End-of-Day report
Timeframe: Mittwoch 11-12-2024 18:00 - Donnerstag 12-12-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Apache issues patches for critical Struts 2 RCE bug
More details released after devs allowed weeks to apply fixes. We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE. [..] Considering remote attackers could exploit the vulnerability without requiring any privileges, combined with the high impact to system confidentiality, integrity, and availability, it's likely the Apache Foundation withheld the juiciest details to allow customers to upgrade to a safe version (Struts 6.4.0 or greater).
https://go.theregister.com/feed/www.theregister.com/2024/12/12/apache_struts_2_vuln/
Cyber Resilience Act: Vernetzte Produkte müssen bald besser abgesichert sein
Die EU-Verordnung zur Cyber-Widerstandsfähigkeit ist in Kraft getreten. Hersteller vernetzter Produkte müssen künftig ein Mindestmaß an Cybersicherheit bieten.
https://heise.de/-10197273
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR team discovered a novel, multi-stage attack that deploys an encoded Java Archive (JAR) payload.
https://www.rapid7.com/blog/post/2024/12/11/etr-modular-java-backdoor-dropped-in-cleo-exploitation-campaign/
The Bite from Inside: The Sophos Active Adversary Report
A sea change in available data fuels fresh insights from the first half of 2024.
https://news.sophos.com/en-us/2024/12/12/active-adversary-report-2024-12/
Vorsicht beim Online-Kauf von Weihnachtsbäumen: So erkennen Sie unseriöse Shops
Die Vorweihnachtszeit ist für viele mit Stress und hohen Ausgaben verbunden - da scheint ein günstiger und schnell aufgestellter Weihnachtsbaum verlockend. Besonders im Trend liegen faltbare Weihnachtsbäume, die in Rekordzeit aufgestellt sein sollen. Doch Vorsicht: Nicht alle Anbieter halten, was sie versprechen. Wir zeigen, woran man unseriöse Angebote erkennt.
https://www.watchlist-internet.at/news/unserioese-shops-beim-weihnachtsbaum-kauf-erkennen/
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
In this research we highlighted vulnerabilities and flaws in the Prometheus stack. We highlight the risks associated with exposing Prometheus servers and exporters to the internet without authentication, which expose sensitive information and can be exploited to launch DoS attacks or even execute arbitrary code through compromised exporters.
https://blog.aquasec.com/300000-prometheus-servers-and-exporters-exposed-to-dos-attacks
Bis zum Burn-out: Open-Source-Entwickler von KI-Bug-Reports genervt
Sie kommen freundlich und wohl durchdacht daher: Doch bei genauerer Prüfung stellen Open-Source-Maintainer fest, dass immer mehr Bugreports KI-Unsinn sind.
https://heise.de/-10195951
Vulnerabilities
Hunk Companion WordPress plugin exploited to install vulnerable plugins
The issue impacts all versions of Hunk Companion before the latest 1.9.0, released yesterday, which addressed the problem. While investigating a WordPress site infection, WPScan discovered active exploitation of CVE-2024-11972 to install a vulnerable version of WP Query Console. [..] By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin accounts.
https://www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS), (Wed, Dec 11th)
Apple today released patches for all of its operating systems. The updates address 46 different vulnerabilities. Many of the vulnerabilities affect more than one operating system. None of the vulnerabilities are labeled as being already exploited.
https://isc.sans.edu/diary/rss/31514
Atlassian schützt Confluence & Co. vor möglichen DoS-Attacken
Angreifer können an zehn Sicherheitslücken in Atlassian Bamboo, Bitbucket und Confluence ansetzen und unter anderem Abstürze provozieren.
https://heise.de/-10196643
Sicherheitspatch: Angreifer können über TeamViewer-Lücke Windows-Dateien löschen
Basierend auf einer Warnmeldung ist die Komponente TeamViewer Patch & Asset Management angreifbar (CVE-2024-12363 "hoch"). Die Komponente ist aber standardmäßig nicht installiert. Sie ist optional im Kontext des Remote-Management-Features installierbar. [..] Die Entwickler versichern, dass sich das Sicherheitsupdate automatisch installiert.
https://heise.de/-10196765
Security updates for Thursday
Security updates have been issued by Debian (libsoup2.4, python-aiohttp, and upx-ucl), Fedora (iaito, python3.11, python3.9, and radare2), Red Hat (ruby, ruby:2.5, and ruby:3.1), Slackware (mozilla-thunderbird), SUSE (govulncheck-vulndb, nodejs18, nodejs20, and socat), and Ubuntu (ofono and python-tornado).
https://lwn.net/Articles/1001863/
Paloalto: PAN-SA-2024-0017 Chromium: Monthly Vulnerability Updates (Severity: MEDIUM)
https://security.paloaltonetworks.com/PAN-SA-2024-0017
Tenable: [R1] Security Center Version 6.5.1 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2024-20
Drupal: Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076
https://www.drupal.org/sa-contrib-2024-076
Drupal: Allow All File Extensions for file fields - Critical - Unsupported - SA-CONTRIB-2024-075
https://www.drupal.org/sa-contrib-2024-075
Drupal: Git Utilities for Drupal - Critical - Unsupported - SA-CONTRIB-2024-074
https://www.drupal.org/sa-contrib-2024-074
Drupal: Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073
https://www.drupal.org/sa-contrib-2024-073
Drupal: Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072
https://www.drupal.org/sa-contrib-2024-072