End-of-Day report
Timeframe: Dienstag 10-09-2024 18:00 - Mittwoch 11-09-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
New PIXHELL acoustic attack leaks secrets from LCD screen noise
A novel acoustic attack named PIXHELL can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to.
https://www.bleepingcomputer.com/news/security/new-pixhell-acoustic-attack-leaks-secrets-from-lcd-screen-noise/
Air-Gapped-Systeme: Malware nutzt LCD-Pixelmuster für Datenausleitung per Schall
Der Empfang erfolgt zum Beispiel über ein in der Nähe befindliches Smartphone. Die Datenrate ist gering, reicht aber für Keylogging und Passwörter.
https://www.golem.de/news/air-gapped-systeme-malware-nutzt-lcd-pixelmuster-fuer-datenausleitung-per-schall-2409-188883.html
Python Libraries Used for Malicious Purposes
Since I'm interested in malicious Python scripts, I found multiple samples that rely on existing libraries. The most-known repository is probably pypi.org[1] that reports, as of today, 567,478 projects! Malware developers are like regular developers: They don't want to reinvent the wheel and make their shopping across existing libraries to expand their scripts capabilities.
https://isc.sans.edu/forums/diary/Python+Libraries+Used+for+Malicious+Purposes/31248/
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments."The new samples were tracked to GitHub projects that ..
https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html
Microsoft says it broke some Windows 10 patching - as it fixes flaws under attack
CISA wants you to leap on Citrix and Ivanti issues. Adobe, Intel, SAP also bid for patching priorities Patch Tuesday Another Patch Tuesday has dawned, as usual with the unpleasant news that there are pressing security weaknesses and blunders to address.
https://www.theregister.com/2024/09/11/patch_tuesday_september_2024/
So you paid a ransom demand - and now the decryptor doesnt work
A really big oh sh*t moment, for sure For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life.
https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/
Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin
On August 14th, 2024, we received a submission for a Privilege Escalation vulnerability in Post Grid and Gutenberg Blocks, a WordPress plugin with over 40,000 active installations. This vulnerability can be leveraged by attackers with minimal authenticated access to set their role to administrator utilizing the form submission functionality.
https://www.wordfence.com/blog/2024/09/over-40000-wordpress-sites-affected-by-privilege-escalation-vulnerability-patched-in-post-grid-and-gutenberg-blocks-plugin/
ADCS Attack Paths in BloodHound - Part 3
In Part 1 of this series, we explained how we incorporated Active Directory Certificate Services (ADCS) objects into BloodHound and demonstrated how to effectively use BloodHound to identify attack paths, including the ESC1 domain escalation technique. Part 2 covered the Golden Certificates ..
https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-3-33efb00856ac
Phishing Pages Delivered Through Refresh HTTP Response Header
We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors.
https://unit42.paloaltonetworks.com/rare-phishing-page-delivery-header-refresh/
The September 2024 Security Update Review
We-ve reached September and the pumpkin spice floats in the air. While they aren-t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches - including some zesty 0-days. Take a break from ..
https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review
SBOMs and the importance of inventory
Can a Software Bill of Materials (SBOM) provide organisations with better insight into their supply chains?
https://www.ncsc.gov.uk/blog-post/sboms-and-the-importance-of-inventory
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.SummaryWhat started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel ..
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by AlmaLinux (389-ds:1.4, dovecot, emacs, and glib2), Fedora (bluez, iwd, libell, linux-firmware, seamonkey, vim, and wireshark), Mageia (apr, libtiff, Nginx, openssl, orc, unbound, webmin, and zziplib), Red Hat (389-ds:1.4), and SUSE (containerd, curl, go1.22, go1.23, gstreamer-plugins-bad, kernel, ntpd-rs, python-Django, and python311).
https://lwn.net/Articles/989772/
Cisco Releases Security Updates for Cisco Smart Licensing Utility
https://www.cisa.gov/news-events/alerts/2024/09/10/cisco-releases-security-updates-cisco-smart-licensing-utility