[CERT-daily] Tageszusammenfassung - 18.07.2024

Thu Jul 18 18:16:23 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 17-07-2024 18:00 − Donnerstag 18-07-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================


∗∗∗ SolarWinds fixes 8 critical bugs in access rights audit software ∗∗∗
---------------------------------------------
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/solarwinds-fixes-8-critical-bugs-in-access-rights-audit-software/


∗∗∗ Cisco-Schwachstelle: Secure Email Gateway ist vor allem secure, außer vor Mails ∗∗∗
---------------------------------------------
Eine E-Mail mit einem speziell gestalteten Anhang reicht aus, um ein anfälliges Gateway zu infiltrieren und es zum Absturz zu bringen oder Schadcode auszuführen.
---------------------------------------------
https://www.golem.de/news/cisco-schwachstelle-secure-email-gateway-ist-vor-allem-secure-ausser-vor-mails-2407-187191.html


∗∗∗ Forensik-Tool Cellebrite: Diese Smartphones kann das FBI knacken ∗∗∗
---------------------------------------------
Kürzlich hat das FBI das Smartphone des Trump-Attentäters geknackt. Geleakte Dokumente von Cellebrite zeigen, bei welchen Geräten das grundsätzlich möglich ist.
---------------------------------------------
https://www.golem.de/news/forensik-tool-cellebrite-diese-smartphones-kann-das-fbi-knacken-2407-187199.html


∗∗∗ Criminal Gang Physically Assaulting People for Their Cryptocurrency ∗∗∗
---------------------------------------------
This is pretty horrific: a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home ..
---------------------------------------------
https://www.schneier.com/blog/archives/2024/07/criminal-gang-physically-assaulting-people-for-their-cryptocurrency.html


∗∗∗ SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks ∗∗∗
---------------------------------------------
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud ..
---------------------------------------------
https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html


∗∗∗ TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks ∗∗∗
---------------------------------------------
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Futures Insikt Group is tracking the activity ..
---------------------------------------------
https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html


∗∗∗ Container Breakouts: Escape Techniques in Cloud Environments ∗∗∗
---------------------------------------------
Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime.
---------------------------------------------
https://unit42.paloaltonetworks.com/container-escape-techniques/


∗∗∗ Windows Patchday-Nachlese: MSHTML 0-day-Schwachstelle CVE-2024-38112 durch Malware ausgenutzt ∗∗∗
---------------------------------------------
Noch ein kleiner Nachtrag zum Juli 2024 Patchday bei Microsoft. Mit den Sicherheitsupdates hat Microsoft auch eine MSHTML Spoofing-Schwachstelle geschlossen. Es gab die Information, dass diese Schwachstelle (CVE-2024-38112) durch ..
---------------------------------------------
https://www.borncity.com/blog/2024/07/18/windows-patchday-nachlese-mshtml-0-day-schwachstelle-cve-2024-38112-durch-malware-ausgenutzt/


∗∗∗ FIN7 Cybercrime Gang Evolves with Ransomware and Hacking Tools ∗∗∗
---------------------------------------------
FIN7, a notorious cybercrime gang, is back with a new bag of tricks!
---------------------------------------------
https://hackread.com/fin7-cybercrime-gang-ransomware-hacking-tools/


∗∗∗ CISA Releases Playbook for Infrastructure Resilience Planning ∗∗∗
---------------------------------------------
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a companion guide to the Infrastructure Resilience Planning Framework (IRPF), which provides guidance on how local governments and the private sector can ..
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-releases-playbook-infrastructure-resilience-planning


∗∗∗ Critical Patch Update: Oracles Quartalsupdate liefert 386 Sicherheitspatches ∗∗∗
---------------------------------------------
Angreifer können kritische Lücken in unter anderem Oracle HTTP Server oder MySQL Cluster ausnutzen.
---------------------------------------------
https://heise.de/-9804741


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Cisco Security Advisories 2024-07-18 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/publicationListing.x


∗∗∗ Heap-based buffer overflow vulnerability in SonicOS IPSec VPN ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012


∗∗∗ CVE-2024-5321 ∗∗∗
---------------------------------------------
https://github.com/kubernetes/kubernetes/issues/126161

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily