[CERT-daily] Tageszusammenfassung - 12.06.2024
Daily end-of-shift report
team at cert.at
Wed Jun 12 18:11:14 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 11-06-2024 18:00 − Mittwoch 12-06-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Schwachstelle in Windows: Angreifer können per WLAN Schadcode einschleusen ∗∗∗
---------------------------------------------
Ein Angreifer muss sich lediglich in WLAN-Reichweite zum Zielsystem befinden, um bösartigen Code auszuführen. Betroffen sind alle gängigen Windows-Versionen.
---------------------------------------------
https://www.golem.de/news/schwachstelle-in-windows-angreifer-koennen-per-wlan-schadcode-einschleusen-2406-185979.html
∗∗∗ JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens ∗∗∗
---------------------------------------------
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/
∗∗∗ New backdoor BadSpace delivered by high-ranking infected websites ∗∗∗
---------------------------------------------
Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, theres an unwelcome surprise: the ..
---------------------------------------------
https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
∗∗∗ Geheimdienst deckt auf: China-Hacker dringen in 20.000 Fortinet-Systeme ein ∗∗∗
---------------------------------------------
Ziele der Cyberangriffe sind dem niederländischen NCSC zufolge westliche Regierungen, diplomatische Einrichtungen und die Rüstungsindustrie.
---------------------------------------------
https://www.golem.de/news/geheimdienst-deckt-auf-china-hacker-dringen-in-20-000-fortinet-systeme-ein-2406-185985.html
∗∗∗ Microsoft Patch Tuesday June 2024, (Tue, Jun 11th) ∗∗∗
---------------------------------------------
Microsoft's June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft's Brave browser. Only one vulnerability is rated critical. One of the vulnerabilities had been disclosed before today.
---------------------------------------------
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2024/31000
∗∗∗ Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw ∗∗∗
---------------------------------------------
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from ..
---------------------------------------------
https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
∗∗∗ Adobe Plugs Code Execution Holes in After Effects, Illustrator ∗∗∗
---------------------------------------------
Patch Tuesday: Adobe fixes critical flaws and warns of the risk of code execution attacks on Windows and macOS platforms.
---------------------------------------------
https://www.securityweek.com/adobe-plugs-code-execution-holes-in-after-effects-illustrator/
∗∗∗ Betrifft iOS und MacOS: Angreifer können per Mail Facetime-Anrufe einleiten ∗∗∗
---------------------------------------------
Der Entdecker der Schwachstelle behauptet, sie lasse sich sehr einfach ausnutzen. Selbst ein aktiver Lockdown-Modus könne die unerwünschten Anrufe nicht blockieren.
---------------------------------------------
https://www.golem.de/news/betrifft-ios-und-macos-angreifer-koennen-per-mail-facetime-anrufe-einleiten-2406-185993.html
∗∗∗ Ransomware Group Exploits PHP Vulnerability Days After Disclosure ∗∗∗
---------------------------------------------
The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.
---------------------------------------------
https://www.securityweek.com/ransomware-group-exploits-php-vulnerability-days-after-disclosure/
∗∗∗ GitHub Paid Out Over $4 Million via Bug Bounty Program ∗∗∗
---------------------------------------------
The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.
---------------------------------------------
https://www.securityweek.com/github-paid-out-over-4-million-via-bug-bounty-program/
∗∗∗ The Evolution of QR Code Phishing: ASCII-Based QR Codes ∗∗∗
---------------------------------------------
Quishing is a rapidly evolving threat. Starting around August, when we saw the first rapid increase, we’ve also seen a change in the type of QR code attacks. It started with standard MFA authentication requests. It then evolved to conditional routing and custom targeting. Now, we’re seeing another evolution, into the manipulation of ..
---------------------------------------------
https://blog.checkpoint.com/harmony-email/the-evolution-of-qr-code-phishing-ascii-based-qr-codes/
∗∗∗ Ukrainian police identify suspected affiliate of Conti, LockBit groups ∗∗∗
---------------------------------------------
Ukrainian cyber police say they have identified a local hacker affiliated with the notorious Conti and LockBit ..
---------------------------------------------
https://therecord.media/ukraine-suspected-lockbit-conti-affiliate
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-5707-1 vlc - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00117.html
∗∗∗ ZDI-24-579: Apple macOS PPM Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-579/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
https://lwn.net/Articles/978136/
∗∗∗ XenServer and Citrix Hypervisor Security Update for CVE-2024-5661 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list