[CERT-daily] Tageszusammenfassung - 29.05.2024

Wed May 29 18:56:02 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 28-05-2024 18:00 − Mittwoch 29-05-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Okta warns of credential stuffing attacks targeting its CORS feature ∗∗∗
---------------------------------------------
Okta warns that a Customer Identity Cloud (CIC) feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/okta-warns-of-credential-stuffing-attacks-targeting-its-cors-feature/


∗∗∗ Per Passwortmanager generiert: 20-stelliges Passwort einer Kryptowallet geknackt ∗∗∗
---------------------------------------------
Auf der Wallet befanden sich 43,6 Bitcoins, die heute rund 2,8 Millionen Euro wert sind. Der Besitzer hatte den Zugriff verloren. Zwei Experten konnten ihm helfen.
---------------------------------------------
https://www.golem.de/news/per-passwortmanager-generiert-20-stelliges-passwort-einer-kryptowallet-geknackt-2405-185536.html


∗∗∗ BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder? ∗∗∗
---------------------------------------------
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. [..] However, the possibility that it may be a honeypot has not been lost among members of the cybersecurity community.
---------------------------------------------
https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html


∗∗∗ EU Is Tightening Cybersecurity for Energy Providers ∗∗∗
---------------------------------------------
On March 11th, 2024, the European Commission adopted new cybersecurity rules—the EU network code on cybersecurity for the electricity sector (C/2024/1383)—to “establish a recurrent process of cybersecurity risk assessments in the electricity sector.” If you’re a cybersecurity professional, this news is cause for celebration; if you’re an electricity provider, maybe not so much.
---------------------------------------------
https://www.tripwire.com/state-of-security/eu-tightening-cybersecurity-energy-providers


∗∗∗ Stromspargerät „SmartEnergy“ ist Betrug! ∗∗∗
---------------------------------------------
Aktuell bewerben Kriminelle massenhaft ein Gerät namens „SmartEnergy“. Damit sollen Sie Ihren Stromverbrauch um bis zu 90 Prozent reduzieren können. Wir garantieren Ihnen: Hier sparen Sie nicht 90% Strom, sondern verschwenden zu 100% Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/stromspargeraet-smartenergy-betrug/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Check Point releases emergency fix for VPN zero-day exploited in attacks ∗∗∗
---------------------------------------------
Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. [..] Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/


∗∗∗ Advisory: Active exploitation of Check Point Remote Access VPN vulnerability (CVE-2024-24919) ∗∗∗
---------------------------------------------
mnemonic has several observations of the exploit being used in the wild. [..] We have observed threat actors extracting ntds.dit from compromised customers within 2-3 hours after logging in with a local user. [..] The vulnerability allows a threat actor to enumerate and extract password hashes for all local accounts, including the account used to connect to Active Directory. The full extent of the consequences is still unknown. The following IOCs have been observed in customer environments between April 30, 2024, and today (May 29, 2024) ...
---------------------------------------------
https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/


∗∗∗ Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution ∗∗∗
---------------------------------------------
Vulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution.The post Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution appeared first on SecurityWeek.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-in-eclipse-threadx-could-lead-to-code-execution/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (glibc and tomcat), Fedora (chromium, fcitx5-qt, python-pyqt6, qadwaitadecorations, qgnomeplatform, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgraphs, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, and zeal), Red Hat (glibc, kernel, kernel-rt, kpatch-patch, linux-firmware, mod_http2, pcp, pcs, protobuf, python3, rpm-ostree, and rust), SUSE (git, glibc-livepatches, kernel, libxml2, openssl-1_1, SUSE Manager Client Tools, SUSE Manager Client Tools, salt, and xdg-desktop-portal), and Ubuntu (amavisd-new, firefox, flask-security, frr, git, intel-microcode, jinja2, libreoffice, linux-intel-iotg, unbound, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/975737/


∗∗∗ WordPress Vulnerability & Patch Roundup May 2024 ∗∗∗
---------------------------------------------
https://blog.sucuri.net/2024/05/wordpress-vulnerability-patch-roundup-may-2024.html


∗∗∗ ZDI-24-516: Progress Software WhatsUp Gold HttpContentActiveController Server-Side Request Forgery Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-516/


∗∗∗ Vulnerability Summary for the Week of May 20, 2024 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/bulletins/sb24-149

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily