End-of-Day report
Timeframe: Mittwoch 22-05-2024 18:00 - Donnerstag 23-05-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
State hackers turn to massive ORB proxy networks to evade detection
Security researchers are warning that state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations.
https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/
ShrinkLocker: Turning BitLocker into ransomware
The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
https://securelist.com/ransomware-abuses-bitlocker/112643/
Ihre Website läuft über Jimdo? Vorsicht vor Phishing-Mails zu Zahlungsproblemen!
Website- und Online-Shop-Betreiber:innen aufgepasst: Wenn Ihre Website über Jimdo läuft, haben es Kriminelle aktuell vermehrt auf Ihre Daten und Ihr Geld abgesehen. Sie versenden dazu Phishing-Mails in denen Probleme mit Ihren laufenden Zahlungen vorgegaukelt werden.
https://www.watchlist-internet.at/news/jimdo-phishing-mails/
Format String Exploitation: A Hands-On Exploration for Linux
This blogpost covers a Capture The Flag challenge that was part of the 2024 picoCTF event.
https://blog.nviso.eu/2024/05/23/format-string-exploitation-a-hands-on-exploration-for-linux/
New APT Group -Unfading Sea Haze- Hits Military Targets in South China Sea
Unfading Sea Hazes modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs investigation.
https://www.hackread.com/unfading-sea-haze-military-target-south-china-sea/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (chromium), Fedora (chromium, libxml2, pgadmin4, and python-libgravatar), Mageia (ghostscript), Red Hat (389-ds:1.4, ansible-core, bind and dhcp, container-tools:rhel8, edk2, exempi, fence-agents, freeglut, frr, ghostscript, glibc, gmp, go-toolset:rhel8, grafana, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd:2.4, idm:DL1, idm:DL1 and idm:client modules, kernel, kernel-rt, krb5, LibRaw, [...]
https://lwn.net/Articles/974824/
Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials
Aptos WISAL payroll accounting uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-007/
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action.
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
Cisco: Root-Zugriff durch SQL-Injection-Lücke in Firepower möglich
Cisco warnt vor Sicherheitslücken in ASA- und Firepower-Appliances. Angreifer können mit SQL-Injection Firepower-Geräte kompromittieren.
https://heise.de/-9729121
Sicherheitsupdates VMware: Schadcode kann aus VM ausbüchsen
Admins sollten zeitnah mehrere Sicherheitspatches für diverse VMware-Produkte installieren.
https://heise.de/-9729288
LCDS LAquis SCADA
https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01
Vulnerabilities in Autodesk InfraWorks software
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0008
AutomationDirect Productivity PLCs
https://www.cisa.gov/news-events/ics-advisories/icsa-24-144-01