Tageszusammenfassung - 11.04.2024

End-of-Day report

Timeframe: Mittwoch 10-04-2024 18:00 - Donnerstag 11-04-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

New Spectre v2 attack impacts Linux systems on Intel CPUs

Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. [..] The hardware vendor has indicated that future processors will include mitigations for BHI and potentially other speculative execution vulnerabilities. For a complete list of impacted Intel processors to the various speculative execution side-channel flaws, check this page updated by the vendor.

https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/

CISA says Sisense hack impacts critical infrastructure orgs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations.

https://www.bleepingcomputer.com/news/security/cisa-says-sisense-hack-impacts-critical-infrastructure-orgs/

DragonForce Ransomware - What You Need To Know

A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web. So far, so normal. How did DragonForce come to prominence?

https://www.tripwire.com/state-of-security/dragonforce-ransomware-what-you-need-know

CISA Releases Malware Next-Gen Analysis System for Public Use

CISAs Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis.

https://www.securityweek.com/cisa-releases-malware-next-gen-analysis-system-for-public-use/

Metasploit Meterpreter Installed via Redis Server

Redis is an abbreviation of Remote Dictionary Server, which is an open-source in-memory data structure storage that is also used as a database. It is presumed that the threat actors abused inappropriate settings or ran commands through vulnerability attacks.

https://asec.ahnlab.com/en/64034/

Control Web Panel - Fingerprinting Open-Source Software using a Consolidation Algorithm approach

This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV), affecting Control Web Panel, an open-source control panel for servers and VPS management. Initially, the team could not find a way to straightforwardly fingerprint the software-s version, nor another way to detect it without intrusive exploitation - thus we used a novelty technique: an algorithm that retrieves the web application-s static web content files and consolidates them to pin-point the software-s version.

https://www.bitsight.com/blog/control-web-panel-fingerprinting-open-source-software-using-consolidation-algorithm-approach

Vulnerabilities

Node.js Security Advisories Apr 10, 2024

Node v21.7.3 (Current), Node v20.12.2 (LTS), Node v18.20.2 (LTS): CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows.

https://nodejs.org/en/blog/release/

Security updates for Thursday

Security updates have been issued by AlmaLinux (kernel, less, libreoffice, nodejs:18, nodejs:20, rear, thunderbird, and varnish), Debian (pillow), Fedora (dotnet7.0), SUSE (sngrep, texlive-specs-k, tomcat, tomcat10, and xorg-x11-server), and Ubuntu (nss, squid, and util-linux).

https://lwn.net/Articles/969468/

Citrix: XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142

Two issues have been identified that affect XenServer and Citrix Hypervisor; each issue may allow malicious unprivileged code in a guest VM to infer the contents of memory belonging to its own or other VMs on the same host.

https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142

Google Chrome: Sandbox-Ausbruch durch bestimmte Gesten möglich

Mit etwas Verspätung haben Googles Entwickler das wöchentliche Update für den Chrome-Webbrowser veröffentlicht. Insgesamt drei Sicherheitslücken stopfen die Programmierer darin. Alle tragen die Risikoeinstufung "hoch".

https://heise.de/-9681413

WLAN-Access-Points von TP-Link 15 Minuten nach Reboot attackierbar

Angreifer können die WLAN-Access-Points von TP-Link AC1350 Wireless und N300 Wireless N Ceiling Mount attackieren und unter anderem auf Werksweinstellungen zurücksetzen. [..] Sicherheitsupdates sind verfügbar.

https://heise.de/-9681863