===================== = End-of-Day report = =====================
Timeframe: Dienstag 14-05-2024 18:00 − Mittwoch 15-05-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers ∗∗∗ --------------------------------------------- The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-...
∗∗∗ Weitere Schwachstelle entdeckt: Hacker startet erneut Cyberangriff auf Dell ∗∗∗ --------------------------------------------- Die bereits abgegriffenen 49 Millionen Kundendatensätze sind ihm offenbar nicht genug. Menelik greift Dell erneut an. Dieses Mal sind wohl Support-Daten betroffen. --------------------------------------------- https://www.golem.de/news/weitere-schwachstelle-entdeckt-hacker-startet-erne...
∗∗∗ Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain ∗∗∗ --------------------------------------------- One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linu...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (sssd and tcpdump), Red Hat (.NET 7.0, .NET 8.0, expat, kernel, and kernel-rt), Slackware (mozilla), SUSE (kernel, postgresql15, postgresql16, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, and python3), and Ubuntu (linux-bluefield). --------------------------------------------- https://lwn.net/Articles/973746/
∗∗∗ ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric ∗∗∗ --------------------------------------------- Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their products. --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-sieme...
∗∗∗ Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities ∗∗∗ --------------------------------------------- Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. [..] The most important flaw, based on its severity rating of ‘critical’ and a CVSS score of 10, is CVE-2024-22476. [..] Intel says this critical vulnerability could allow an unauthenticated attacker to “enable escalation of privilege via remote access”. --------------------------------------------- https://www.securityweek.com/intel-publishes-41-security-advisories-for-over...
∗∗∗ LibreOffice: Falscher Klick kann zur Ausführung von Schadcode führen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im quelloffenen LibreOffice ermöglicht Angreifern, Opfern Schadcode unterzujubeln. Die müssen nur einmal klicken. --------------------------------------------- https://heise.de/-9719334
∗∗∗ VMware Workstation und Fusion: Ausbruch aus Gastsystem möglich ∗∗∗ --------------------------------------------- In VMware Workstation und Fusion klaffen Sicherheitslücken, die beim Pwn2Own-Wettbewerb missbraucht wurden. Sie ermöglichen den Ausbruch aus dem Gastsystem. --------------------------------------------- https://heise.de/-9718624
∗∗∗ Patchday: Angreifer attackieren Windows und verschaffen sich Systemrechte ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für unter anderem Edge, Dynamics 365 und Windows veröffentlicht. Es gibt bereits Attacken. --------------------------------------------- https://heise.de/-9718608
∗∗∗ Patchday: Angreifer können Schadcode durch Lücken in Adobe-Software schieben ∗∗∗ --------------------------------------------- Der Softwarehersteller Adobe hat unter anderem Animate, Illustrator und Reader vor möglichen Attacken abgesichert. --------------------------------------------- https://heise.de/-9718639
∗∗∗ Fortiguard Security Advisories ∗∗∗ --------------------------------------------- https://www.fortiguard.com/psirt
∗∗∗ Lenovo Security Advisories ∗∗∗ --------------------------------------------- https://support.lenovo.com/at/en/product_security/home
∗∗∗ 30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2024/05/30000-wordpress-sites-affected-by-arb...
∗∗∗ Bosch: Remote code execution vulnerability has been found over an insecure connection in the Praesensa Logging Application, Praesideo Logging Application and Praesideo PC Call Station ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-106054-bt.html
∗∗∗ B&R: 2024-05-14: Cyber Security Advisory - Insecure Loading of Code in B&R Products ∗∗∗ --------------------------------------------- https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7...
∗∗∗ SUBNET PowerSYSTEM Center ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02
∗∗∗ F5: K000139592 : libxml2 vulnerability CVE-2023-29469 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000139592
∗∗∗ ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-456/
∗∗∗ ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-455/