End-of-Day report
Timeframe: Dienstag 09-04-2024 18:00 - Mittwoch 10-04-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Verzögerte Aussendung der CERT.at-Tagesberichte
Aufgrund einer Fehlkonfiguration unserer Firewall kam es gestern, am 09.04.2024, zu einer teilweise verzögerten Aussendung unserer Tagesberichte. Wir bitten um Entschuldigung für entstandene Unannehmlichkeiten.
https://cert.at/de/aktuelles/2024/4/verzogerte-aussendung-der-certat-tagesberichte
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows
Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Windows, allows attackers to execute arbitrary code disguised as arguments to the command.
https://kb.cert.org/vuls/id/123335
Wie sich NIS 2 auf Mitarbeiter in Unternehmen auswirken wird
ÖGB Datenschutzexperte Sebastian Klocker im Interview über Schulungsmaßnahmen, Zutrittskontrollen und Überwachung.
https://futurezone.at/netzpolitik/nis-2-cybersicherheit-richtlinie-eu-gesetz-oesterreich-auswirkungen-mitarbeiter-beschaeftigte/402850531
Datenpanne bei Microsoft: Passwörter und Quellcode lagen wohl offen im Netz
Microsoft hatte offenbar einen Azure-Storage-Server falsch konfiguriert. Angeblich sind allerhand sensible Daten des Konzerns für jedermann abrufbar gewesen.
https://www.golem.de/news/datenpanne-bei-microsoft-passwoerter-und-quellcode-lagen-wohl-offen-im-netz-2404-183999.html
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious Windows Script Files (WSFs) since March 2024.
https://thehackernews.com/2024/04/raspberry-robin-returns-new-malware.html
Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
Threat actors once again target system administrators via their favorite tools. Learn more about their TTPs and use the IOCs provide to investigate.
https://www.malwarebytes.com/blog/threat-intelligence/2024/04/active-nitrogen-campaign-delivered-via-malicious-ads-for-putty-filezilla
Muddled Libra-s Evolution to the Cloud
Muddled Libra now actively targets CSP environments and SaaS applications. Using the MITRE ATT&CK framework, we outline observed TTPs from incident response.
https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/
Datendiebstahl unter macOS: Zwei neue Kampagnen aufgedeckt
Den Cyberkriminellen geht es um vertrauliche Nutzerdaten wie Passwörter. Unter anderem kommen gefälschte Werbeanzeigen zum Einsatz, um einen Infostealer einzuschleusen.
https://www.zdnet.de/88415282/datendiebstahl-unter-macos-zwei-neue-kampagnen-aufgedeckt/?utm_source=rss&utm_medium=rss&utm_campaign=rss
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub-s search functionality, and using meticulously crafted repositories to distribute malware.
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
Vulnerabilities
Critical BatBadBut Rust Vulnerability Exposes Windows Systems to Attacks
A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks.
https://thehackernews.com/2024/04/critical-batbadbut-rust-vulnerability.html
Security updates for Wednesday
Security updates have been issued by Debian (gtkwave), Fedora (dotnet7.0, dotnet8.0, and python-pillow), Mageia (apache, gstreamer1.0, libreoffice, perl-Data-UUID, and xen), Oracle (kernel, kernel-container, and varnish), Red Hat (edk2, kernel, rear, and unbound), SUSE (apache2-mod_jk, gnutls, less, and xfig), and Ubuntu (bind9, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, [...]
https://lwn.net/Articles/969314/
Patchday: Angreifer umgehen erneut Sicherheitsfunktion und attackieren Windows
Microsoft hat wichtige Sicherheitsupdates für unter anderem Bitlocker, Office und Windows Defender veröffentlicht. Zwei Lücken nutzen Angreifer bereits aus.
https://heise.de/-9679989
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
XSA-455
https://xenbits.xen.org/xsa/advisory-455.html
Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities
https://cert.vde.com/de/advisories/VDE-2024-017/
PC System Recovery Bootloader Vulnerabilities
http://support.lenovo.com/product_security/PS500613-PC-SYSTEM-RECOVERY-BOOTLOADER-VULNERABILITIES
AMI MegaRAC Vulnerability
http://support.lenovo.com/product_security/PS500612-AMI-MEGARAC-VULNERABILITY
System Management Module (SMM v1 and v2) and Fan Power Controller (FPC) Vulnerabilities
http://support.lenovo.com/product_security/SYSTEM-MANAGEMENT-MODULE-SMM-V1-AND-V2-AND-FAN-POWER-CONTROLLER-FPC-VULNERABILITIES
AMD Radeon Vulnerabilities
http://support.lenovo.com/product_security/PS500615
Adobe Releases Security Updates for Multiple Products
https://www.cisa.gov/news-events/alerts/2024/04/09/adobe-releases-security-updates-multiple-products-0
Sunhillo SureLine Command Injection Attack
https://fortiguard.fortinet.com/outbreak-alert/sunhillo-sureline-attack