===================== = End-of-Day report = =====================
Timeframe: Mittwoch 22-05-2024 18:00 − Donnerstag 23-05-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ State hackers turn to massive ORB proxy networks to evade detection ∗∗∗ --------------------------------------------- Security researchers are warning that state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive...
∗∗∗ ShrinkLocker: Turning BitLocker into ransomware ∗∗∗ --------------------------------------------- The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. --------------------------------------------- https://securelist.com/ransomware-abuses-bitlocker/112643/
∗∗∗ Ihre Website läuft über Jimdo? Vorsicht vor Phishing-Mails zu Zahlungsproblemen! ∗∗∗ --------------------------------------------- Website- und Online-Shop-Betreiber:innen aufgepasst: Wenn Ihre Website über Jimdo läuft, haben es Kriminelle aktuell vermehrt auf Ihre Daten und Ihr Geld abgesehen. Sie versenden dazu Phishing-Mails in denen Probleme mit Ihren laufenden Zahlungen vorgegaukelt werden. --------------------------------------------- https://www.watchlist-internet.at/news/jimdo-phishing-mails/
∗∗∗ Format String Exploitation: A Hands-On Exploration for Linux ∗∗∗ --------------------------------------------- This blogpost covers a Capture The Flag challenge that was part of the 2024 picoCTF event. --------------------------------------------- https://blog.nviso.eu/2024/05/23/format-string-exploitation-a-hands-on-explo...
∗∗∗ New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea ∗∗∗ --------------------------------------------- Unfading Sea Hazes modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs investigation. --------------------------------------------- https://www.hackread.com/unfading-sea-haze-military-target-south-china-sea/
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium), Fedora (chromium, libxml2, pgadmin4, and python-libgravatar), Mageia (ghostscript), Red Hat (389-ds:1.4, ansible-core, bind and dhcp, container-tools:rhel8, edk2, exempi, fence-agents, freeglut, frr, ghostscript, glibc, gmp, go-toolset:rhel8, grafana, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd:2.4, idm:DL1, idm:DL1 and idm:client modules, kernel, kernel-rt, krb5, LibRaw, [...] --------------------------------------------- https://lwn.net/Articles/974824/
∗∗∗ Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials ∗∗∗ --------------------------------------------- Aptos WISAL payroll accounting uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-007/
∗∗∗ CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack ∗∗∗ --------------------------------------------- Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action. --------------------------------------------- https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice...
∗∗∗ Cisco: Root-Zugriff durch SQL-Injection-Lücke in Firepower möglich ∗∗∗ --------------------------------------------- Cisco warnt vor Sicherheitslücken in ASA- und Firepower-Appliances. Angreifer können mit SQL-Injection Firepower-Geräte kompromittieren. --------------------------------------------- https://heise.de/-9729121
∗∗∗ Sicherheitsupdates VMware: Schadcode kann aus VM ausbüchsen ∗∗∗ --------------------------------------------- Admins sollten zeitnah mehrere Sicherheitspatches für diverse VMware-Produkte installieren. --------------------------------------------- https://heise.de/-9729288
∗∗∗ LCDS LAquis SCADA ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01
∗∗∗ Vulnerabilities in Autodesk InfraWorks software ∗∗∗ --------------------------------------------- https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0008
∗∗∗ AutomationDirect Productivity PLCs ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-144-01