End-of-Day report
Timeframe: Dienstag 14-05-2024 18:00 - Mittwoch 15-05-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
Weitere Schwachstelle entdeckt: Hacker startet erneut Cyberangriff auf Dell
Die bereits abgegriffenen 49 Millionen Kundendatensätze sind ihm offenbar nicht genug. Menelik greift Dell erneut an. Dieses Mal sind wohl Support-Daten betroffen.
https://www.golem.de/news/weitere-schwachstelle-entdeckt-hacker-startet-erneut-cyberangriff-auf-dell-2405-185130.html
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft.
https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Mageia (sssd and tcpdump), Red Hat (.NET 7.0, .NET 8.0, expat, kernel, and kernel-rt), Slackware (mozilla), SUSE (kernel, postgresql15, postgresql16, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, and python3), and Ubuntu (linux-bluefield).
https://lwn.net/Articles/973746/
ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric
Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their products.
https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-rockwell-mitsubishi-electric/
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. [..] The most important flaw, based on its severity rating of -critical- and a CVSS score of 10, is CVE-2024-22476. [..] Intel says this critical vulnerability could allow an unauthenticated attacker to -enable escalation of privilege via remote access-.
https://www.securityweek.com/intel-publishes-41-security-advisories-for-over-90-vulnerabilities/
LibreOffice: Falscher Klick kann zur Ausführung von Schadcode führen
Eine Sicherheitslücke im quelloffenen LibreOffice ermöglicht Angreifern, Opfern Schadcode unterzujubeln. Die müssen nur einmal klicken.
https://heise.de/-9719334
VMware Workstation und Fusion: Ausbruch aus Gastsystem möglich
In VMware Workstation und Fusion klaffen Sicherheitslücken, die beim Pwn2Own-Wettbewerb missbraucht wurden. Sie ermöglichen den Ausbruch aus dem Gastsystem.
https://heise.de/-9718624
Patchday: Angreifer attackieren Windows und verschaffen sich Systemrechte
Microsoft hat wichtige Sicherheitsupdates für unter anderem Edge, Dynamics 365 und Windows veröffentlicht. Es gibt bereits Attacken.
https://heise.de/-9718608
Patchday: Angreifer können Schadcode durch Lücken in Adobe-Software schieben
Der Softwarehersteller Adobe hat unter anderem Animate, Illustrator und Reader vor möglichen Attacken abgesichert.
https://heise.de/-9718639
Fortiguard Security Advisories
https://www.fortiguard.com/psirt
Lenovo Security Advisories
https://support.lenovo.com/at/en/product_security/home
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin
https://www.wordfence.com/blog/2024/05/30000-wordpress-sites-affected-by-arbitrary-sql-execution-vulnerability-patched-in-visualizer-wordpress-plugin/
Bosch: Remote code execution vulnerability has been found over an insecure connection in the Praesensa Logging Application, Praesideo Logging Application and Praesideo PC Call Station
https://psirt.bosch.com/security-advisories/bosch-sa-106054-bt.html
B&R: 2024-05-14: Cyber Security Advisory - Insecure Loading of Code in B&R Products
https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf
SUBNET PowerSYSTEM Center
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02
F5: K000139592 : libxml2 vulnerability CVE-2023-29469
https://my.f5.com/manage/s/article/K000139592
ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-456/
ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-455/