[CERT-daily] Tageszusammenfassung - 06.02.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-02-2024 18:00 − Dienstag 06-02-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities ∗∗∗
---------------------------------------------
We have analyzed all critical vulnerabilities from the CISA KEV catalog starting from January 2023 through January 2024, categorized the vulnerability root causes, and attempted to analyze if the current efforts in the information security industry match with the current threat vectors being abused.
---------------------------------------------
https://www.horizon3.ai/analysis-of-2023s-known-exploited-vulnerabilities/


∗∗∗ Unseriöse Dirndl-Shops drohen mit Anzeige? Ignorieren Sie die Nachrichten! ∗∗∗
---------------------------------------------
Zahlreiche Betroffene wenden sich aktuell an die Watchlist Internet, weil unseriöse Bekleidungs- und Dirndl-Shops Monate nach den Bestellungen versuchen, Kund:innen einzuschüchtern und zu einer Zahlung zu drängen. Da völlig falsche Produkte geliefert wurden, besteht aber kein Grund zur Zahlung und somit auch kein Grund zur Sorge!
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-dirndl-shops-drohen-mit-anzeige-ignorieren-sie-die-nachrichten/


∗∗∗ How are user credentials stolen and used by threat actors? ∗∗∗
---------------------------------------------
You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can log on with valid account details, and outline our recommendations for defense.
---------------------------------------------
https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/


∗∗∗ Navigating the Rising Tide of CI/CD Vulnerabilities: The Jenkins and TeamCity Case Studies ∗∗∗
---------------------------------------------
In the evolving landscape of cybersecurity, a new threat has emerged, targeting the core of software development processes. Recently, an alarming incident has brought to light a significant vulnerability in Jenkins CI/CD servers. Approximately 45,000 Jenkins servers have been left exposed to remote code execution (RCE) attacks, leveraging multiple exploit public POCs. This breach is not just a standalone event but a symptom of a growing trend of attacks on Continuous Integration/Continuous Deployment (CI/CD) software supply chains.
---------------------------------------------
https://checkmarx.com/blog/navigating-the-rising-tide-of-ci-cd-vulnerabilities-the-jenkins-and-teamcity-case-studies/


∗∗∗ Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services ∗∗∗
---------------------------------------------
Three new security vulnerabilities have been discovered in Azure HDInsights Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. [..] Following responsible disclosure, Microsoft has rolled out fixes as part of updates released on October 26, 2023.
---------------------------------------------
https://thehackernews.com/2024/02/high-severity-flaws-found-in-azure.html


∗∗∗ Exploring the (Not So) Secret Code of Black Hunt Ransomware ∗∗∗
---------------------------------------------
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday Android: Kritische Schadcode-Lücke auf Systemebene geschlossen ∗∗∗
---------------------------------------------
Mehrere Sicherheitslücken gefährden Android-Geräte. Für bestimmte Smartphones und Tablets sind Updates erschienen.
---------------------------------------------
https://www.heise.de/-9619910


∗∗∗ Sicherheitsupdate: Mehrere Lücken gefährden Server-Monitoring-Tool Nagios XI ∗∗∗
---------------------------------------------
Unter bestimmten Bedingungen können Angreifer Schadcode auf Server mit Nagios XI laden. Ein Sicherheitsupdate schließt diese und weitere Schwachstellen.
---------------------------------------------
https://www.heise.de/-9620155


∗∗∗ Kritische Schwachstellen in Multifunktions- und Laserdruckern von Canon ∗∗∗
---------------------------------------------
Canon warnt vor kritischen Sicherheitslücken in einigen SOHO-Multifunktions- und Laserdruckern. Gegenmaßnahmen sollen helfen.
---------------------------------------------
https://www.heise.de/-9620345


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, gstreamer1-plugins-bad-free, and tigervnc), Debian (ruby-sanitize), Fedora (kernel, kernel-headers, qt5-qtwebengine, and runc), Oracle (gnutls, kernel, libssh, rpm, runc, and tigervnc), Red Hat (runc), and SUSE (bouncycastle, jsch, python, and runc).
---------------------------------------------
https://lwn.net/Articles/961083/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001 ∗∗∗
---------------------------------------------
CVE identifiers: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213, CVE-2023-40414, CVE-2023-42833, CVE-2014-1745
---------------------------------------------
https://webkitgtk.org/security/WSA-2024-0001.html


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
Google Chromium V8 Type Confusion Vulnerability CVE-2023-4762
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/02/06/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ MISP 2.4.184 released with performance improvements, security and bugs fixes. ∗∗∗
---------------------------------------------
A series of security fixes were done in this release, the vulnerabilities are accessible to authenticated users, especially those with specific privileges like Org admin. We urge users to update to this version especially if you have different organisations having access to your instances.
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.184


∗∗∗ ZDI-24-086: TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-086/


∗∗∗ ZDI-24-085: (Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-085/


∗∗∗ ZDI-24-087: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-087/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Pilz: Multiple products affected by uC/HTTP vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2024-002/


∗∗∗ HID Global Encoders ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01


∗∗∗ HID Global Reader Configuration Cards ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily