[CERT-daily] Tageszusammenfassung - 25.07.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 24-07-2024 18:00 − Donnerstag 25-07-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack ∗∗∗
---------------------------------------------
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/


∗∗∗ French police push PlugX malware self-destruct payload to clean PCs ∗∗∗
---------------------------------------------
The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malware-self-destruct-payload-to-clean-pcs/


∗∗∗ How a cheap barcode scanner helped fix CrowdStriked Windows PCs in a flash ∗∗∗
---------------------------------------------
Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards.
---------------------------------------------
https://www.theregister.com/2024/07/25/crowdstrike_remediation_with_barcode_scanner/


∗∗∗ XWorm Hidden With Process Hollowing ∗∗∗
---------------------------------------------
XWorm is not a brand-new malware family. Its a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique.
---------------------------------------------
https://isc.sans.edu/diary/rss/31112


∗∗∗ Kriminelle werben mit Fake-Profilen von Finanzexperten für betrügerische Investmentplattformen ∗∗∗
---------------------------------------------
Der österreichische Finanzjournalist und Unternehmer Niko Jilch betreibt verschiedene Informationskanäle zu Finanzen, Geldanlage und Bitcoin. Seine Reichweite und Bekanntheit nutzen mittlerweile aber auch Kriminelle, um Privatanleger:innen auf betrügerische Investmentplattformen zu locken.
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-werben-mit-fake-profilen-von-finanzexperten-fuer-betruegerische-investmentplattformen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Progress warns of critical RCE bug in Telerik Report Server ∗∗∗
---------------------------------------------
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/


∗∗∗ Container angreifbar: Docker muss kritische Schwachstelle von 2019 erneut patchen ∗∗∗
---------------------------------------------
Docker hatte die Lücke längst geschlossen. Nur Monate später flog der Patch aber wieder raus. Die Docker Engine ist damit fünf Jahre lang angreifbar gewesen.
---------------------------------------------
https://www.golem.de/news/container-angreifbar-docker-muss-kritische-schwachstelle-von-2019-erneut-patchen-2407-187423.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (containernetworking-plugins, cups, edk2, httpd, httpd:2.4, libreoffice, libuv, libvirt, python3, and runc), Fedora (exim, python-zipp, xdg-desktop-portal-hyprland, and xmedcon), Red Hat (cups, fence-agents, freeradius, freeradius:3.0, httpd:2.4, kernel, kernel-rt, nodejs:18, podman, and resource-agents), Slackware (htdig and libxml2), SUSE (exim), and Ubuntu (ocsinventory-server, php-cas, and poppler).
---------------------------------------------
https://lwn.net/Articles/983328/


∗∗∗ Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products ∗∗∗
---------------------------------------------
Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products.
---------------------------------------------
https://www.securityweek.com/nvidia-patches-high-severity-vulnerabilities-in-ai-networking-products/


∗∗∗ Sicherheitsupdates: Aruba EdgeConnect SD-WAN vielfältig attackierbar ∗∗∗
---------------------------------------------
Die Entwickler von HPE haben in Arubas SD-WAN-Lösung EdgeConnect mehrere gefährliche Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-9813256


∗∗∗ Positron Broadcast Signal Processor ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily