Tageszusammenfassung - 07.03.2024

End-of-Day report

Timeframe: Mittwoch 06-03-2024 18:00 - Donnerstag 07-03-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer


Hacked WordPress sites use visitors browsers to hack other sites

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors browsers to bruteforce passwords for other sites.


New Python-Based Snake Info Stealer Spreading Through Facebook Messages

Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that-s designed to capture credentials and other sensitive data.


Code injection on Android without ptrace

I came up with the idea to port linux_injector. The project has a simple premise: injecting code into a process without using ptrace.


CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability

Successful exploitation of this vulnerability would allow a remote attacker to write or delete files in the context of the FTP server. The following is a portion of their write-up covering CVE-2023-36049, with a few minimal modifications.


Delving into Dalvik: A Look Into DEX Files

Through a case study of the banking trojan sample, this blog post aims to give an insight into the Dalvik Executable file format, how it is constructed, and how it can be altered to make analysis easier.


Staatstrojaner: Infrastruktur der Spyware Predator erneut abgeschaltet-

Die Betreiber der Plattform hinter Predator haben offenbar Server vom Netz genommen, die sie zum Ausliefern und Steuern der Überwachungssoftware verwendeten.-



CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive

On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory details that there exists an authentication bypass vulnerability which effects certain components of the OpenEdge platform.


Security updates for Thursday

Security updates have been issued by Debian (chromium and yard), Fedora (cpp-jwt, golang-github-tdewolff-argp, golang-github-tdewolff-minify, golang-github-tdewolff-parse, and suricata), Mageia (wpa_supplicant), Oracle (curl, edk2, golang, haproxy, keylime, mysql, openssh, and rear), Red Hat (kernel and postgresql:12), SUSE (containerd, giflib, go1.21, gstreamer-plugins-bad, java-1_8_0-openjdk, python3, python311, python39, sudo, and vim), and Ubuntu (frr, linux, linux-gcp, linux-gcp-5.4, [...]


VMware schließt Schlupflöcher für Ausbruch aus virtueller Maschine

Angreifer können Systeme mit VMware ESXi, Fusion und Workstation attackieren. Sicherheitsupdates stehen zum Download.


VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks


Registration role - Critical - Access bypass - SA-CONTRIB-2024-015


IBM Security Bulletins


Local Privilege Escalation via writable files in CheckMK Agent


Mattermost security updates 9.5.2 (ESR) / 9.4.4 / 9.3.3 / 8.1.11 (ESR) released


Apple Releases Security Updates for iOS and iPadOS


Chirp Systems Chirp Access