Tageszusammenfassung - 27.03.2024

End-of-Day report

Timeframe: Dienstag 26-03-2024 18:00 - Mittwoch 27-03-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer


Ransomware as a Service and the Strange Economics of the Dark Web

Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.


CISA tags Microsoft SharePoint RCE bug as actively exploited

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.


Row breaks out over true severity of two DNSSEC flaws

Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue.


Gefälschte Booking.com-Kontaktnummern locken in die Falle!

Nehmen Sie sich vor betrügerischen Telefonnummern in Acht, wenn Sie nach Booking.com Kontaktinfos googeln. Kriminelle erstellen Fake-Websites mit Booking-Logo und blenden Telefonnummern ein.


Advanced Nmap Scanning Techniques

Beyond its fundamental port scanning capabilities, Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems.



Hackers exploit Ray framework flaw to breach servers, hijack resources

A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.


Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users systems and carry out malicious actions.


Security updates for Wednesday

Security updates have been issued by Debian (composer and nodejs), Fedora (w3m), Mageia (tomcat), Oracle (expat, firefox, go-toolset:ol8, grafana, grafana-pcp, nodejs:18, and thunderbird), Red Hat (dnsmasq, expat, kernel, kernel-rt, libreoffice, and squid), and SUSE (firefox, krb5, libvirt, and shadow).


Exposing a New BOLA Vulnerability in Grafana

Unit 42 researchers discovered CVE-2024-1313, a broken object level authorization (BOLA) vulnerability in open-source data visualization platform Grafana.


IBM Security Bulletins


Cisco Security Advisories 2024-03-27


Splunk Security Advisories


Google Chrome: Kritische Schwachstelle bedroht Browser-Nutzer