[CERT-daily] Tageszusammenfassung - 11.04.2024

Thu Apr 11 18:13:54 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 10-04-2024 18:00 − Donnerstag 11-04-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New Spectre v2 attack impacts Linux systems on Intel CPUs ∗∗∗
---------------------------------------------
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. [..] The hardware vendor has indicated that future processors will include mitigations for BHI and potentially other speculative execution vulnerabilities. For a complete list of impacted Intel processors to the various speculative execution side-channel flaws, check this page updated by the vendor.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/


∗∗∗ CISA says Sisense hack impacts critical infrastructure orgs ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-says-sisense-hack-impacts-critical-infrastructure-orgs/


∗∗∗ DragonForce Ransomware - What You Need To Know ∗∗∗
---------------------------------------------
A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web. So far, so normal. How did DragonForce come to prominence?
---------------------------------------------
https://www.tripwire.com/state-of-security/dragonforce-ransomware-what-you-need-know


∗∗∗ CISA Releases Malware Next-Gen Analysis System for Public Use ∗∗∗
---------------------------------------------
CISAs Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis.
---------------------------------------------
https://www.securityweek.com/cisa-releases-malware-next-gen-analysis-system-for-public-use/


∗∗∗ Metasploit Meterpreter Installed via Redis Server ∗∗∗
---------------------------------------------
Redis is an abbreviation of Remote Dictionary Server, which is an open-source in-memory data structure storage that is also used as a database. It is presumed that the threat actors abused inappropriate settings or ran commands through vulnerability attacks.
---------------------------------------------
https://asec.ahnlab.com/en/64034/


∗∗∗ Control Web Panel - Fingerprinting Open-Source Software using a Consolidation Algorithm approach ∗∗∗
---------------------------------------------
This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV), affecting Control Web Panel, an open-source control panel for servers and VPS management. Initially, the team could not find a way to straightforwardly fingerprint the software’s version, nor another way to detect it without intrusive exploitation - thus we used a novelty technique: an algorithm that retrieves the web application’s static web content files and consolidates them to pin-point the software’s version.
---------------------------------------------
https://www.bitsight.com/blog/control-web-panel-fingerprinting-open-source-software-using-consolidation-algorithm-approach


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Node.js Security Advisories Apr 10, 2024 ∗∗∗
---------------------------------------------
Node v21.7.3 (Current), Node v20.12.2 (LTS), Node v18.20.2 (LTS): CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows.
---------------------------------------------
https://nodejs.org/en/blog/release/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (kernel, less, libreoffice, nodejs:18, nodejs:20, rear, thunderbird, and varnish), Debian (pillow), Fedora (dotnet7.0), SUSE (sngrep, texlive-specs-k, tomcat, tomcat10, and xorg-x11-server), and Ubuntu (nss, squid, and util-linux).
---------------------------------------------
https://lwn.net/Articles/969468/


∗∗∗ Citrix: XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 ∗∗∗
---------------------------------------------
Two issues have been identified that affect XenServer and Citrix Hypervisor; each issue may allow malicious unprivileged code in a guest VM to infer the contents of memory belonging to its own or other VMs on the same host.
---------------------------------------------
https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142


∗∗∗ Google Chrome: Sandbox-Ausbruch durch bestimmte Gesten möglich ∗∗∗
---------------------------------------------
Mit etwas Verspätung haben Googles Entwickler das wöchentliche Update für den Chrome-Webbrowser veröffentlicht. Insgesamt drei Sicherheitslücken stopfen die Programmierer darin. Alle tragen die Risikoeinstufung "hoch".
---------------------------------------------
https://heise.de/-9681413


∗∗∗ WLAN-Access-Points von TP-Link 15 Minuten nach Reboot attackierbar ∗∗∗
---------------------------------------------
Angreifer können die WLAN-Access-Points von TP-Link AC1350 Wireless und N300 Wireless N Ceiling Mount attackieren und unter anderem auf Werksweinstellungen zurücksetzen. [..] Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-9681863


∗∗∗ Palo Alto Security Advisories ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Juniper Security Advisories ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories]

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily