[CERT-daily] Tageszusammenfassung - 08.08.2024
Daily end-of-shift report
team at cert.at
Thu Aug 8 18:13:37 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 07-08-2024 18:00 − Donnerstag 08-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Kein Patch in Sicht: Phishing-Warnung in Outlook lässt sich per Mail ausblenden ∗∗∗
---------------------------------------------
Obendrein kann eine Phishing-Mail in Outlook auch vortäuschen, dass sie verschlüsselt oder signiert ist. Für Microsoft hat das Thema derzeit keine Priorität.
---------------------------------------------
https://www.golem.de/news/kein-patch-in-sicht-phishing-warnung-in-outlook-laesst-sich-per-mail-ausblenden-2408-187847.html
∗∗∗ Samsung boosts bug bounty to a cool million for cracks of the Knox Vault subsystem ∗∗∗
---------------------------------------------
Good luck, crackers: Its an isolated processor and storage enclave, and top dollar only comes from a remote attack Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault – the isolated subsystem the Korean giant bakes into its smartphones to store info like credentials and run authentication routines.
---------------------------------------------
https://www.theregister.com/2024/08/08/samsung_microsoft_big_bug_bounty/
∗∗∗ Using 1Password on Mac? Patch up if you don’t want your Vaults raided ∗∗∗
---------------------------------------------
Hundreds of thousands of users potentially vulnerable Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.
---------------------------------------------
https://www.theregister.com/2024/08/08/using_1password_on_mac_patch/
∗∗∗ A Flaw in Windows Update Opens the Door to Zombie Exploits ∗∗∗
---------------------------------------------
A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.
---------------------------------------------
https://www.wired.com/story/windows-update-downdate-exploit/
∗∗∗ Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption ∗∗∗
---------------------------------------------
Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-exposed-widely-used-solar-power-systems-to-hacking-disruption/
∗∗∗ Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory ∗∗∗
---------------------------------------------
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/08/07/royal-ransomware-actors-rebrand-blacksuit-fbi-and-cisa-release-update-advisory
∗∗∗ US offers $10 million for info on Iranian leaders behind CyberAv3ngers water utility attacks ∗∗∗
---------------------------------------------
The U.S. State Department identified at least six Iranian government hackers allegedly responsible for a string of attacks on U.S. water utilities last fall and offered a large reward for information on their whereabouts.
---------------------------------------------
https://therecord.media/us-offers-reward-for-info-on-iranian-hackers-water-utilities
∗∗∗ BOTNET 7777: ARE YOU BETTING ON A COMPROMISED ROUTER? ∗∗∗
---------------------------------------------
A “7777 botnet” was first referenced in public reporting in October 2023 by Gi7w0rm. At the time, it was described as a botnet with approximately 10,000 nodes, observed primarily in brute-force attacks against Microsoft Azure instances. These attacks ..
---------------------------------------------
https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router
∗∗∗ Go deeper: Linux runtime visibility meets Wireshark ∗∗∗
---------------------------------------------
Aqua Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. Tracee’s main use case is to be installed in a production environment and continuously monitor system activity and detect suspicious behavior. Some alternative use cases which Tracee can be used for are dynamic malware analysis, system tracing, ..
---------------------------------------------
https://blog.aquasec.com/go-deeper-linux-runtime-visibility-meets-wireshark
∗∗∗ PureHVNC Deployed via Python Multi-stage Loader ∗∗∗
---------------------------------------------
FortiGuard Lab reveals a malware "PureHVNC", sold on the cybercrime forum, is spreading through a phishing campaign targeting employees via a python multi-stage loader
---------------------------------------------
https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
∗∗∗ Cisco: Angreifer können Befehle auf IP-Telefonen ausführen, Update kommt nicht ∗∗∗
---------------------------------------------
Für kritische Lücken in Cisco-IP-Telefonen wird es keine Updates geben. Für eine jüngst gemeldete Lücke ist ein Proof-of-Concept-Exploit aufgetaucht.
---------------------------------------------
https://heise.de/-9827988
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-5743-1 roundcube - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00154.html
∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY
∗∗∗ Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list