End-of-Day report
Timeframe: Montag 26-08-2024 18:00 - Dienstag 27-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Hackers infect ISPs with malware that steals customers- credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed.
https://arstechnica.com/?p=2045401
Google tags a tenth Chrome zero-day as exploited this year
Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests.
https://www.bleepingcomputer.com/news/security/google-tags-a-tenth-chrome-zero-day-as-exploited-this-year/
Exposed and Encrypted: Inside a Mallox Ransomware Attack
Recently, a client enlisted the support of Trustwave to investigate an unauthorized access incident within its internal cloud-based environment, leading to the deployment of Mallox ransomware by threat actors to its server.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/exposed-and-encrypted-inside-a-mallox-ransomware-attack/
Microsoft mistake blows up admins inboxes with fake malware alerts
Legitimate emails misclassified in software snafu Updated Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.
https://www.theregister.com/2024/08/26/microsoft_365_email_malware/
ThreatLabz Discovers 117 Vulnerabilities in Microsoft 365 Apps Via the SketchUp 3D Library - Part 2
In Part 1 of this series, we-ve demonstrated how ThreatLabz reverse engineered the SketchUp 3D library in Microsoft 365 as well as the SKP file format. Furthermore, we developed two effective fuzzing harnesses.Microsoft published CVE-2023-28285 and CVE-2023-29344 (in April and May of 2023, respectively) to address the vulnerabilities ..
https://www.zscaler.com/blogs/security-research/threatlabz-discovers-117-vulnerabilities-microsoft-365-apps-sketchup-3d-part-2
A malicious Pidgin plugin
The developers of the Pidgin chat program have announced that a malicious plugin had been listed on its third-party plugins list for over one month. This plugin included a key logger and could capture screenshots. It went unnoticed at the time that the plugin was not providing any source code and was only providing binaries for download. Going forward, we will be ..
https://lwn.net/Articles/987320/
WordPress GiveWP POP to RCE (CVE-2024-5932)
A few days ago, Wordfence published a blog post about a PHP Object Injection vulnerability affecting the popular WordPress Plugin GiveWP in all versions <= 3.14.1. Since the blog post contains only information about (a part) of the POP chain used, I decided to take a look and build a fully functional Remote Code Execution exploit. This post describes ..
https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932/
7777 Botnet - Insights into a Multi-Target Botnet
Our latest research, a collaboration between Bitsight TRACE & the security researcher Gi7w0rm, has uncovered additional details & information about the 7777 Botnet.
https://www.bitsight.com/blog/7777-botnet-insights-multi-target-botnet
NFC-Malware leert Bankkonten
Phishing und Malware kombiniert ein Angreifer, um Geldautomaten Bankkarten vorzuspielen und per NFC Geld abzuheben. Beobachtet wurde das in Tschechien.-
https://heise.de/-9848256
Vulnerabilities
Moodle: Remote Code Execution via Calculated Questions
Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-009/
ZDI-24-1182: Linux Kernel Netfilter Conntrack Type Confusion Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1182/
Security updates for Tuesday
https://lwn.net/Articles/987393/