===================== = End-of-Day report = =====================
Timeframe: Freitag 15-03-2024 18:00 − Montag 18-03-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ New acoustic attack determines keystrokes from typing patterns ∗∗∗ --------------------------------------------- Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determine...
∗∗∗ Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. --------------------------------------------- https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.htm...
∗∗∗ Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects ∗∗∗ --------------------------------------------- Granting repository "Write" access in an Open Source project is a high-stakes decision. We delve into the risks of insider threats, using a responsible disclosure for the AWS Karpenter project to demonstrate why strict safeguards are essential. --------------------------------------------- https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threa...
∗∗∗ Saisonale Betrugsmaschen: Vorsicht bei der Urlaubsbuchung! ∗∗∗ --------------------------------------------- Passend zur Jahreszeit, in der besonders viele Urlaubsbuchungen vorgenommen werden, veröffentlichen Kriminelle betrügerische Urlaubsbuchungsplattformen wie fincas-und-villen.com. Lassen Sie sich nicht von den günstigen Preisen und schönen Bildern blenden: Hier verlieren Sie Ihr Geld und enden im schlimmsten Fall ohne Unterkunft am Urlaubsziel. --------------------------------------------- https://www.watchlist-internet.at/news/saisonale-betrugsmaschen-urlaubsbuchu...
∗∗∗ Wie OAuth-Anwendungen über Tenant-Grenzen schützen/detektieren? ∗∗∗ --------------------------------------------- Es ist eine Frage, die sich wohl jeder Sicherheitsverantwortliche stellt, wenn es um die Cloud und den Zugriff auf Dienste mittels OAuth geht. Die Fragestellung: Wie lassen sich OAuth-Anwendungen über Tenant-Grenzen schützen/detektieren? Und wie kann man das mit Microsoft-Technologie erledigen. --------------------------------------------- https://www.borncity.com/blog/2024/03/17/wie-oauth-anwendungen-ber-tenant-gr...
∗∗∗ Top things that you might not be doing (yet) in Entra Conditional Access – Advanced Edition ∗∗∗ --------------------------------------------- In this second part, we’ll go over more advanced security controls within Conditional Access that, in my experience, are frequently overlooked in environments during security assessments. --------------------------------------------- https://blog.nviso.eu/2024/03/18/top-things-that-you-might-not-be-doing-yet-...
∗∗∗ Ethereum’s CREATE2: A Double-Edged Sword in Blockchain Security ∗∗∗ --------------------------------------------- Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. --------------------------------------------- https://research.checkpoint.com/2024/ethereums-create2-a-double-edged-sword-...
===================== = Vulnerabilities = =====================
∗∗∗ Hackers exploit Aiohttp bug to find vulnerable networks ∗∗∗ --------------------------------------------- The ransomware actor ShadowSyndicate was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-t...
∗∗∗ Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 ∗∗∗ --------------------------------------------- In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit. --------------------------------------------- https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rc...
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, spip, and unadf), Fedora (chromium, iwd, opensc, openvswitch, python3.6, shim, shim-unsigned-aarch64, and shim-unsigned-x64), Mageia (batik, imagemagick, irssi, jackson-databind, jupyter-notebook, ncurses, and yajl), Oracle (.NET 7.0, .NET 8.0, and dnsmasq), Red Hat (postgresql:10), SUSE (chromium, kernel, openvswitch, python-rpyc, and tiff), and Ubuntu (openjdk-8). --------------------------------------------- https://lwn.net/Articles/965829/
∗∗∗ PoC Published for Critical Fortra Code Execution Vulnerability ∗∗∗ --------------------------------------------- A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. --------------------------------------------- https://www.securityweek.com/poc-published-for-critical-fortra-code-executio...
∗∗∗ Kritische Sicherheitslücke CVE-2024-21762 in Fortinet FortiOS wird aktiv ausgenutzt ∗∗∗ --------------------------------------------- In unserer Warnung vom 09. Februar 2024 haben wir bereits über die Sicherheitslücken CVE-2024-21762 und CVE-2024-23113 berichtet und in Folge Besitzer:innen über die für die IP-Adressen hinterlegten Abuse-Kontakten informiert. CVE-2024-21762 wird seit kurzem nun aktiv ausgenutzt. Unauthentifizierte Angreifer:innen können auf betroffenen Geräten beliebigen Code ausführen. --------------------------------------------- https://cert.at/de/aktuelles/2024/3/kritische-sicherheitslucke-cve-2024-2176...
∗∗∗ Spring Framework: Updates beheben neue, alte Sicherheitslücke ∗∗∗ --------------------------------------------- Nutzen Spring-basierte Anwendungen eine URL-Parsing-Funktion des Frameworks, öffnen sie sich für verschiedene Attacken. Nicht zum ersten Mal. --------------------------------------------- https://heise.de/-9657496
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/
∗∗∗ Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software ∗∗∗ --------------------------------------------- https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006