[CERT-daily] Tageszusammenfassung - 07.03.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 06-03-2024 18:00 − Donnerstag 07-03-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Hacked WordPress sites use visitors browsers to hack other sites ∗∗∗
---------------------------------------------
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors browsers to bruteforce passwords for other sites.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-use-visitors-browsers-to-hack-other-sites/


∗∗∗ New Python-Based Snake Info Stealer Spreading Through Facebook Messages ∗∗∗
---------------------------------------------
Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data.
---------------------------------------------
https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html


∗∗∗ Code injection on Android without ptrace ∗∗∗
---------------------------------------------
I came up with the idea to port linux_injector. The project has a simple premise: injecting code into a process without using ptrace.
---------------------------------------------
https://erfur.github.io/blog/dev/code-injection-without-ptrace


∗∗∗ CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability would allow a remote attacker to write or delete files in the context of the FTP server. The following is a portion of their write-up covering CVE-2023-36049, with a few minimal modifications.
---------------------------------------------
https://www.thezdi.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability


∗∗∗ Delving into Dalvik: A Look Into DEX Files ∗∗∗
---------------------------------------------
Through a case study of the banking trojan sample, this blog post aims to give an insight into the Dalvik Executable file format, how it is constructed, and how it can be altered to make analysis easier.
---------------------------------------------
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files


∗∗∗ Staatstrojaner: Infrastruktur der Spyware Predator erneut abgeschaltet​ ∗∗∗
---------------------------------------------
Die Betreiber der Plattform hinter Predator haben offenbar Server vom Netz genommen, die sie zum Ausliefern und Steuern der Überwachungssoftware verwendeten.​
---------------------------------------------
https://heise.de/-9648238



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive ∗∗∗
---------------------------------------------
On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory details that there exists an authentication bypass vulnerability which effects certain components of the OpenEdge platform.
---------------------------------------------
https://www.horizon3.ai/attack-research/cve-2024-1403-progress-openedge-authentication-bypass-deep-dive/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium and yard), Fedora (cpp-jwt, golang-github-tdewolff-argp, golang-github-tdewolff-minify, golang-github-tdewolff-parse, and suricata), Mageia (wpa_supplicant), Oracle (curl, edk2, golang, haproxy, keylime, mysql, openssh, and rear), Red Hat (kernel and postgresql:12), SUSE (containerd, giflib, go1.21, gstreamer-plugins-bad, java-1_8_0-openjdk, python3, python311, python39, sudo, and vim), and Ubuntu (frr, linux, linux-gcp, linux-gcp-5.4, [...]
---------------------------------------------
https://lwn.net/Articles/964725/


∗∗∗ VMware schließt Schlupflöcher für Ausbruch aus virtueller Maschine ∗∗∗
---------------------------------------------
Angreifer können Systeme mit VMware ESXi, Fusion und Workstation attackieren. Sicherheitsupdates stehen zum Download.
---------------------------------------------
https://heise.de/-9648396


∗∗∗ VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/949046


∗∗∗ Registration role - Critical - Access bypass - SA-CONTRIB-2024-015 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2024-015


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Local Privilege Escalation via writable files in CheckMK Agent ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-writable-files-in-checkmk-agent/


∗∗∗ Mattermost security updates 9.5.2 (ESR) / 9.4.4 / 9.3.3 / 8.1.11 (ESR) released ∗∗∗
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-9-5-2-esr-9-4-4-9-3-3-8-1-11-esr-released/


∗∗∗ Apple Releases Security Updates for iOS and iPadOS ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/03/07/apple-releases-security-updates-ios-and-ipados


∗∗∗ Chirp Systems Chirp Access ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily