End-of-Day report
Timeframe: Mittwoch 17-07-2024 18:00 - Donnerstag 18-07-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
SolarWinds fixes 8 critical bugs in access rights audit software
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices.
https://www.bleepingcomputer.com/news/security/solarwinds-fixes-8-critical-bugs-in-access-rights-audit-software/
Cisco-Schwachstelle: Secure Email Gateway ist vor allem secure, außer vor Mails
Eine E-Mail mit einem speziell gestalteten Anhang reicht aus, um ein anfälliges Gateway zu infiltrieren und es zum Absturz zu bringen oder Schadcode auszuführen.
https://www.golem.de/news/cisco-schwachstelle-secure-email-gateway-ist-vor-allem-secure-ausser-vor-mails-2407-187191.html
Forensik-Tool Cellebrite: Diese Smartphones kann das FBI knacken
Kürzlich hat das FBI das Smartphone des Trump-Attentäters geknackt. Geleakte Dokumente von Cellebrite zeigen, bei welchen Geräten das grundsätzlich möglich ist.
https://www.golem.de/news/forensik-tool-cellebrite-diese-smartphones-kann-das-fbi-knacken-2407-187199.html
Criminal Gang Physically Assaulting People for Their Cryptocurrency
This is pretty horrific: a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home ..
https://www.schneier.com/blog/archives/2024/07/criminal-gang-physically-assaulting-people-for-their-cryptocurrency.html
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud ..
https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html
TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Futures Insikt Group is tracking the activity ..
https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html
Container Breakouts: Escape Techniques in Cloud Environments
Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime.
https://unit42.paloaltonetworks.com/container-escape-techniques/
Windows Patchday-Nachlese: MSHTML 0-day-Schwachstelle CVE-2024-38112 durch Malware ausgenutzt
Noch ein kleiner Nachtrag zum Juli 2024 Patchday bei Microsoft. Mit den Sicherheitsupdates hat Microsoft auch eine MSHTML Spoofing-Schwachstelle geschlossen. Es gab die Information, dass diese Schwachstelle (CVE-2024-38112) durch ..
https://www.borncity.com/blog/2024/07/18/windows-patchday-nachlese-mshtml-0-day-schwachstelle-cve-2024-38112-durch-malware-ausgenutzt/
FIN7 Cybercrime Gang Evolves with Ransomware and Hacking Tools
FIN7, a notorious cybercrime gang, is back with a new bag of tricks!
https://hackread.com/fin7-cybercrime-gang-ransomware-hacking-tools/
CISA Releases Playbook for Infrastructure Resilience Planning
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a companion guide to the Infrastructure Resilience Planning Framework (IRPF), which provides guidance on how local governments and the private sector can ..
https://www.cisa.gov/news-events/news/cisa-releases-playbook-infrastructure-resilience-planning
Critical Patch Update: Oracles Quartalsupdate liefert 386 Sicherheitspatches
Angreifer können kritische Lücken in unter anderem Oracle HTTP Server oder MySQL Cluster ausnutzen.
https://heise.de/-9804741
Vulnerabilities
Cisco Security Advisories 2024-07-18
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Heap-based buffer overflow vulnerability in SonicOS IPSec VPN
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012
CVE-2024-5321
https://github.com/kubernetes/kubernetes/issues/126161