===================== = End-of-Day report = =====================
Timeframe: Mittwoch 24-07-2024 18:00 − Donnerstag 25-07-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack ∗∗∗ --------------------------------------------- American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-nort...
∗∗∗ French police push PlugX malware self-destruct payload to clean PCs ∗∗∗ --------------------------------------------- The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. --------------------------------------------- https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malw...
∗∗∗ How a cheap barcode scanner helped fix CrowdStriked Windows PCs in a flash ∗∗∗ --------------------------------------------- Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. --------------------------------------------- https://www.theregister.com/2024/07/25/crowdstrike_remediation_with_barcode_...
∗∗∗ XWorm Hidden With Process Hollowing ∗∗∗ --------------------------------------------- XWorm is not a brand-new malware family. Its a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique. --------------------------------------------- https://isc.sans.edu/diary/rss/31112
∗∗∗ Kriminelle werben mit Fake-Profilen von Finanzexperten für betrügerische Investmentplattformen ∗∗∗ --------------------------------------------- Der österreichische Finanzjournalist und Unternehmer Niko Jilch betreibt verschiedene Informationskanäle zu Finanzen, Geldanlage und Bitcoin. Seine Reichweite und Bekanntheit nutzen mittlerweile aber auch Kriminelle, um Privatanleger:innen auf betrügerische Investmentplattformen zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-werben-mit-fake-profilen-v...
===================== = Vulnerabilities = =====================
∗∗∗ Progress warns of critical RCE bug in Telerik Report Server ∗∗∗ --------------------------------------------- Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rc...
∗∗∗ Container angreifbar: Docker muss kritische Schwachstelle von 2019 erneut patchen ∗∗∗ --------------------------------------------- Docker hatte die Lücke längst geschlossen. Nur Monate später flog der Patch aber wieder raus. Die Docker Engine ist damit fünf Jahre lang angreifbar gewesen. --------------------------------------------- https://www.golem.de/news/container-angreifbar-docker-muss-kritische-schwach...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (containernetworking-plugins, cups, edk2, httpd, httpd:2.4, libreoffice, libuv, libvirt, python3, and runc), Fedora (exim, python-zipp, xdg-desktop-portal-hyprland, and xmedcon), Red Hat (cups, fence-agents, freeradius, freeradius:3.0, httpd:2.4, kernel, kernel-rt, nodejs:18, podman, and resource-agents), Slackware (htdig and libxml2), SUSE (exim), and Ubuntu (ocsinventory-server, php-cas, and poppler). --------------------------------------------- https://lwn.net/Articles/983328/
∗∗∗ Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products ∗∗∗ --------------------------------------------- Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products. --------------------------------------------- https://www.securityweek.com/nvidia-patches-high-severity-vulnerabilities-in...
∗∗∗ Sicherheitsupdates: Aruba EdgeConnect SD-WAN vielfältig attackierbar ∗∗∗ --------------------------------------------- Die Entwickler von HPE haben in Arubas SD-WAN-Lösung EdgeConnect mehrere gefährliche Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-9813256
∗∗∗ Positron Broadcast Signal Processor ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02