[CERT-daily] Tageszusammenfassung - 22.08.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 21-08-2024 18:00 − Donnerstag 22-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


=====================
=       News        =
=====================


∗∗∗ Google fixes ninth Chrome zero-day exploited in attacks this year ∗∗∗
---------------------------------------------
​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one tagged as exploited this year. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-fixes-tenth-actively-exploited-chrome-zero-day-in-2024/


∗∗∗ U.S. charges Karakurt extortion gang’s “cold case” negotiator ∗∗∗
---------------------------------------------
A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes.
---------------------------------------------
https://www.bleepingcomputer.com/news/legal/us-charges-karakurt-extortion-gangs-cold-case-negotiator/


∗∗∗ Löschpflicht und Sicherheitslücken: Bußgelder wegen Datenschutzverstößen häufen sich ∗∗∗
---------------------------------------------
In Hamburg wurden bereits jetzt mehr Bußgeldverfahren wegen Datenschutzverstößen abgeschlossen als im Kalenderjahr 2023. Die Strafen sind mitunter hoch.
---------------------------------------------
https://www.golem.de/news/loeschpflicht-und-sicherheitsluecken-bussgelder-wegen-datenschutzverstoessen-haeufen-sich-2408-188288.html


∗∗∗ Memory corruption vulnerabilities in Suricata and FreeRDP ∗∗∗
---------------------------------------------
While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer.
---------------------------------------------
https://securelist.com/suricata-freerdp-memory-corruption/113489/


∗∗∗ Windows Security best practices for integrating and managing security tools ∗∗∗
---------------------------------------------
We examine the recent CrowdStrike outage and provide a technical overview of the root cause.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/


∗∗∗ Understanding the ‘Morphology’ of Ransomware: A Deeper Dive ∗∗∗
---------------------------------------------
Ransomware isnt just about malware. Its about brands, trust, and the shifting allegiances of cybercriminals.
---------------------------------------------
https://www.securityweek.com/understanding-the-morphology-of-ransomware-a-deeper-dive/


∗∗∗ Recall: Microsofts umstrittenes "Überwachungs"-Feature kommt zurück ∗∗∗
---------------------------------------------
Nach heftigen Sicherheitsbedenken will das Unternehmen bei der neuen KI-Funktion nachgebessert haben
---------------------------------------------
https://www.derstandard.at/story/3000000233374/recall-microsofts-umstrittenes-ueberwachungs-feature-kommt-zurueck


∗∗∗ BLUUID: Firewallas, Diabetics, And… Bluetooth ∗∗∗
---------------------------------------------
Dive into the fascinating and overlooked realm of Bluetooth Low Energy (BTLE) security in GreyNoise Labs latest blog post. Learn techniques for remote device identification, uncover vulnerabilities, and explore the broader implications for IoT and healthcare.
---------------------------------------------
https://www.greynoise.io/blog/bluuid-firewallas-diabetics-and-bluetooth


∗∗∗ PEAKLIGHT: Decoding the Stealthy Memory-Only Malware ∗∗∗
---------------------------------------------
Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT.OverviewMandiant Managed Defense identified a memory-only dropper and downloader delivering ..
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/


∗∗∗ Angreifer können Ciscos VoIP-System Unified Communications Manager lahmlegen ∗∗∗
---------------------------------------------
Aufgrund von Sicherheitslücken sind Attacken auf mehrere Cisco-Produkte möglich. Updates sind verfügbar.
---------------------------------------------
https://heise.de/-9843447


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Cisco Unified Communications Manager Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-kkHq43We


∗∗∗ Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ


∗∗∗ Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk


∗∗∗ Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-y4ZUz5Rj


∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-9zmfHyZ


∗∗∗ Atlassian Jira August 2024 Security Update Advisory ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82562/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily