[CERT-daily] Tageszusammenfassung - 06.08.2024

Tue Aug 6 18:25:23 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-08-2024 18:00 − Dienstag 06-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Mac and Windows users infected by software updates delivered over hacked ISP ∗∗∗
---------------------------------------------
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare.
---------------------------------------------
https://arstechnica.com/?p=2041175


∗∗∗ Microsoft Bounty Program Year in Review: $16.6M in Rewards ∗∗∗
---------------------------------------------
We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.
---------------------------------------------
https://msrc.microsoft.com/blog/2024/08/microsoft-bounty-program-year-in-review-16.6m-in-rewards/


∗∗∗ A Survey of Scans for GeoServer Vulnerabilities ∗∗∗
---------------------------------------------
A little bit over a year ago, I wrote about scans for GeoServer. GeoServer is a platform to process geographic data. It makes it easy to share geospatial data in various common standard formats. Recently, new vulnerabilities were discovered in GeoServer, prompting me to look again at what our honeypots pick up.
---------------------------------------------
https://isc.sans.edu/diary/A+Survey+of+Scans+for+GeoServer+Vulnerabilities/31148


∗∗∗ MDM vendor Mobile Guardian attacked, leading to remote wiping of 13,000 devices ∗∗∗
---------------------------------------------
Singapore Ministry of Education orders software removed after string of snafus UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by its tools, which are currently unavailable. In Singapore, the incident resulted in ..
---------------------------------------------
https://www.theregister.com/2024/08/06/mobile_guardian_mdm_attack/


∗∗∗ Bad apps bypass Windows security alerts for six years using newly unveiled trick ∗∗∗
---------------------------------------------
Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows security ..
---------------------------------------------
https://www.theregister.com/2024/08/06/bad_apps_bypass_windows_security/


∗∗∗ Olympia: Cyberkriminelle fordern nach Attacke auf Museen in Frankreich Lösegeld ∗∗∗
---------------------------------------------
Mehr als 40 Institutionen sind betroffen, darunter der Olympia-Austragungsort Grand Palais. Kriminelle haben das System für die Zentralisierung von Finanzdaten angegriffen
---------------------------------------------
https://www.derstandard.at/story/3000000231309/olympia-cyber-attacke-auf-museen-in-frankreich-l246segeld-gefordert


∗∗∗ IoT firmware emulation and device fingerprinting challenges ∗∗∗
---------------------------------------------
Gathering information on a device could be tricky if you don’t have direct access to exposed services like SNMP, HTTP, FTP, or any other ports or protocols which could provide relevant information on the asset like the ..
---------------------------------------------
https://medium.com/tenable-techblog/iot-firmware-emulation-and-device-fingerprinting-challenges-09e26b9b7fae


∗∗∗ Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast. ∗∗∗
---------------------------------------------
The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they’ve been operating in the first half of 2024.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/08/06/rapid7s-ransomware-radar-report-shows-threat-actors-are-evolving-fast/


∗∗∗ LKA Niedersachsen warnt vor Phishing mit QR-Codes per Briefpost ∗∗∗
---------------------------------------------
Per Briefpost suchen Betrüger Opfer, die einen QR-Code scannen und auf den dadurch geöffneten Phishing-Link hereinfallen, warnt das LKA Niedersachsen.
---------------------------------------------
https://heise.de/-9825879


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libreoffice), Gentoo (containerd and firefox), Red Hat (httpd), SUSE (ca-certificates-mozilla, ksh, openssl-3-livepatches, podman, python-Twisted, and skopeo), and Ubuntu (imagemagick).
---------------------------------------------
https://lwn.net/Articles/984598/


∗∗∗ DSA-5737-1 libreoffice - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00149.html


∗∗∗ DSA-5736-1 openjdk-11 - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00148.html


∗∗∗ ZDI-24-1099: Apache OFBiz resolveURI Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1099/


∗∗∗ Security Vulnerabilities fixed in Firefox 129 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily