End-of-Day report
Timeframe: Montag 05-02-2024 18:00 - Dienstag 06-02-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Rust Won-t Save Us: An Analysis of 2023-s Known Exploited Vulnerabilities
We have analyzed all critical vulnerabilities from the CISA KEV catalog starting from January 2023 through January 2024, categorized the vulnerability root causes, and attempted to analyze if the current efforts in the information security industry match with the current threat vectors being abused.
https://www.horizon3.ai/analysis-of-2023s-known-exploited-vulnerabilities/
Unseriöse Dirndl-Shops drohen mit Anzeige? Ignorieren Sie die Nachrichten!
Zahlreiche Betroffene wenden sich aktuell an die Watchlist Internet, weil unseriöse Bekleidungs- und Dirndl-Shops Monate nach den Bestellungen versuchen, Kund:innen einzuschüchtern und zu einer Zahlung zu drängen. Da völlig falsche Produkte geliefert wurden, besteht aber kein Grund zur Zahlung und somit auch kein Grund zur Sorge!
https://www.watchlist-internet.at/news/unserioese-dirndl-shops-drohen-mit-anzeige-ignorieren-sie-die-nachrichten/
How are user credentials stolen and used by threat actors?
You-ve probably heard the phrase, -Attackers don-t hack anyone these days. They log on.- In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can log on with valid account details, and outline our recommendations for defense.
https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/
Navigating the Rising Tide of CI/CD Vulnerabilities: The Jenkins and TeamCity Case Studies
In the evolving landscape of cybersecurity, a new threat has emerged, targeting the core of software development processes. Recently, an alarming incident has brought to light a significant vulnerability in Jenkins CI/CD servers. Approximately 45,000 Jenkins servers have been left exposed to remote code execution (RCE) attacks, leveraging multiple exploit public POCs. This breach is not just a standalone event but a symptom of a growing trend of attacks on Continuous Integration/Continuous Deployment (CI/CD) software supply chains.
https://checkmarx.com/blog/navigating-the-rising-tide-of-ci-cd-vulnerabilities-the-jenkins-and-teamcity-case-studies/
Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services
Three new security vulnerabilities have been discovered in Azure HDInsights Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. [..] Following responsible disclosure, Microsoft has rolled out fixes as part of updates released on October 26, 2023.
https://thehackernews.com/2024/02/high-severity-flaws-found-in-azure.html
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2/
Vulnerabilities
Patchday Android: Kritische Schadcode-Lücke auf Systemebene geschlossen
Mehrere Sicherheitslücken gefährden Android-Geräte. Für bestimmte Smartphones und Tablets sind Updates erschienen.
https://www.heise.de/-9619910
Sicherheitsupdate: Mehrere Lücken gefährden Server-Monitoring-Tool Nagios XI
Unter bestimmten Bedingungen können Angreifer Schadcode auf Server mit Nagios XI laden. Ein Sicherheitsupdate schließt diese und weitere Schwachstellen.
https://www.heise.de/-9620155
Kritische Schwachstellen in Multifunktions- und Laserdruckern von Canon
Canon warnt vor kritischen Sicherheitslücken in einigen SOHO-Multifunktions- und Laserdruckern. Gegenmaßnahmen sollen helfen.
https://www.heise.de/-9620345
Security updates for Tuesday
Security updates have been issued by CentOS (firefox, gstreamer1-plugins-bad-free, and tigervnc), Debian (ruby-sanitize), Fedora (kernel, kernel-headers, qt5-qtwebengine, and runc), Oracle (gnutls, kernel, libssh, rpm, runc, and tigervnc), Red Hat (runc), and SUSE (bouncycastle, jsch, python, and runc).
https://lwn.net/Articles/961083/
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001
CVE identifiers: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213, CVE-2023-40414, CVE-2023-42833, CVE-2014-1745
https://webkitgtk.org/security/WSA-2024-0001.html
CISA Adds One Known Exploited Vulnerability to Catalog
Google Chromium V8 Type Confusion Vulnerability CVE-2023-4762
https://www.cisa.gov/news-events/alerts/2024/02/06/cisa-adds-one-known-exploited-vulnerability-catalog
MISP 2.4.184 released with performance improvements, security and bugs fixes.
A series of security fixes were done in this release, the vulnerabilities are accessible to authenticated users, especially those with specific privileges like Org admin. We urge users to update to this version especially if you have different organisations having access to your instances.
https://github.com/MISP/MISP/releases/tag/v2.4.184
ZDI-24-086: TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-086/
ZDI-24-085: (Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-085/
ZDI-24-087: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-087/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Pilz: Multiple products affected by uC/HTTP vulnerability
https://cert.vde.com/de/advisories/VDE-2024-002/
HID Global Encoders
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01
HID Global Reader Configuration Cards
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02