[CERT-daily] Tageszusammenfassung - 23.05.2024

Thu May 23 18:25:30 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 22-05-2024 18:00 − Donnerstag 23-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ State hackers turn to massive ORB proxy networks to evade detection ∗∗∗
---------------------------------------------
Security researchers are warning that state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/


∗∗∗ ShrinkLocker: Turning BitLocker into ransomware ∗∗∗
---------------------------------------------
The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
---------------------------------------------
https://securelist.com/ransomware-abuses-bitlocker/112643/


∗∗∗ Ihre Website läuft über Jimdo? Vorsicht vor Phishing-Mails zu Zahlungsproblemen! ∗∗∗
---------------------------------------------
Website- und Online-Shop-Betreiber:innen aufgepasst: Wenn Ihre Website über Jimdo läuft, haben es Kriminelle aktuell vermehrt auf Ihre Daten und Ihr Geld abgesehen. Sie versenden dazu Phishing-Mails in denen Probleme mit Ihren laufenden Zahlungen vorgegaukelt werden.
---------------------------------------------
https://www.watchlist-internet.at/news/jimdo-phishing-mails/


∗∗∗ Format String Exploitation: A Hands-On Exploration for Linux ∗∗∗
---------------------------------------------
This blogpost covers a Capture The Flag challenge that was part of the 2024 picoCTF event.
---------------------------------------------
https://blog.nviso.eu/2024/05/23/format-string-exploitation-a-hands-on-exploration-for-linux/


∗∗∗ New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea ∗∗∗
---------------------------------------------
Unfading Sea Hazes modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs investigation.
---------------------------------------------
https://www.hackread.com/unfading-sea-haze-military-target-south-china-sea/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium), Fedora (chromium, libxml2, pgadmin4, and python-libgravatar), Mageia (ghostscript), Red Hat (389-ds:1.4, ansible-core, bind and dhcp, container-tools:rhel8, edk2, exempi, fence-agents, freeglut, frr, ghostscript, glibc, gmp, go-toolset:rhel8, grafana, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd:2.4, idm:DL1, idm:DL1 and idm:client modules, kernel, kernel-rt, krb5, LibRaw, [...]
---------------------------------------------
https://lwn.net/Articles/974824/


∗∗∗ Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials ∗∗∗
---------------------------------------------
Aptos WISAL payroll accounting uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection.
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-007/


∗∗∗ CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack ∗∗∗
---------------------------------------------
Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/


∗∗∗ Cisco: Root-Zugriff durch SQL-Injection-Lücke in Firepower möglich ∗∗∗
---------------------------------------------
Cisco warnt vor Sicherheitslücken in ASA- und Firepower-Appliances. Angreifer können mit SQL-Injection Firepower-Geräte kompromittieren.
---------------------------------------------
https://heise.de/-9729121


∗∗∗ Sicherheitsupdates VMware: Schadcode kann aus VM ausbüchsen ∗∗∗
---------------------------------------------
Admins sollten zeitnah mehrere Sicherheitspatches für diverse VMware-Produkte installieren.
---------------------------------------------
https://heise.de/-9729288


∗∗∗ LCDS LAquis SCADA ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01


∗∗∗ Vulnerabilities in Autodesk InfraWorks software ∗∗∗
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0008


∗∗∗ AutomationDirect Productivity PLCs ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-144-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily