Tageszusammenfassung - 08.08.2024

End-of-Day report

Timeframe: Mittwoch 07-08-2024 18:00 - Donnerstag 08-08-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Kein Patch in Sicht: Phishing-Warnung in Outlook lässt sich per Mail ausblenden

Obendrein kann eine Phishing-Mail in Outlook auch vortäuschen, dass sie verschlüsselt oder signiert ist. Für Microsoft hat das Thema derzeit keine Priorität.

https://www.golem.de/news/kein-patch-in-sicht-phishing-warnung-in-outlook-laesst-sich-per-mail-ausblenden-2408-187847.html


Samsung boosts bug bounty to a cool million for cracks of the Knox Vault subsystem

Good luck, crackers: Its an isolated processor and storage enclave, and top dollar only comes from a remote attack Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault - the isolated subsystem the Korean giant bakes into its smartphones to store info like credentials and run authentication routines.

https://www.theregister.com/2024/08/08/samsung_microsoft_big_bug_bounty/


Using 1Password on Mac? Patch up if you don-t want your Vaults raided

Hundreds of thousands of users potentially vulnerable Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.

https://www.theregister.com/2024/08/08/using_1password_on_mac_patch/


A Flaw in Windows Update Opens the Door to Zombie Exploits

A researcher found a vulnerability that would let hackers strategically downgrade a target-s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.

https://www.wired.com/story/windows-update-downdate-exploit/


Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption

Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.

https://www.securityweek.com/vulnerabilities-exposed-widely-used-solar-power-systems-to-hacking-disruption/


Royal Ransomware Actors Rebrand as -BlackSuit,- FBI and CISA Release Update to Advisory

Today, CISA-in partnership with the Federal Bureau of Investigation (FBI)-released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network ..

https://www.cisa.gov/news-events/alerts/2024/08/07/royal-ransomware-actors-rebrand-blacksuit-fbi-and-cisa-release-update-advisory


US offers $10 million for info on Iranian leaders behind CyberAv3ngers water utility attacks

The U.S. State Department identified at least six Iranian government hackers allegedly responsible for a string of attacks on U.S. water utilities last fall and offered a large reward for information on their whereabouts.

https://therecord.media/us-offers-reward-for-info-on-iranian-hackers-water-utilities


BOTNET 7777: ARE YOU BETTING ON A COMPROMISED ROUTER?

A -7777 botnet- was first referenced in public reporting in October 2023 by Gi7w0rm. At the time, it was described as a botnet with approximately 10,000 nodes, observed primarily in brute-force attacks against Microsoft Azure instances. These attacks ..

https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router


Go deeper: Linux runtime visibility meets Wireshark

Aqua Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. Tracee-s main use case is to be installed in a production environment and continuously monitor system activity and detect suspicious behavior. Some alternative use cases which Tracee can be used for are dynamic malware analysis, system tracing, ..

https://blog.aquasec.com/go-deeper-linux-runtime-visibility-meets-wireshark


PureHVNC Deployed via Python Multi-stage Loader

FortiGuard Lab reveals a malware "PureHVNC", sold on the cybercrime forum, is spreading through a phishing campaign targeting employees via a python multi-stage loader

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader


Cisco: Angreifer können Befehle auf IP-Telefonen ausführen, Update kommt nicht

Für kritische Lücken in Cisco-IP-Telefonen wird es keine Updates geben. Für eine jüngst gemeldete Lücke ist ein Proof-of-Concept-Exploit aufgetaucht.

https://heise.de/-9827988


Vulnerabilities

DSA-5743-1 roundcube - security update

https://lists.debian.org/debian-security-announce/2024/msg00154.html


Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY


Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz