Tageszusammenfassung - 25.07.2024

End-of-Day report

Timeframe: Mittwoch 24-07-2024 18:00 - Donnerstag 25-07-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.

https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/


French police push PlugX malware self-destruct payload to clean PCs

The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France.

https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malware-self-destruct-payload-to-clean-pcs/


How a cheap barcode scanner helped fix CrowdStriked Windows PCs in a flash

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards.

https://www.theregister.com/2024/07/25/crowdstrike_remediation_with_barcode_scanner/


XWorm Hidden With Process Hollowing

XWorm is not a brand-new malware family. Its a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique.

https://isc.sans.edu/diary/rss/31112


Kriminelle werben mit Fake-Profilen von Finanzexperten für betrügerische Investmentplattformen

Der österreichische Finanzjournalist und Unternehmer Niko Jilch betreibt verschiedene Informationskanäle zu Finanzen, Geldanlage und Bitcoin. Seine Reichweite und Bekanntheit nutzen mittlerweile aber auch Kriminelle, um Privatanleger:innen auf betrügerische Investmentplattformen zu locken.

https://www.watchlist-internet.at/news/kriminelle-werben-mit-fake-profilen-von-finanzexperten-fuer-betruegerische-investmentplattformen/

Vulnerabilities

Progress warns of critical RCE bug in Telerik Report Server

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.

https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/


Container angreifbar: Docker muss kritische Schwachstelle von 2019 erneut patchen

Docker hatte die Lücke längst geschlossen. Nur Monate später flog der Patch aber wieder raus. Die Docker Engine ist damit fünf Jahre lang angreifbar gewesen.

https://www.golem.de/news/container-angreifbar-docker-muss-kritische-schwachstelle-von-2019-erneut-patchen-2407-187423.html


Security updates for Thursday

Security updates have been issued by AlmaLinux (containernetworking-plugins, cups, edk2, httpd, httpd:2.4, libreoffice, libuv, libvirt, python3, and runc), Fedora (exim, python-zipp, xdg-desktop-portal-hyprland, and xmedcon), Red Hat (cups, fence-agents, freeradius, freeradius:3.0, httpd:2.4, kernel, kernel-rt, nodejs:18, podman, and resource-agents), Slackware (htdig and libxml2), SUSE (exim), and Ubuntu (ocsinventory-server, php-cas, and poppler).

https://lwn.net/Articles/983328/


Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products

Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products.

https://www.securityweek.com/nvidia-patches-high-severity-vulnerabilities-in-ai-networking-products/


Sicherheitsupdates: Aruba EdgeConnect SD-WAN vielfältig attackierbar

Die Entwickler von HPE haben in Arubas SD-WAN-Lösung EdgeConnect mehrere gefährliche Sicherheitslücken geschlossen.

https://heise.de/-9813256


Positron Broadcast Signal Processor

https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02