Tageszusammenfassung - 17.05.2024

End-of-Day report

Timeframe: Donnerstag 16-05-2024 18:00 - Freitag 17-05-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

Zahlungsaufforderungen der IDS EU zu Ihrer Domain ignorieren!

Österreichische Unternehmen erhalten aktuell Zahlungsaufforderungen einer IDS EU bzw. ids-eu.org und idseu.org. Die Forderungen sollen eine Domainregistrierung betreffen. Bei genauerem Hinsehen offenbart sich, dass IDS EU in Verbindung zu einem früheren Betrug steht, zu welchem die Watchlist Internet bereits berichtete. Es gilt: Nichts bezahlen und die Forderung ignorieren!

https://www.watchlist-internet.at/news/zahlungsaufforderungen-ids-eu-ignorieren/


Aufklärung nach Cyberangriff: BSI setzt Microsoft juristisch unter Druck

Seit Monaten versucht das BSI, von Microsoft Auskünfte zu einem Cyberangriff von 2023 zu erhalten. Inzwischen hat die Behörde ein Verwaltungsverfahren eröffnet.

https://www.golem.de/news/aufklaerung-nach-cyberangriff-bsi-setzt-microsoft-juristisch-unter-druck-2405-185221.html


Another PDF Streams Example: Extracting JPEGs, (Fri, May 17th)

In this diary entry, I will show how file-magic.py can augment JSON data produced by pdf-parser.py with file-type information that an then be used by myjson-filter.py to filter out files you are interested in. As an example, I will extract all JPEGs from a PDF document.

https://isc.sans.edu/diary/rss/30924


New -Antidot- Android Trojan Allows Cybercriminals to Hack Devices, Steal Data

Dubbed Antidot and spotted in early May, the malware masquerades as a Google Play update and employs overlay attacks to harvest victims- credentials. [..] -The Antidot malware utilizes the MediaProjection feature to capture the display content of the compromised device. It then encodes this content and transmits it to the command-and-control (C&C) server,- Cyble explains.

https://www.securityweek.com/new-antidot-android-trojan-allows-cybercriminals-to-hack-devices-steal-data/

Vulnerabilities

SAP Security Patch Day - May 2024

On 14th of May 2024, SAP Security Patch Day saw the release of 14 new Security Notes. Further, there were 3 updates to previously released Security Notes.

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html


Security updates for Friday

Security updates have been issued by Fedora (chromium, firefox, and podman), Mageia (chromium-browser-stable, ghostscript, and java-1.8.0, java-11, java-17, java-latest), Red Hat (bind, Firefox, firefox, gnutls, httpd:2.4, and thunderbird), SUSE (glibc, opera, and python-Pillow), and Ubuntu (dotnet7, dotnet8, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.5, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-signed, linux-signed-aws, linux-signed-aws-6.5, linux-starfive, linux-starfive-6.5, linux, linux-aws, linux-azure-4.15, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi).

https://lwn.net/Articles/974055/


QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)

The first four of these bugs have patches available. These bugs are fixed in the following products: QTS 5.1.6.2722 build 20240402 and later, QuTS hero h5.1.6.2734 build 20240414 and later [..] However, the remaining bugs still have no fixes available, even after an extended period. Those who are affected by these bugs are advised to consider taking such systems offline, or to heavily restrict access until patches are available.

https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/


Trellix ePolicy Orchestrator ermöglicht Rechteausweitung

Vor zwei Sicherheitslücken in ePolicy Orchestrator warnt Hersteller Trellix. Bösartige Akteure können ihre Rechte ausweiten.

https://heise.de/-9722391


WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

https://jvn.jp/en/jp/JVN85380030/


Rechteausweitung durch unsichere Standardkonfiguration im CI-Out-of-Office Manager (SYSS-2024-013)

https://www.syss.de/pentest-blog/rechteausweitung-durch-unsichere-standardkonfiguration-im-ci-out-of-office-manager-syss-2024-013


Mattermost security update Desktop App v5.8.0 released

https://mattermost.com/blog/mattermost-security-update-desktop-app-v5-8-0-released/


Palo Alto Networks: CVE-2024-3661 Impact of TunnelVision Vulnerability (Severity: LOW)

https://security.paloaltonetworks.com/CVE-2024-3661


F5: K000139652 : Intel CPU vulnerability CVE-2023-23583

https://my.f5.com/manage/s/article/K000139652


F5: K000139643 : Node-tar vulnerability CVE-2024-28863

https://my.f5.com/manage/s/article/K000139643