Tageszusammenfassung - 17.09.2024

End-of-Day report

Timeframe: Montag 16-09-2024 18:00 - Dienstag 17-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.

https://www.bleepingcomputer.com/news/security/exploit-code-released-for-critical-ivanti-rce-flaw-patch-now/


Emergency Accounts: Last Call!

Even if you have been out of office for the last couple of months, you should be aware that starting October 15th you will need to provide Multi Factor Authentication (MFA) to logon to Azure portal, Entra admin center and Intune admin center. This will be enforced to all users accessing these resources regardless of their role or permission level. [..] With Microsoft-s new MFA enforcement, you need a different approach for emergency accounts.

https://blog.nviso.eu/2024/09/17/emergency-accounts-last-call/


Secure Boot-neutering PKfail debacle is more prevalent than anyone knew

A supply chain failure that compromises Secure Boot protections on computing devices from across the device-making industry extends to a much larger number of models than previously known, including those used in ATMs, point-of-sale terminals, and voting machines.

https://arstechnica.com/?p=2050182


Check24 und Verivox: Sensible Daten von Kreditnehmern leicht zugänglich im Netz

Bei zwei namhaften Vergleichsportalen hat ein Experte Sicherheitslücken entdeckt. Dadurch sollen Kreditangebote mit sensiblen Daten frei abrufbar gewesen sein. [..] Genannt wurden Daten wie Namen und Adressen sowie Angaben zum jeweiligen Arbeitsverhältnis, Einkommen und die Anzahl der Kinder.

https://www.golem.de/news/check24-und-verivox-sensible-daten-von-kreditnehmern-leicht-zugaenglich-im-netz-2409-189044.html


What to Do With Products Without SSO?

Let-s start with the role that SSO plays in modern defense architecture, and then cover how to implement similar security measures without such a centralized mechanism.

https://zeltser.com/products-without-sso/


Cyber predators target vulnerable victims: Hackers blackmail hospitals, trade patient data and find partners through darknet ads

According to data from Check Point Research (CPR), from January - September 2024, the global weekly average number of attacks per organization within the healthcare industry was 2,018, representing a 32% increase, compared to the same period last year.

https://blog.checkpoint.com/research/cyber-predators-target-vulnerable-victims-hackers-blackmail-hospitals-trade-patient-data-and-find-partners-through-darknet-ads/


-Clipper- malware is being used to steal crypto, Binance warns

Binance is warning customers that malware is being used to manipulate withdrawal addresses in order to steal cryptocurrency, in a campaign that has led to -significant financial losses for victims.-

https://therecord.media/clipper-malware-binance-stealing-crypto

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Debian (php-twig and pymongo), Fedora (linux-firmware, microcode_ctl, and python3.13), Mageia (clamav, microcode, postgresql13 and postgresql15, python3-webob, suricata, tcpreplay, tgt, and wireshark), Oracle (httpd, kernel, and linux-kernel), Red Hat (firefox, kernel, kernel-rt, pcs, and thunderbird), SUSE (389-ds, chromium, golang-github-prometheus-prometheus, htmldoc, kernel, SUSE Manager Client Tools, and wireshark), and Ubuntu (clamav, curl, dcmtk, dovecot, nginx, openssh, and python3.10, python3.12, python3.8).

https://lwn.net/Articles/990588/


Apple Patches Major Security Flaws With iOS 18 Refresh

Apple warns that attackers can use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication. According to a bulletin from Cupertino, iOS 18 has been fitted with fixes for vulnerabilities in core components including accessibility features, Bluetooth, Control Center, and Wi-Fi, with several flaws allowing unauthorized access to sensitive data or full device control.

https://www.securityweek.com/apple-patches-major-security-flaws-with-ios-18-refresh/


Sicherheitspatch: Hintertür in einigen D-Link-Routern erlaubt unbefugte Zugriffe

Angreifer können bestimmte Router-Modelle von D-Link attackieren und kompromittieren. Sicherheitsupdates stehen zum Download bereit.

https://heise.de/-9870648


MISP 2.4.198 released with many bugs fixed, security fixes and improvements.

https://www.misp-project.org/2024/09/17/MISP.2.4.198.released.html/


Yokogawa Dual-redundant Platform for Computer (PC2CKM)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-03


Millbeck Communications Proroute H685t-w

https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02