[CERT-daily] Tageszusammenfassung - 20.06.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 19-06-2024 18:00 − Donnerstag 20-06-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ SolarWinds Serv-U path-traversal flaw actively exploited in attacks ∗∗∗
---------------------------------------------
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. [..] The vulnerability, CVE-2024-28995, is a high-severity directory traversal flaw, allowing unauthenticated attackers to read arbitrary files from the filesystem by crafting specific HTTP GET requests. [..] SolarWinds released the 15.4.2 Hotfix 2, version 15.4.2.157, on June 5, 2024, to address this vulnerability by introducing improved validation mechanisms.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/


∗∗∗ No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary], (Thu, Jun 20th) ∗∗∗
---------------------------------------------
Being in the IT and cybersecurity world it seems the costs of controls keeps going up and up. With all the new flashy tools coming out daily it’s easy to forget that there are tons of free tools that can be just as effective at stopping attacks.
---------------------------------------------
https://isc.sans.edu/diary/rss/31024


∗∗∗ Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform Module (TPM) configuration that could result in the execution of malicious code.
---------------------------------------------
https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html


∗∗∗ Fickle Stealer Distributed via Multiple Attack Chain ∗∗∗
---------------------------------------------
This article summarizes the details of this campaign, roughly dividing the attack chain into three stages: Delivery, Preparatory Work, and Packer and Stealer Payload.
---------------------------------------------
https://feeds.fortinet.com/~/899735243/0/fortinet/blogs~Fickle-Stealer-Distributed-via-Multiple-Attack-Chain


∗∗∗ A Traveler’s Guide to Cybersecurity ∗∗∗
---------------------------------------------
In this Q&A with Jonas Walker, a Security Strategist with Fortinet’s FortiGuard Labs, he offers his insight into how to stay safe and avoid attacks from threat actors while traveling in today’s cyber world.
---------------------------------------------
https://feeds.fortinet.com/~/701705230/0/fortinet/blogs~A-Traveler%e2%80%99s-Guide-to-Cybersecurity


∗∗∗ BSI warnt vor angreifbaren Codeschmuggel-Lecks in tausenden Exchange-Servern ∗∗∗
---------------------------------------------
Das BSI schreibt, dass mehr als 18.000 Exchange-Server einen offenen Outlook-Web-Access anbieten und für eine oder sogar mehrere Codeschmuggel-Lücken anfällig seien.
---------------------------------------------
https://heise.de/-9770441



=====================
=  Vulnerabilities  =
=====================

∗∗∗ D-Link: Versteckte Backdoor in 16 Routermodellen entdeckt ∗∗∗
---------------------------------------------
Angreifer können aus der Ferne den Telnet-Dienst betroffener D-Link-Router aktivieren. Auch die Admin-Zugangsdaten sind offenbar in der Firmware hinterlegt.
---------------------------------------------
https://www.golem.de/news/d-link-versteckte-backdoor-in-16-routermodellen-entdeckt-2406-186277.html


∗∗∗ Sicherheitslücken: Attacken auf Atlassian Confluence & Co. möglich ∗∗∗
---------------------------------------------
Sicherheitslücken bedrohen mehrere Anwendungen von Atlassian. Angreifer können Abstürze auslösen oder unbefugt Daten einsehen. [..] Wie aus einer Warnmeldung hervorgeht, haben die Entwickler insgesamt neun Schwachstellen geschlossen, die alle mit dem Bedrohungsgrad "hoch" eingestuft sind.
---------------------------------------------
https://heise.de/-9770453


∗∗∗ Arbitrary File Upload in edu-sharing (metaVentis GmbH) ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-in-edu-sharing-metaventis-gmbh/


∗∗∗ Sonicwall: Heap-based buffer overflow vulnerability in SonicOS SSL-VPN ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0009


∗∗∗ Sonicwall: Stack-based buffer overflow vulnerability in SonicOS HTTP server ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008


∗∗∗ CAREL Boss-Mini ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-02


∗∗∗ Westermo L210-F2G ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03


∗∗∗ Yokogawa CENTUM ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily