End-of-Day report
Timeframe: Freitag 02-08-2024 18:00 - Montag 05-08-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
StormBamboo successfully compromised an internet service provider (ISP) in order to poison DNS responses for target organizations. Insecure software update mechanisms were targeted to surreptitiously install malware on victim machines running macOS and Windows.
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
Google Chrome warns uBlock Origin may soon be disabled
Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled.
https://www.bleepingcomputer.com/news/google/google-chrome-warns-ublock-origin-may-soon-be-disabled/
Security Tips for Modern Web Administrators
By understanding and implementing key security practices, you can significantly reduce the risk of attacks and ensure a safe experience for your users. Let-s break down some essential tips and strategies to enhance your website-s security.
https://blog.sucuri.net/2024/08/security-tips-for-modern-web-administrators.html
Google gamed into advertising a malicious version of Authenticator
Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software. A team at security shop Malwarebytes spotted the adverts, which appear to come from a Google approved domain - and from a verified user - earlier this week.
https://go.theregister.com/feed/www.theregister.com/2024/08/05/security_in_brief/
New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous
A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous.
https://www.securityweek.com/new-slubstick-attack-makes-linux-kernel-vulnerabilities-more-dangerous/
Homebrew-Audit enthüllt Sicherheitslücken - die meisten hat das Team geschlossen
Ein umfangreiches Security-Audit hat Schwachstellen im Code und den CI/CD-Prozessen des Paketmanagers Homebrew gefunden. Viele, aber nicht alle, sind gefixt.
https://heise.de/-9822824
Vulnerabilities
Kritische Sicherheitslücke bedroht Unternehmenssoftware Apache OFBiz
Angreifer können Systeme mit Apache OFBiz attackieren und eigenen Code ausführen. Eine dagegen abgesicherte Version steht zum Download bereit. [..] Derzeit gibt es kaum Informationen zur Lücke (CVE-2024-38856). Aus einem Seclists-Beitrag geht hervor, dass es zu Fehlern bei der Authentifizierung kommen kann, sodass Angreifer eigenen Code ausführen können.
https://heise.de/-9824150
Security updates for Monday
Security updates have been issued by Debian (openjdk-11), Fedora (bind, bind-dyndb-ldap, chromium, ffmpeg, hostapd, trafficserver, and wpa_supplicant), and Ubuntu (curl and linux-oem-6.5).
https://lwn.net/Articles/984552/
Pimax Play and PiTool accept WebSocket connections from unintended endpoints
https://jvn.jp/en/jp/JVN50850706/
Helmholz: Multiple products are vulnerable to regreSSHion
https://certvde.com/de/advisories/VDE-2024-044/
Red Lion Europe: Multiple products are vulnerable to regreSSHion
https://certvde.com/de/advisories/VDE-2024-042/
RaspAP Security Update Advisory (CVE-2024-41637)
https://asec.ahnlab.com/en/82193/
OpenAM Security Update Advisory (CVE-2024-41667)
https://asec.ahnlab.com/en/82194/
GStreamer Product Security Update Advisory (CVE-2024-40897)
https://asec.ahnlab.com/en/82196/
Roundcube: Security updates 1.6.8 and 1.5.8 released
https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
F5: K000140505: Apache HTTPD vulnerability CVE-2024-38473
https://my.f5.com/manage/s/article/K000140505