Tageszusammenfassung - 27.08.2024

End-of-Day report

Timeframe: Montag 26-08-2024 18:00 - Dienstag 27-08-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Hackers infect ISPs with malware that steals customers- credentials

Zero-day that was exploited since June to infect ISPs finally gets fixed.

https://arstechnica.com/?p=2045401


Google tags a tenth Chrome zero-day as exploited this year

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests.

https://www.bleepingcomputer.com/news/security/google-tags-a-tenth-chrome-zero-day-as-exploited-this-year/


Exposed and Encrypted: Inside a Mallox Ransomware Attack

Recently, a client enlisted the support of Trustwave to investigate an unauthorized access incident within its internal cloud-based environment, leading to the deployment of Mallox ransomware by threat actors to its server.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/exposed-and-encrypted-inside-a-mallox-ransomware-attack/


Microsoft mistake blows up admins inboxes with fake malware alerts

Legitimate emails misclassified in software snafu Updated Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.

https://www.theregister.com/2024/08/26/microsoft_365_email_malware/


ThreatLabz Discovers 117 Vulnerabilities in Microsoft 365 Apps Via the SketchUp 3D Library - Part 2

In Part 1 of this series, we-ve demonstrated how ThreatLabz reverse engineered the SketchUp 3D library in Microsoft 365 as well as the SKP file format. Furthermore, we developed two effective fuzzing harnesses.Microsoft published CVE-2023-28285 and CVE-2023-29344 (in April and May of 2023, respectively) to address the vulnerabilities ..

https://www.zscaler.com/blogs/security-research/threatlabz-discovers-117-vulnerabilities-microsoft-365-apps-sketchup-3d-part-2


A malicious Pidgin plugin

The developers of the Pidgin chat program have announced that a malicious plugin had been listed on its third-party plugins list for over one month. This plugin included a key logger and could capture screenshots. It went unnoticed at the time that the plugin was not providing any source code and was only providing binaries for download. Going forward, we will be ..

https://lwn.net/Articles/987320/


WordPress GiveWP POP to RCE (CVE-2024-5932)

A few days ago, Wordfence published a blog post about a PHP Object Injection vulnerability affecting the popular WordPress Plugin GiveWP in all versions <= 3.14.1. Since the blog post contains only information about (a part) of the POP chain used, I decided to take a look and build a fully functional Remote Code Execution exploit. This post describes ..

https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932/


7777 Botnet - Insights into a Multi-Target Botnet

Our latest research, a collaboration between Bitsight TRACE & the security researcher Gi7w0rm, has uncovered additional details & information about the 7777 Botnet.

https://www.bitsight.com/blog/7777-botnet-insights-multi-target-botnet


NFC-Malware leert Bankkonten

Phishing und Malware kombiniert ein Angreifer, um Geldautomaten Bankkarten vorzuspielen und per NFC Geld abzuheben. Beobachtet wurde das in Tschechien.-

https://heise.de/-9848256


Vulnerabilities

Moodle: Remote Code Execution via Calculated Questions

Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system.

https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-009/


ZDI-24-1182: Linux Kernel Netfilter Conntrack Type Confusion Information Disclosure Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1182/


Security updates for Tuesday

https://lwn.net/Articles/987393/