===================== = End-of-Day report = =====================
Timeframe: Montag 25-11-2024 18:00 − Dienstag 26-11-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Hackers exploit critical bug in Array Networks SSL VPN products ∗∗∗ --------------------------------------------- Americas Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-bug-...
∗∗∗ Matrix Unleashes A New Widespread DDoS Campaign ∗∗∗ --------------------------------------------- Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals. --------------------------------------------- https://blog.aquasec.com/matrix-unleashes-a-new-widespread-ddos-campaign
∗∗∗ Wake up and Smell the BitLocker Keys ∗∗∗ ---------------------------------------------
From this demonstration we can see that with a minimal set of tools and a small-time investment it is quite practical to access a drive encrypted with BitLocker. [..] This type of attack can be avoided by implementing a second factor for pre-boot authentication, either a user PIN and/or USB Startup Key.
--------------------------------------------- https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/
∗∗∗ Detection Opportunities — EDR Silencer, EDRSandblast, Kill AV… ∗∗∗ --------------------------------------------- There are many ways to disable or modify security solutions which you can for. e.g test with at least 53 different Atomic Red Team as starting point, but today I would like to limit myself to a few tools that successful ransomware groups use within the top 20 ransomware groups for October 2024. --------------------------------------------- https://detect.fyi/detection-opportunities-edr-silencer-edrsandblast-kill-av...
∗∗∗ Web-Security: Mit Content Security Policy gegen Cross-Site Scripting, Teil 2 ∗∗∗ --------------------------------------------- Erweiterte CSP-Direktiven helfen dabei, Anwendungen effizient gegen Cross-Site Scripting zu schützen. --------------------------------------------- https://heise.de/-10175246
∗∗∗ Graykey: Entschlüsselungswerkzeug kann teilweise iOS 18 aufsperren ∗∗∗ --------------------------------------------- Im Zusammenhang mit Apples neuem Reboot-Schutz vor Entsperrung sind Informationen aufgetaucht, was Forensikunternehmen mit aktuellen iPhones tun können. --------------------------------------------- https://heise.de/-10175639
===================== = Vulnerabilities = =====================
∗∗∗ Dell Wyse Management Suite: Angreifer können Sicherheitsmechanismen umgehen ∗∗∗ --------------------------------------------- Einer Warnmeldung zufolge sind unter anderem DoS-Attacken (CVE-2024-49595 "hoch") denkbar, außerdem können Angreifer nicht näher beschriebene Sicherheitsmechanismen umgehen (CVE-2024-49597 "hoch"). In beiden Fällen sind Attacken aus der Ferne möglich, Angreifer benötigen aber bereits hohe Nutzerrechte. --------------------------------------------- https://www.heise.de/-10176009
∗∗∗ Trellix: Update dichtet Sicherheitslücken in Enterprise Security Manager ab ∗∗∗ --------------------------------------------- Auf konkrete Sicherheitslücken geht Trellix nicht weiter ein. Jedoch aktualisiert Trellix ESM 11.6.13 etwa Azul Java und geht damit mehrere nicht aufgelistete CVEs an. Ebenso bessert die mitgelieferte libcurl-Bibliothek zwei Sicherheitslücken aus (CVE-2023-38545, CVSS 9.8, Risiko "kritisch"; CVE-2023-38546, CVSS 3.7, niedrig). Auch im "Snow Service" lauerten zuvor zwei "Reverse Shell"-Schwachstellen (CVE-2024-1148, CVSS 9.8, kritisch; CVE-2024-11482 [noch nicht öffentlich]). --------------------------------------------- https://www.heise.de/-10176250
∗∗∗ Wordpress-Plug-in Anti-Spam by Cleantalk gefährdet 200.000 Seiten ∗∗∗ --------------------------------------------- Nicht authentifizierte Angreifer können dadurch auf angreifbaren Wordpress-Instanzen beliebige Plug-ins installieren und aktivieren und somit am Ende beliebigen Code ausführen (CVE-2024-10542, CVSS 9.8, Risiko "kritisch"). --------------------------------------------- https://heise.de/-10175993
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pypy3), Fedora (chromium, cobbler, and libsoup3), Oracle (kernel), SUSE (glib2, govulncheck-vulndb, javapackages-tools, xmlgraphics-batik, xmlgraphics- commons, xmlgraphics-fop, libblkid-devel, opentofu, php8, postgresql, postgresql16, postgresql17, thunderbird, traefik, and ucode-intel), and Ubuntu (needrestart and rapidjson). --------------------------------------------- https://lwn.net/Articles/999744/
∗∗∗ WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN87182660/
∗∗∗ VMware: VMSA-2024-0022: VMware Aria Operations updates address multiple vulnerabilities(CVE-2024-38830, CVE-2024-38831, CVE-2024-38832, CVE-2024-38833, CVE-2024-38834) ∗∗∗ --------------------------------------------- https://support.broadcom.com/web/ecx/support-content-notification/-/external...
∗∗∗ Mozilla Security Advisories November 26, 2024 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/
∗∗∗ Splunk: SVD-2024-1102: Third-Party Package Updates in Splunk Machine Learning Toolkit - November 2024 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2024-1102
∗∗∗ Splunk: SVD-2024-1101: Third-Party Package Updates in Python for Scientific Computing - November 2024 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2024-1101
∗∗∗ Synology-SA-24:25 Surveillance Station ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_24_25
∗∗∗ Synology-SA-24:15 BeeFiles ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_24_15
∗∗∗ Hitachi Energy RTU500 Scripting Interface ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-05
∗∗∗ Hitachi Energy MicroSCADA Pro/X SYS600 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04
∗∗∗ F5: K000148713: libssh2 vulnerabilities CVE-2019-3858 and CVE-2019-3862 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000148713
∗∗∗ PHP Patches Multiple Vulnerabilities Including CVE-2024-8932 ∗∗∗ --------------------------------------------- https://thecyberthrone.in/2024/11/26/php-patches-multiple-vulnerabilities-in...