Tageszusammenfassung - 20.06.2024
End-of-Day report
Timeframe: Mittwoch 19-06-2024 18:00 - Donnerstag 20-06-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael SchlagenhauferNews
SolarWinds Serv-U path-traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. [..] The vulnerability, CVE-2024-28995, is a high-severity directory traversal flaw, allowing unauthenticated attackers to read arbitrary files from the filesystem by crafting specific HTTP GET requests. [..] SolarWinds released the 15.4.2 Hotfix 2, version 15.4.2.157, on June 5, 2024, to address this vulnerability by introducing improved validation mechanisms.No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary], (Thu, Jun 20th)
Being in the IT and cybersecurity world it seems the costs of controls keeps going up and up. With all the new flashy tools coming out daily it-s easy to forget that there are tons of free tools that can be just as effective at stopping attacks.https://isc.sans.edu/diary/rss/31024
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform Module (TPM) configuration that could result in the execution of malicious code.https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html
Fickle Stealer Distributed via Multiple Attack Chain
This article summarizes the details of this campaign, roughly dividing the attack chain into three stages: Delivery, Preparatory Work, and Packer and Stealer Payload.A Traveler-s Guide to Cybersecurity
In this Q&A with Jonas Walker, a Security Strategist with Fortinet-s FortiGuard Labs, he offers his insight into how to stay safe and avoid attacks from threat actors while traveling in today-s cyber world.https://feeds.fortinet.com/~/701705230/0/fortinet/blogs~A-Traveler%e2%80%99s-Guide-to-Cybersecurity
BSI warnt vor angreifbaren Codeschmuggel-Lecks in tausenden Exchange-Servern
Das BSI schreibt, dass mehr als 18.000 Exchange-Server einen offenen Outlook-Web-Access anbieten und für eine oder sogar mehrere Codeschmuggel-Lücken anfällig seien.Vulnerabilities
D-Link: Versteckte Backdoor in 16 Routermodellen entdeckt
Angreifer können aus der Ferne den Telnet-Dienst betroffener D-Link-Router aktivieren. Auch die Admin-Zugangsdaten sind offenbar in der Firmware hinterlegt.https://www.golem.de/news/d-link-versteckte-backdoor-in-16-routermodellen-entdeckt-2406-186277.html
Sicherheitslücken: Attacken auf Atlassian Confluence & Co. möglich
Sicherheitslücken bedrohen mehrere Anwendungen von Atlassian. Angreifer können Abstürze auslösen oder unbefugt Daten einsehen. [..] Wie aus einer Warnmeldung hervorgeht, haben die Entwickler insgesamt neun Schwachstellen geschlossen, die alle mit dem Bedrohungsgrad "hoch" eingestuft sind.Arbitrary File Upload in edu-sharing (metaVentis GmbH)
Sonicwall: Heap-based buffer overflow vulnerability in SonicOS SSL-VPN
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0009
Sonicwall: Stack-based buffer overflow vulnerability in SonicOS HTTP server
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008
CAREL Boss-Mini
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-02
Westermo L210-F2G
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
Yokogawa CENTUM
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-01