Tageszusammenfassung - 27.06.2024

End-of-Day report

Timeframe: Mittwoch 26-06-2024 18:00 - Donnerstag 27-06-2024 18:00 Handler: Alexander Riepl Co-Handler: Thomas Pribitzer

News

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.

https://www.bleepingcomputer.com/news/security/exploit-for-critical-fortra-filecatalyst-workflow-sqli-flaw-released/


Sicherheitslücke: Ungeschützte API liefert sensible Daten deutscher Häftlinge

Welcher Häftling wann mit seinem Anwalt oder Therapeuten telefoniert hat, ist aufgrund der Sicherheitslücke für jedermann einsehbar gewesen.

https://www.golem.de/news/sicherheitsluecke-ungeschuetzte-api-liefert-sensible-daten-deutscher-haeftlinge-2406-186483.html


What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th)

For anyone who doesn-t know what a honeypot is, it is a server created specifically for the purpose of gathering information about unauthorized users that connect to it. A honeypot is usually vulnerable by design and often designed to be enticing to trap unsuspecting criminals into spending more time with it. I named my honeypot -Winnie.-

https://isc.sans.edu/diary/rss/31038


Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners.

https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html


Warnung vor Fake Finanzamt-SMS

Es häufen sich Berichte über eine erneute Smishing-Welle, bei der Kriminelle versuchen, ahnungslose Bürger:innen mit gefälschten SMS-Nachrichten im Namen des Finanzamtes hereinzulegen.

https://www.watchlist-internet.at/news/warnung-finanzamt-sms/


Rabbit R1: Verrissenes KI-Gadget erweist sich auch als Sicherheitsalbtraum

Hacker demonstrieren, dass sie auf jede an R1-Geräte geschickte Antwort zugreifen können. Zudem lassen sich die Geräte auf diesem Weg beschädigen und Antworten manipulieren.

https://www.derstandard.at/story/3000000226115/rabbit-r1-verrissenes-ki-gadget-erweist-sich-auch-als-sicherheitsalbtraum


Snowflake isn-t an outlier, it-s the canary in the coal mine

Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform.

https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/


MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data.

https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems


The Growing Threat of Malware Concealed Behind Cloud Services

Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers.

https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services

Vulnerabilities

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites.

https://thehackernews.com/2024/06/over-110000-websites-affected-by.html


Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques.

https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html


GitLab Security Updates Patch 14 Vulnerabilities

GitLab CE and EE updates resolve 14 vulnerabilities, including a critical- and three high-severity bugs.

https://www.securityweek.com/gitlab-security-updates-patch-14-vulnerabilities/


Multiple vulnerabilities in TP-Link Omada system could lead to root access

Affected devices could include wireless access points, routers, switches and VPNs.

https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/


TELSAT marKoni FM Transmitter

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01


Johnson Controls Illustra Essentials Gen 4

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04


Johnson Controls Illustra Essentials Gen 4

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-07


SDG Technologies PnPSCADA

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02


Johnson Controls Illustra Essentials Gen 4

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-05


Yokogawa FAST/TOOLS and CI Server

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-03


Johnson Controls Illustra Essentials Gen 4

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06


Local Privilege Escalation über MSI Installer in SoftMaker Office / FreeOffice

https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-ueber-msi-installer-in-softmaker-office-freeoffice/