End-of-Day report
Timeframe: Dienstag 28-05-2024 18:00 - Mittwoch 29-05-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Okta warns of credential stuffing attacks targeting its CORS feature
Okta warns that a Customer Identity Cloud (CIC) feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April.
https://www.bleepingcomputer.com/news/security/okta-warns-of-credential-stuffing-attacks-targeting-its-cors-feature/
Per Passwortmanager generiert: 20-stelliges Passwort einer Kryptowallet geknackt
Auf der Wallet befanden sich 43,6 Bitcoins, die heute rund 2,8 Millionen Euro wert sind. Der Besitzer hatte den Zugriff verloren. Zwei Experten konnten ihm helfen.
https://www.golem.de/news/per-passwortmanager-generiert-20-stelliges-passwort-einer-kryptowallet-geknackt-2405-185536.html
BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. [..] However, the possibility that it may be a honeypot has not been lost among members of the cybersecurity community.
https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html
EU Is Tightening Cybersecurity for Energy Providers
On March 11th, 2024, the European Commission adopted new cybersecurity rules-the EU network code on cybersecurity for the electricity sector (C/2024/1383)-to -establish a recurrent process of cybersecurity risk assessments in the electricity sector.- If you-re a cybersecurity professional, this news is cause for celebration; if you-re an electricity provider, maybe not so much.
https://www.tripwire.com/state-of-security/eu-tightening-cybersecurity-energy-providers
Stromspargerät -SmartEnergy- ist Betrug!
Aktuell bewerben Kriminelle massenhaft ein Gerät namens -SmartEnergy-. Damit sollen Sie Ihren Stromverbrauch um bis zu 90 Prozent reduzieren können. Wir garantieren Ihnen: Hier sparen Sie nicht 90% Strom, sondern verschwenden zu 100% Geld!
https://www.watchlist-internet.at/news/stromspargeraet-smartenergy-betrug/
Vulnerabilities
Check Point releases emergency fix for VPN zero-day exploited in attacks
Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. [..] Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled.
https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/
Advisory: Active exploitation of Check Point Remote Access VPN vulnerability (CVE-2024-24919)
mnemonic has several observations of the exploit being used in the wild. [..] We have observed threat actors extracting ntds.dit from compromised customers within 2-3 hours after logging in with a local user. [..] The vulnerability allows a threat actor to enumerate and extract password hashes for all local accounts, including the account used to connect to Active Directory. The full extent of the consequences is still unknown. The following IOCs have been observed in customer environments between April 30, 2024, and today (May 29, 2024) ...
https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/
Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution
Vulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution.The post Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution appeared first on SecurityWeek.
https://www.securityweek.com/vulnerabilities-in-eclipse-threadx-could-lead-to-code-execution/
Security updates for Wednesday
Security updates have been issued by AlmaLinux (glibc and tomcat), Fedora (chromium, fcitx5-qt, python-pyqt6, qadwaitadecorations, qgnomeplatform, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgraphs, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, and zeal), Red Hat (glibc, kernel, kernel-rt, kpatch-patch, linux-firmware, mod_http2, pcp, pcs, protobuf, python3, rpm-ostree, and rust), SUSE (git, glibc-livepatches, kernel, libxml2, openssl-1_1, SUSE Manager Client Tools, SUSE Manager Client Tools, salt, and xdg-desktop-portal), and Ubuntu (amavisd-new, firefox, flask-security, frr, git, intel-microcode, jinja2, libreoffice, linux-intel-iotg, unbound, and webkit2gtk).
https://lwn.net/Articles/975737/
WordPress Vulnerability & Patch Roundup May 2024
https://blog.sucuri.net/2024/05/wordpress-vulnerability-patch-roundup-may-2024.html
ZDI-24-516: Progress Software WhatsUp Gold HttpContentActiveController Server-Side Request Forgery Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-516/
Vulnerability Summary for the Week of May 20, 2024
https://www.cisa.gov/news-events/bulletins/sb24-149