[CERT-daily] Tageszusammenfassung - 11.07.2024

Daily end-of-shift report team at cert.at
Thu Jul 11 18:09:56 CEST 2024 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 10-07-2024 18:00 − Donnerstag 11-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Datenleck: Millionen von 2FA-SMS standen frei zugänglich im Netz ∗∗∗
---------------------------------------------
Die vom CCC entdeckten SMS haben wohl neben internen Verwaltungs- und Abrechnungsdaten auf einer ungesicherten S3-Instanz eines Dienstleisters gelegen.
---------------------------------------------
https://www.golem.de/news/datenleck-millionen-von-2fa-sms-standen-frei-zugaenglich-im-netz-2407-186950.html


∗∗∗ You had a year to patch this Veeam flaw and now its going to hurt ∗∗∗
---------------------------------------------
LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Yet another new ransomware gang, this one dubbed EstateRansomware, is exploiting a ..
---------------------------------------------
https://www.theregister.com/2024/07/11/estate_ransomware_veeam_bug/


∗∗∗ Achtung: Phishingversuche im Namen von Bitpanda! ∗∗∗
---------------------------------------------
Derzeit kursieren vermehrt Phishingmails und SMS, die vortäuschen, vom Finanzdienstleister BitPanda versendet worden zu sein. Geben Sie keine persönlichen Daten oder Codes weiter, sonst geben Sie Kriminellen Zugang zu Ihrem Wallet!
---------------------------------------------
https://www.watchlist-internet.at/news/phishingversuche-bitpanda/


∗∗∗ E-Mail genügt: Outlook-Lücke gibt Angreifern Zugriff aufs System ∗∗∗
---------------------------------------------
Gefahr insbesondere bei Mails von "vertrauenswürdigen Absendern" – Patch steht bereit
---------------------------------------------
https://www.derstandard.at/story/3000000228006/e-mail-genuegt-outlook-luecke-gibt-angreifern-zugriff-aufs-system


∗∗∗ Impact of data breaches is fueling scam campaigns ∗∗∗
---------------------------------------------
Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. A data breach occurs when unauthorized ..
---------------------------------------------
https://blog.talosintelligence.com/data-breaches-fueling-scam-campaigns/


∗∗∗ CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities ∗∗∗
---------------------------------------------
Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/07/10/cisa-and-fbi-release-secure-design-alert-eliminating-os-command-injection-vulnerabilities


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-5728-1 exim4 - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00139.html


∗∗∗ DSA-5727-1 firefox-esr - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00138.html


∗∗∗ 2024-07 Security Bulletin: Junos OS Evolved: Execution of a specific CLI command will cause a crash in the AFT manager (CVE-2024-39513) ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513


∗∗∗ 2024-07 Security Bulletin: Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash (CVE-2024-39554) ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554


∗∗∗ NetScaler Console, Agent and SDX Security Bulletin for CVE-2024-6235 and CVE-2024-6236 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list