Tageszusammenfassung - 26.09.2024

End-of-Day report

Timeframe: Mittwoch 25-09-2024 18:00 - Donnerstag 26-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC

Cisco Talos- Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. One is a vulnerability in the High-Definition Audio Bus Driver in Windows systems that could lead to a denial of service, while the other is a memory corruption issue that exists in a multicasting protocol in Windows 10. [..] For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence-s website.

https://blog.talosintelligence.com/talos-discovers-denial-of-service-vulnerability-in-microsoft-audio-bus-potential-remote-code-execution-in-popular-open-source-plc/


The Cyber Resilience Act, an Accidental European Alien Torts Statute?

What if someone is harmed by their own government, but the technology used against them was created by a company based in the United States? Should that person be able to hold the American company responsible?

https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidental-european-alien-torts-statute


Threat landscape for industrial automation systems, Q2 2024

In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types.

https://securelist.com/industrial-threat-landscape-q2-2024/113981/


Direct Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking

DMA allows input-output (I/O) devices to access memory without CPU involvement. Bypassing the Operating System (OS) by providing direct high-speed access to the system-s memory improves efficiency for Graphics processing units (GPUs), Network Interface Cards (NICs), storage devices (e.g. NVMe) and peripheral devices. DMA capable connections include PCI, PCI Express (PCIe), Thunderbolt, FireWire, ExpressCard. Without additional safeguards, DMA can make systems vulnerable to attacks.

https://www.pentestpartners.com/security-blog/direct-memory-access-dma-attacks-risks-techniques-and-mitigations-in-hardware-hacking/


Unraveling Sparkling Pisces-s Tool Set: KLogEXE and FPSpy

We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant).

https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/


Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Spammers are always looking for creative ways to bypass spam filters. As a spammer, one of the problems with creating your own architecture to deliver mail is that, once the spam starts flowing, these sources (IPs/domains) can be blocked. Spam can more easily find its way into the inbox if it is delivered from an unexpected or legitimate source. Realizing this, many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these -pirated- resources to send unsolicited email.

https://blog.talosintelligence.com/simple-mail-transfer-pirates/


Phishing and Social Engineering: The Human Factor in Election Security

Discover how phishing and social engineering threaten the 2024 U.S. elections in part three of our Election Cybersecurity series. Learn how attackers exploit human vulnerabilities to compromise systems and how to defend against these evolving threats.

https://www.greynoise.io/blog/phishing-and-social-engineering-the-human-factor-in-election-security


Dell Hit by Third Data Leak in a Week Amid -grep- Cyberattacks

Dell faces its third data leak in a week as hacker -grep- continues targeting the tech giant. Sensitive internal files, including project documents and MFA data, were exposed. Dell has yet to issue a formal response.

https://hackread.com/dell-data-leak-in-week-amid-grep-cyberattacks/

Vulnerabilities

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices.

https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-three-critical-rce-flaws-impacting-its-access-points/


Security updates for Thursday

Security updates have been issued by AlmaLinux (container-tools:rhel8, dovecot, emacs, expat, git-lfs, go-toolset:rhel8, golang, grafana, grafana-pcp, gtk3, kernel, kernel-rt, nano, python3, python3.11, python3.12, and virt:rhel and virt-devel:rhel), Debian (mediawiki and puredata), Fedora (chisel), Mageia (glib2.0, gtk+2.0 and gtk+3.0, and python-astropy), Red Hat (git-lfs, grafana, grafana-pcp, kernel, and kernel-rt), SUSE (kubernetes1.24, kubernetes1.25, kubernetes1.26, kubernetes1.27, kubernetes1.28, opensc, and python36), and Ubuntu (apparmor, apr, ca-certificates, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-raspi, openjpeg2, ruby-rack, and tomcat8, tomcat9).

https://lwn.net/Articles/991897/


WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187

https://webkitgtk.org/security/WSA-2024-0005.html


Cisco IOS XE Software for Wireless Controllers CWA Pre-Authentication ACL Bypass Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-cwa-acl-nPSbHSnA


Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO


Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-HfwnRgk


Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)

https://www.wordfence.com/blog/2024/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-16-2024-to-september-22-2024/