[CERT-daily] Tageszusammenfassung - 28.05.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 27-05-2024 18:00 − Dienstag 28-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Trusted relationship attacks: trust, but verify ∗∗∗
---------------------------------------------
We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers.
---------------------------------------------
https://securelist.com/trusted-relationship-attack/112731/


∗∗∗ Threat landscape for industrial automation systems, Q1 2024 ∗∗∗
---------------------------------------------
The full global and regional reports have been published on the Kaspersky ICS CERT website.
---------------------------------------------
https://securelist.com/industrial-threat-landscape-q1-2024/112683/


∗∗∗ Kriminelle geben sich als Europäische Verbraucherzentren aus ∗∗∗
---------------------------------------------
Sie haben auf einer betrügerischen Investmentplattform Geld verloren? Ihre persönliche Beratung war nicht mehr erreichbar oder Ihr Konto wurde plötzlich gesperrt? Vorsicht, wenn Sie von Institutionen wie den Europäischen Verbraucherzentren kontaktiert werden, die Ihnen versprechen, Ihr Geld zurückzuholen. Es handelt sich erneut um eine Betrugsmasche!
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-geben-sich-als-europaeische-verbraucherzentren-aus/


∗∗∗ Ivanti EPM Cloud Services Appliance - Taking advantage of a backdoor to detect a vulnerability ∗∗∗
---------------------------------------------
This blog post details how `CVE-2021-44529` was researched as well as the current method being used to detect it.
---------------------------------------------
https://www.bitsight.com/blog/ivanti-epm-cloud-services-appliance-taking-advantage-backdoor-detect-vulnerability



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (less), Mageia (chromium-browser-stable), SUSE (apache2, java-1_8_0-openj9, kernel, libqt5-qtnetworkauth, and openssl-3), and Ubuntu (netatalk and python-cryptography).
---------------------------------------------
https://lwn.net/Articles/975529/


∗∗∗ Kritische Sicherheitslücke gewährt Angreifern Zugriff auf TP-Link-Router C5400X ∗∗∗
---------------------------------------------
Der TP-Link-WLAN-Router C5400X ist verwundbar. Ein Sicherheitspatch schließt eine kritische Schwachstelle.
---------------------------------------------
https://heise.de/-9736602


∗∗∗ WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites ∗∗∗
---------------------------------------------
https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html


∗∗∗ Citrix Workspace app for Mac Security Bulletin for CVE-2024-5027 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX675851/citrix-workspace-app-for-mac-security-bulletin-for-cve20245027


∗∗∗ Campbell Scientific CSI Web Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01


∗∗∗ TI Bluetooth stack can fail to generate a resolvable Random Private Address (RPA) leading to DoS for already bonded peer devices ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-466062.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily