollten aber eh immer asap eingespielt werden ;) VG Bernd [0] https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu… [1] https://x.com/evilsocket/status/1838169889330135132 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 7

Active Directory Security Guide
by Bernd Kohler 27 Sep '24

27 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Active Directory Security Guide" VG Bernd [0] https://github.com/mon-csirt/active-directory-security -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code
by Bernd Kohler 23 Sep '24

23 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk" --> "... exists a vulnerability in all publicly available examples of the ASF codebase ..." --> "... software is no longer supported and is rooted in IoT-centric code ..." --> "... affected versions include MediaTek SDK versions 7.4.0.1 and earlier, as well as OpenWrt 19.07 and 21.02 ..." --> "... patch for the vulnerability was released by MediaTek in March 2024 ..." wenn nötig ist der also bereits installiert ;) VG Bernd [0] https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.ht… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

New PondRAT Malware Hidden in Python Packages Targets Software
by Bernd Kohler 23 Sep '24

23 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New PondRAT Malware Hidden in Python Packages Targets Software Developers" - real-ids (893 downloads) - coloredtxt (381 downloads) - beautifultext (736 downloads) - minisound (416 downloads) VG Bernd [0] https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at
by Bernd Kohler 23 Sep '24

23 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk" VG Bernd [0] https://securityonline.info/cve-2024-8698-keycloak-vulnerability-puts-saml-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

This Windows PowerShell Phish Has Scary Potential
by Bernd Kohler 20 Sep '24

20 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "This Windows PowerShell Phish Has Scary Potential" --> know your keyboard shortcuts --> never blindly copy and paste VG Bernd [0] https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Tor insists its network is safe after German cops convict CSAM
by Bernd Kohler 19 Sep '24

19 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Tor insists its network is safe after German cops convict CSAM dark-web admin" VG Bernd [0] https://www.theregister.com/2024/09/19/tor_police_germany/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 1

Clever 'GitHub Scanner' campaign abusing repos to push malware
by Bernd Kohler 19 Sep '24

19 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Clever 'GitHub Scanner' campaign abusing repos to push malware" VG Bernd [0] https://www.bleepingcomputer.com/news/security/clever-github-scanner-campai… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Imperius - make an LKM rootkit visible again
by Bernd Kohler 18 Sep '24

18 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Imperius" --> "part of research on LKM rootkits" --> Alternative: ModTracer [1], "research that will be launched in this year" VG Bernd [0] https://github.com/MatheuZSecurity/Imperius [1] https://github.com/MatheuZSecurity/ModTracer -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

GSM Associatio (GSMA) Plans End-to-End Encryption for Cross-Platform
by Bernd Kohler 18 Sep '24

18 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging" --> "... end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. ..." --> "... first deployment of standardized, interoperable messaging encryption between different computing platforms, addressing significant technical challenges such as key federation and cryptographically-enforced group membership. ..." VG Bernd [0] https://thehackernews.com/2024/09/gsma-plans-end-to-end-encryption-for.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0