[CERT-daily] Tageszusammenfassung - 22.05.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 21-05-2024 18:00 − Mittwoch 22-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ GhostEngine mining attacks kill EDR security using vulnerable drivers ∗∗∗
---------------------------------------------
A malicious crypto mining campaign codenamed REF4578, has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ghostengine-mining-attacks-kill-edr-security-using-vulnerable-drivers/


∗∗∗ Sicherheitsexperte warnt: Neue Windows-Funktion ist ein "Security-Alptraum" ∗∗∗
---------------------------------------------
Mit Recall sollen Windows-Nutzer in die Vergangenheit reisen können. Unter Sicherheits- und Datenschutzexperten stößt das neue Feature auf Unverständnis.
---------------------------------------------
https://www.golem.de/news/sicherheitsexperte-warnt-neue-windows-funktion-ist-ein-security-alptraum-2405-185334.html


∗∗∗ Stealers, stealers and more stealers ∗∗∗
---------------------------------------------
In this report, we discuss two new stealers: Acrid and ScarletStealer, and an evolution of the known Sys01 stealer, with the latter two dividing stealer functionality across several modules.
---------------------------------------------
https://securelist.com/crimeware-report-stealers/112633/


∗∗∗ Risky Biz News: DNSBomb attack is here! Pew pew pew!!! ∗∗∗
---------------------------------------------
A team of academics from Tsinghua University in Beijing, China has discovered a new method of launching large-scale DDoS attacks using DNS traffic.
---------------------------------------------
https://news.risky.biz/risky-biz-news-dnsbomb-attack-is-here-pew-pew-pew/


∗∗∗ Gehacktes Brawl Stars Konto: Was tun, wenn ich erpresst werde? ∗∗∗
---------------------------------------------
Ihr eigenes oder das Spielekonto Ihres Kindes wurde gehackt? Die Kriminellen fordern nun Geld oder Gutscheinkarten, um den Zugriff zurückzubekommen? Lassen Sie sich nicht erpressen. Wir zeigen Ihnen, was Sie tun können!
---------------------------------------------
https://www.watchlist-internet.at/news/gehacktes-brawl-stars-konto-was-tun-wenn-ich-erpresst-werde/


∗∗∗ Microsoft Exchange Server: Keylogger infiziert Regierungsorganisationen weltweit ∗∗∗
---------------------------------------------
Sicherheitsforscher sind auf einen Keylogger gestoßen, der weltweit Regierungsorganisation, aber auch Banken oder andere Institutionen über Microsoft Exchange Server infiziert.
---------------------------------------------
https://www.borncity.com/blog/2024/05/22/microsoft-exchange-server-keylogger-infiziert-regierungsorganisationen-weltweit/


∗∗∗ Rockwell Automation Encourages Customers to Assess and Secure Public-Internet-Exposed Assets ∗∗∗
---------------------------------------------
Rockwell Automation has released guidance encouraging users to remove connectivity on all Industrial Control Systems (ICS) devices connected to the public-facing internet to reduce exposure to unauthorized or malicious cyber activity.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (webkit2gtk), Fedora (kernel), Mageia (chromium-browser-stable, djvulibre, gdk-pixbuf2.0, nss & firefox, postgresql15 & postgresql13, python-pymongo, python-sqlparse, stb, thunderbird, and vim), Red Hat (go-toolset:rhel8, nodejs, and varnish:6), SUSE (gitui, glibc, and kernel), and Ubuntu (libspreadsheet-parseexcel-perl, linux-aws, linux-aws-5.15, linux-gke, linux-gcp, python-idna, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/974572/


∗∗∗ Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager ∗∗∗
---------------------------------------------
Ivanti has released product updates to resolve multiple vulnerabilities, including critical code execution flaws in Endpoint Manager.
---------------------------------------------
https://www.securityweek.com/ivanti-patches-critical-code-execution-vulnerabilities-in-endpoint-manager/


∗∗∗ Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution ∗∗∗
---------------------------------------------
Claroty shows how Honeywell ControlEdge Virtual UOC vulnerability can be exploited for unauthenticated remote code execution.
---------------------------------------------
https://www.securityweek.com/critical-vulnerability-in-honeywell-virtual-controller-allows-remote-code-execution/


∗∗∗ Kritische Lücke gewährt Angreifern Zugriff auf Veeam Backup Enterprise Manager ∗∗∗
---------------------------------------------
In einer aktuellen Version von Veeam Backup & Replication haben die Entwickler mehrere Schwachstellen geschlossen.
---------------------------------------------
https://heise.de/-9726433


∗∗∗ Patchday: Atlassian rüstet Data Center gegen Schadcode-Attacken ∗∗∗
---------------------------------------------
Admins sollten aus Sicherheitsgründen unter anderem Jira Data Center and Server und Service Management auf den aktuellen Stand bringen.
---------------------------------------------
https://heise.de/-9728466


∗∗∗ K000139685: Python vulnerability CVE-2023-40217 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000139685


∗∗∗ K000139700: Linux kernel usbmon vulnerability CVE-2022-43750 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000139700


∗∗∗ NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679) ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/threat-signal-report/5460

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily