[CERT-daily] Tageszusammenfassung - 15.05.2024

Daily end-of-shift report team at cert.at
Wed May 15 18:45:02 CEST 2024 

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-05-2024 18:00 − Mittwoch 15-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers ∗∗∗
---------------------------------------------
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/


∗∗∗ Weitere Schwachstelle entdeckt: Hacker startet erneut Cyberangriff auf Dell ∗∗∗
---------------------------------------------
Die bereits abgegriffenen 49 Millionen Kundendatensätze sind ihm offenbar nicht genug. Menelik greift Dell erneut an. Dieses Mal sind wohl Support-Daten betroffen.
---------------------------------------------
https://www.golem.de/news/weitere-schwachstelle-entdeckt-hacker-startet-erneut-cyberangriff-auf-dell-2405-185130.html


∗∗∗ Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain ∗∗∗
---------------------------------------------
One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft.
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (sssd and tcpdump), Red Hat (.NET 7.0, .NET 8.0, expat, kernel, and kernel-rt), Slackware (mozilla), SUSE (kernel, postgresql15, postgresql16, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, and python3), and Ubuntu (linux-bluefield).
---------------------------------------------
https://lwn.net/Articles/973746/


∗∗∗ ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric ∗∗∗
---------------------------------------------
Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their products.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-rockwell-mitsubishi-electric/


∗∗∗ Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities ∗∗∗
---------------------------------------------
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. [..] The most important flaw, based on its severity rating of ‘critical’ and a CVSS score of 10, is CVE-2024-22476. [..] Intel says this critical vulnerability could allow an unauthenticated attacker to “enable escalation of privilege via remote access”.
---------------------------------------------
https://www.securityweek.com/intel-publishes-41-security-advisories-for-over-90-vulnerabilities/


∗∗∗ LibreOffice: Falscher Klick kann zur Ausführung von Schadcode führen ∗∗∗
---------------------------------------------
Eine Sicherheitslücke im quelloffenen LibreOffice ermöglicht Angreifern, Opfern Schadcode unterzujubeln. Die müssen nur einmal klicken.
---------------------------------------------
https://heise.de/-9719334


∗∗∗ VMware Workstation und Fusion: Ausbruch aus Gastsystem möglich ∗∗∗
---------------------------------------------
In VMware Workstation und Fusion klaffen Sicherheitslücken, die beim Pwn2Own-Wettbewerb missbraucht wurden. Sie ermöglichen den Ausbruch aus dem Gastsystem.
---------------------------------------------
https://heise.de/-9718624


∗∗∗ Patchday: Angreifer attackieren Windows und verschaffen sich Systemrechte ∗∗∗
---------------------------------------------
Microsoft hat wichtige Sicherheitsupdates für unter anderem Edge, Dynamics 365 und Windows veröffentlicht. Es gibt bereits Attacken.
---------------------------------------------
https://heise.de/-9718608


∗∗∗ Patchday: Angreifer können Schadcode durch Lücken in Adobe-Software schieben ∗∗∗
---------------------------------------------
Der Softwarehersteller Adobe hat unter anderem Animate, Illustrator und Reader vor möglichen Attacken abgesichert.
---------------------------------------------
https://heise.de/-9718639


∗∗∗ Fortiguard Security Advisories ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt


∗∗∗ Lenovo Security Advisories ∗∗∗
---------------------------------------------
https://support.lenovo.com/at/en/product_security/home


∗∗∗ 30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/05/30000-wordpress-sites-affected-by-arbitrary-sql-execution-vulnerability-patched-in-visualizer-wordpress-plugin/


∗∗∗ Bosch: Remote code execution vulnerability has been found over an insecure connection in the Praesensa Logging Application, Praesideo Logging Application and Praesideo PC Call Station ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-106054-bt.html


∗∗∗ B&R: 2024-05-14: Cyber Security Advisory - Insecure Loading of Code in B&R Products ∗∗∗
---------------------------------------------
https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf


∗∗∗ SUBNET PowerSYSTEM Center ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02


∗∗∗ F5: K000139592 : libxml2 vulnerability CVE-2023-29469 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000139592


∗∗∗ ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-456/


∗∗∗ ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-455/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list