End-of-Day report
Timeframe: Mittwoch 11-09-2024 18:00 - Donnerstag 12-09-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/
Sicherheitspaket: CCC droht mit Anleitungen zur Überwachungssabotage
Zivilgesellschaftliche Verbände sind empört über das Sicherheitspaket der Bundesregierung. Der "billige Populismus" spiele Rechtsextremen in die Hände.
https://www.golem.de/news/sicherheitspaket-ccc-droht-mit-anleitungen-zur-ueberwachungssabotage-2409-188906.html
SiteCheck Remote Website Scanner - Mid-Year 2024 Report
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote website scanners may not provide as comprehensive of a scan as server-side scanners, ..
https://blog.sucuri.net/2024/09/sitecheck-remote-website-scanner-mid-year-2024-report.html
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation.The black hat SEO ..
https://thehackernews.com/2024/09/dragonrank-black-hat-seo-campaign.html
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns."Selenium Grid is a server that facilitates running test cases in parallel ..
https://thehackernews.com/2024/09/exposed-selenium-grid-servers-targeted.html
Transport for London confirms 5,000 user bank data exposed, pulls large chunks of IT infra offline
Hauling in 30,000 staff IN PERSON to do password resets Breaking Transport for Londons ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees passwords will need to be reset via in-person appointments.
https://www.theregister.com/2024/09/12/transport_for_londons_cyber_attack/
Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey
Repair functions of Microsoft Windows MSI installers can be vulnerable in several ways, for instance allowing local attackers to ..
https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/
Living off the land, GPO style
TL;DR The ability to edit Group Policy Object (GPOs) from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog ..
https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
Ransomware: Attacks Once More Nearing Peak Levels
Attacks surge again in second quarter of 2024 as attackers bounce back from disruption.
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound
Introduction to Third-Party Risk Management
In today-s world, organizations are increasingly depending on their third-party vendors, suppliers, and partners to support their operations. This way of working, in addition to the digitalization era we-re in, can have great advantages such as being able to offer new services quickly while relying on other-s expertise or cutting costs on already existing processes.
https://blog.nviso.eu/2024/09/12/introduction-to-third-party-risk-management/
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
CVE-2024-38257 is considered -less likely- to be exploited, though it does not require any user interaction or user privileges.
https://blog.talosintelligence.com/vulnerability-roundup-sept-11-2024/
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software-s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.
https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html
Hadooken Malware Targets Weblogic Applications
Aqua Nautilus researchers identified a new Linux malware targeting Weblogic servers. The main payload calls itself Hadooken which we think is referring to the attack -surge fist- in the Street Fighter series. When Hadooken is executed, ..
https://blog.aquasec.com/hadooken-malware-targets-weblogic-applications-1
Microsoft Office: ActiveX wird abgedreht
Länger war es still darum, aber ActiveX gibt es noch. Kommende Microsoft Office-Versionen schalten die Unterstützung endlich ab. Zumindest fast.
https://heise.de/-9865690
Vulnerabilities
Cisco Routed Passive Optical Network Controller Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL
Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy
Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp
Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC
Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe
Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S
Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD
Cisco IOS XR Software CLI Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq