Tageszusammenfassung - 01.09.2023

End-of-Day report

Timeframe: Donnerstag 31-08-2023 18:00 - Freitag 01-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner


Monitoring aus der Cloud: Kundensysteme dank schwacher Standardpasswörter gehackt

Hacker haben offenbar aufgrund schwacher Standardpasswörter eine Ransomware auf lokalen Systemen von Logicmonitor-Kunden verbreitet.


WordPress Vulnerability & Patch Roundup August 2023

To help educate website owners on emerging threats to their environments, we-ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.


Potential Weaponizing of Honeypot Logs

Escape sequences have long been used to create ASCII art on screens and allow for customization of a user-s terminal. Because most terminals support some kind of escape sequences, it could be possible to manipulate the analyst-s terminal, and hypothetically allow for remote code execution on the analysist-s system.


MONDEO: Multistage Botnet Detection

MONDEO is a multistage mechanism with a flexible design to detect DNS-based botnet malware. MONDEO is lightweight and can be deployed without requiring the deployment of software, agents, or configuration in mobile devices, allowing easy integration in core networks. MONDEO comprises four detection stages: Blacklisting/Whitelisting, Query rate analysis, DGA analysis, and Machine learning evaluation. [..] The implementation is available at github.


Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd

Using the vulnerability described in this advisory an attacker may take control of an encrypted Linux computer during the early boot process, manually unlock TPM-based disk encryption and either modify or read sensitive information stored on the computer-s disk. This blog post runs through how this vulnerability was identified and exploited - no tiny soldering required.


BitLocker, TPM and Pluton | What Are They and How Do They Work

The optimal kind of security measure is imperceptible to the user during deployment and usage. Whenever there is a potential delay or difficulty due to a security feature, there is a high probability that users will attempt to circumvent security. This situation is particularly prevalent for data protection, and that is a scenario that organizations need to prevent.


NetNTLMv1 Downgrade to compromise

In this blogpost I-m going to blow your mind with some easy to understand NetNTLMv1 downgrade and relaying stuff. I will keep this blogpost simple, so that everyone can follow these steps, but I will link further resources for those who want to get the bigger picture at the end of this post.


Free Decryptor Available for -Key Group- Ransomware

EclecticIQ has released a free decryption tool to help victims of the Key Group ransomware recover their data without paying a ransom.


How companies can get a grip on -business email compromise-

The delivery methods vary but the most exploited vector is email as a vehicle for a credential harvesting phishing campaign. Phishing, in general, has grown in scale and sophistication in recent years, with the most damaging form of phishing from a financial perspective being -business email compromise- (BEC). According to Check Point Research, credential harvesting makes up about 15% of all email-based attacks but is the most financially damaging category.



Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. contains multiple vulnerabilities. Update the software to the latest version according to the information provided by the developer. These vulnerabilities have been addressed in VI Web Client 7.9.6.


Tinycontrol LAN Controller v3 (LK3) Remote Denial Of Service

The controller suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.


Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

Autodesk AutoCAD and certain AutoCAD-based products have been affected by Out-of-Bounds Write, Heap-based Buffer Overflow, Untrusted Pointer Dereference, and Memory Corruption vulnerabilities. CVE IDs: CVE-2023-29073, CVE-2023-29074, CVE-2023-29075, CVE-2023-29076, CVE-2023-41139, CVE-2023-41140


Acronis: Updates dichten Sicherheitslecks in mehreren Produkten ab

Acronis hat Sicherheitsmeldungen zu insgesamt zwölf Schwachstellen in mehreren Produkten herausgegeben. Updates stehen länger bereit.


Kritische Lücke in VPN von Securepoint

Updates sollen eine kritische Sicherheitslücke in der VPN-Software von Securepoint schließen, durch die Angreifer ihre Rechte ausweiten können.


Security updates for Friday

Security updates have been issued by Debian (chromium, firefox-esr, and gst-plugins-ugly1.0), Fedora (firefox, libeconf, libwebsockets, mosquitto, and rust-rustls-webpki), SUSE (amazon-ssm-agent, open-vm-tools, and terraform-provider-helm), and Ubuntu (linux-azure, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp-5.15, linux-gcp-5.4, linux-oracle-5.4, linux-gkeop, linux-gkeop-5.15, linux-intel-iotg, linux-kvm, linux-oracle, and python-git).


IBM Security Bulletins