[CERT-daily] Tageszusammenfassung - 27.06.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 26-06-2024 18:00 − Donnerstag 27-06-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released ∗∗∗
---------------------------------------------
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-for-critical-fortra-filecatalyst-workflow-sqli-flaw-released/


∗∗∗ Sicherheitslücke: Ungeschützte API liefert sensible Daten deutscher Häftlinge ∗∗∗
---------------------------------------------
Welcher Häftling wann mit seinem Anwalt oder Therapeuten telefoniert hat, ist aufgrund der Sicherheitslücke für jedermann einsehbar gewesen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-ungeschuetzte-api-liefert-sensible-daten-deutscher-haeftlinge-2406-186483.html


∗∗∗ What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th) ∗∗∗
---------------------------------------------
For anyone who doesn’t know what a honeypot is, it is a server created specifically for the purpose of gathering information about unauthorized users that connect to it. A honeypot is usually vulnerable by design and often designed to be enticing to trap unsuspecting criminals into spending more time with it. I named my honeypot “Winnie.”
---------------------------------------------
https://isc.sans.edu/diary/rss/31038


∗∗∗ Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads ∗∗∗
---------------------------------------------
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners.
---------------------------------------------
https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html


∗∗∗ Warnung vor Fake Finanzamt-SMS ∗∗∗
---------------------------------------------
Es häufen sich Berichte über eine erneute Smishing-Welle, bei der Kriminelle versuchen, ahnungslose Bürger:innen mit gefälschten SMS-Nachrichten im Namen des Finanzamtes hereinzulegen.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-finanzamt-sms/


∗∗∗ Rabbit R1: Verrissenes KI-Gadget erweist sich auch als Sicherheitsalbtraum ∗∗∗
---------------------------------------------
Hacker demonstrieren, dass sie auf jede an R1-Geräte geschickte Antwort zugreifen können. Zudem lassen sich die Geräte auf diesem Weg beschädigen und Antworten manipulieren.
---------------------------------------------
https://www.derstandard.at/story/3000000226115/rabbit-r1-verrissenes-ki-gadget-erweist-sich-auch-als-sicherheitsalbtraum


∗∗∗ Snowflake isn’t an outlier, it’s the canary in the coal mine ∗∗∗
---------------------------------------------
Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform.
---------------------------------------------
https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/


∗∗∗ MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems ∗∗∗
---------------------------------------------
FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems


∗∗∗ The Growing Threat of Malware Concealed Behind Cloud Services ∗∗∗
---------------------------------------------
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack ∗∗∗
---------------------------------------------
Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites.
---------------------------------------------
https://thehackernews.com/2024/06/over-110000-websites-affected-by.html


∗∗∗ Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques.
---------------------------------------------
https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html


∗∗∗ GitLab Security Updates Patch 14 Vulnerabilities ∗∗∗
---------------------------------------------
GitLab CE and EE updates resolve 14 vulnerabilities, including a critical- and three high-severity bugs.
---------------------------------------------
https://www.securityweek.com/gitlab-security-updates-patch-14-vulnerabilities/


∗∗∗ Multiple vulnerabilities in TP-Link Omada system could lead to root access ∗∗∗
---------------------------------------------
Affected devices could include wireless access points, routers, switches and VPNs.
---------------------------------------------
https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/


∗∗∗ TELSAT marKoni FM Transmitter ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01


∗∗∗ Johnson Controls Illustra Essentials Gen 4 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04


∗∗∗ Johnson Controls Illustra Essentials Gen 4 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-07


∗∗∗ SDG Technologies PnPSCADA ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02


∗∗∗ Johnson Controls Illustra Essentials Gen 4 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-05


∗∗∗ Yokogawa FAST/TOOLS and CI Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-03


∗∗∗ Johnson Controls Illustra Essentials Gen 4 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06


∗∗∗ Local Privilege Escalation über MSI Installer in SoftMaker Office / FreeOffice ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-ueber-msi-installer-in-softmaker-office-freeoffice/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily