[CERT-daily] Tageszusammenfassung - 05.08.2024

Mon Aug 5 18:56:25 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 02-08-2024 18:00 − Montag 05-08-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms ∗∗∗
---------------------------------------------
StormBamboo successfully compromised an internet service provider (ISP) in order to poison DNS responses for target organizations. Insecure software update mechanisms were targeted to surreptitiously install malware on victim machines running macOS and Windows.
---------------------------------------------
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/


∗∗∗ Google Chrome warns uBlock Origin may soon be disabled ∗∗∗
---------------------------------------------
Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled.
---------------------------------------------
https://www.bleepingcomputer.com/news/google/google-chrome-warns-ublock-origin-may-soon-be-disabled/


∗∗∗ Security Tips for Modern Web Administrators ∗∗∗
---------------------------------------------
By understanding and implementing key security practices, you can significantly reduce the risk of attacks and ensure a safe experience for your users. Let’s break down some essential tips and strategies to enhance your website’s security.
---------------------------------------------
https://blog.sucuri.net/2024/08/security-tips-for-modern-web-administrators.html


∗∗∗ Google gamed into advertising a malicious version of Authenticator ∗∗∗
---------------------------------------------
Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software. A team at security shop Malwarebytes spotted the adverts, which appear to come from a Google approved domain – and from a verified user – earlier this week.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/08/05/security_in_brief/


∗∗∗ New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous ∗∗∗
---------------------------------------------
A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous.
---------------------------------------------
https://www.securityweek.com/new-slubstick-attack-makes-linux-kernel-vulnerabilities-more-dangerous/


∗∗∗ Homebrew-Audit enthüllt Sicherheitslücken – die meisten hat das Team geschlossen ∗∗∗
---------------------------------------------
Ein umfangreiches Security-Audit hat Schwachstellen im Code und den CI/CD-Prozessen des Paketmanagers Homebrew gefunden. Viele, aber nicht alle, sind gefixt.
---------------------------------------------
https://heise.de/-9822824


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Sicherheitslücke bedroht Unternehmenssoftware Apache OFBiz ∗∗∗
---------------------------------------------
Angreifer können Systeme mit Apache OFBiz attackieren und eigenen Code ausführen. Eine dagegen abgesicherte Version steht zum Download bereit. [..] Derzeit gibt es kaum Informationen zur Lücke (CVE-2024-38856). Aus einem Seclists-Beitrag geht hervor, dass es zu Fehlern bei der Authentifizierung kommen kann, sodass Angreifer eigenen Code ausführen können.
---------------------------------------------
https://heise.de/-9824150


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openjdk-11), Fedora (bind, bind-dyndb-ldap, chromium, ffmpeg, hostapd, trafficserver, and wpa_supplicant), and Ubuntu (curl and linux-oem-6.5).
---------------------------------------------
https://lwn.net/Articles/984552/


∗∗∗ Pimax Play and PiTool accept WebSocket connections from unintended endpoints ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN50850706/


∗∗∗ Helmholz: Multiple products are vulnerable to regreSSHion ∗∗∗
---------------------------------------------
https://certvde.com/de/advisories/VDE-2024-044/


∗∗∗ Red Lion Europe: Multiple products are vulnerable to regreSSHion ∗∗∗
---------------------------------------------
https://certvde.com/de/advisories/VDE-2024-042/


∗∗∗ RaspAP Security Update Advisory (CVE-2024-41637) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82193/


∗∗∗ OpenAM Security Update Advisory (CVE-2024-41667) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82194/


∗∗∗ GStreamer Product Security Update Advisory (CVE-2024-40897) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82196/


∗∗∗ Roundcube: Security updates 1.6.8 and 1.5.8 released ∗∗∗
---------------------------------------------
https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8


∗∗∗ F5: K000140505: Apache HTTPD vulnerability CVE-2024-38473 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000140505

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily