End-of-Day report
Timeframe: Mittwoch 19-06-2024 18:00 - Donnerstag 20-06-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
SolarWinds Serv-U path-traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. [..] The vulnerability, CVE-2024-28995, is a high-severity directory traversal flaw, allowing unauthenticated attackers to read arbitrary files from the filesystem by crafting specific HTTP GET requests. [..] SolarWinds released the 15.4.2 Hotfix 2, version 15.4.2.157, on June 5, 2024, to address this vulnerability by introducing improved validation mechanisms.
https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/
No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary], (Thu, Jun 20th)
Being in the IT and cybersecurity world it seems the costs of controls keeps going up and up. With all the new flashy tools coming out daily it-s easy to forget that there are tons of free tools that can be just as effective at stopping attacks.
https://isc.sans.edu/diary/rss/31024
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform Module (TPM) configuration that could result in the execution of malicious code.
https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html
Fickle Stealer Distributed via Multiple Attack Chain
This article summarizes the details of this campaign, roughly dividing the attack chain into three stages: Delivery, Preparatory Work, and Packer and Stealer Payload.
https://feeds.fortinet.com/~/899735243/0/fortinet/blogs~Fickle-Stealer-Distributed-via-Multiple-Attack-Chain
A Traveler-s Guide to Cybersecurity
In this Q&A with Jonas Walker, a Security Strategist with Fortinet-s FortiGuard Labs, he offers his insight into how to stay safe and avoid attacks from threat actors while traveling in today-s cyber world.
https://feeds.fortinet.com/~/701705230/0/fortinet/blogs~A-Traveler%e2%80%99s-Guide-to-Cybersecurity
BSI warnt vor angreifbaren Codeschmuggel-Lecks in tausenden Exchange-Servern
Das BSI schreibt, dass mehr als 18.000 Exchange-Server einen offenen Outlook-Web-Access anbieten und für eine oder sogar mehrere Codeschmuggel-Lücken anfällig seien.
https://heise.de/-9770441
Vulnerabilities
D-Link: Versteckte Backdoor in 16 Routermodellen entdeckt
Angreifer können aus der Ferne den Telnet-Dienst betroffener D-Link-Router aktivieren. Auch die Admin-Zugangsdaten sind offenbar in der Firmware hinterlegt.
https://www.golem.de/news/d-link-versteckte-backdoor-in-16-routermodellen-entdeckt-2406-186277.html
Sicherheitslücken: Attacken auf Atlassian Confluence & Co. möglich
Sicherheitslücken bedrohen mehrere Anwendungen von Atlassian. Angreifer können Abstürze auslösen oder unbefugt Daten einsehen. [..] Wie aus einer Warnmeldung hervorgeht, haben die Entwickler insgesamt neun Schwachstellen geschlossen, die alle mit dem Bedrohungsgrad "hoch" eingestuft sind.
https://heise.de/-9770453
Arbitrary File Upload in edu-sharing (metaVentis GmbH)
https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-in-edu-sharing-metaventis-gmbh/
Sonicwall: Heap-based buffer overflow vulnerability in SonicOS SSL-VPN
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0009
Sonicwall: Stack-based buffer overflow vulnerability in SonicOS HTTP server
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008
CAREL Boss-Mini
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-02
Westermo L210-F2G
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
Yokogawa CENTUM
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-01