[CERT-daily] Tageszusammenfassung - 03.09.2024

Tue Sep 3 18:53:45 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 02-09-2024 18:00 − Dienstag 03-09-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ D-Link says it is not fixing four RCE flaws in DIR-846W routers ∗∗∗
---------------------------------------------
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [..] The researcher published the information on August 27, 2024, but has withheld the publication of proof-of-concept (PoC) exploits for now.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/


∗∗∗ The state of sandbox evasion techniques in 2024 ∗∗∗
---------------------------------------------
This post is about sandbox evasion techniques and their usefulness in more targeted engagements.
---------------------------------------------
https://fudgedotdotdot.github.io/posts/sandbox-evasion-in-2024/sandboxes.html


∗∗∗ CVE-2024-37084: Spring Cloud Remote Code Execution ∗∗∗
---------------------------------------------
CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. [..] The vulnerability affects versions 2.11.0 through 2.11.3 of Spring Cloud Skipper.
---------------------------------------------
https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/


∗∗∗ Intel Responds to SGX Hacking Research ∗∗∗
---------------------------------------------
Intel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.
---------------------------------------------
https://www.securityweek.com/intel-responds-to-sgx-hacking-research/


∗∗∗ Rechnungen und Mahnungen von cvneed.com ignorieren ∗∗∗
---------------------------------------------
Sie haben einen Lebenslauf auf cvneed.com erstellt? Sie sind davon ausgegangen, dass dies kostenlos ist? Doch plötzlich flattern Rechnungen und sogar Mahnungen ins Haus? Ignorieren Sie diese und zahlen Sie nichts. Es handelt sich um eine Abo-Falle!
---------------------------------------------
https://www.watchlist-internet.at/news/mahnungen-von-cvneed/


∗∗∗ CISA Adds Three Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CVE-2021-20123/CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability, 
CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/09/03/cisa-adds-three-known-exploited-vulnerabilities-catalog


∗∗∗ Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads ∗∗∗
---------------------------------------------
Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.”
---------------------------------------------
https://blog.talosintelligence.com/threat-actors-using-macropack/


∗∗∗ A look into Web Application Security ∗∗∗
---------------------------------------------
An in-depth look into Web Application Security, and Bitsights approach to related security metrics.
---------------------------------------------
https://www.bitsight.com/blog/look-web-application-security


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Zyxel: Mehrere hochriskante Sicherheitslücken in Firewalls ∗∗∗
---------------------------------------------
Zyxel warnt vor mehreren Sicherheitslücken in den Firewalls des Unternehmens. Updates stehen bereit, die Lecks abdichten. [..] Am schwerwiegendsten ist eine Lücke, die Angreifern das Einschleusen von Befehlen im IPSec VPN der Zyxel-Firewalls ermöglicht. Mit manipulierten Nutzernamen können sie Befehle schmuggeln, die vom Betriebssystem ausgeführt werden.
---------------------------------------------
https://heise.de/-9855938


∗∗∗ VMSA-2024-0018:VMware Fusion update addresses a code execution vulnerability (CVE-2024-38811) ∗∗∗
---------------------------------------------
VMware Fusion contains a code-execution vulnerability due to the usage of an insecure environment variable. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
---------------------------------------------
https://support.broadcom.com/web/ecx/support-=content-notification/-/external/content/SecurityAdvisories/0/24939


∗∗∗ OpenSSL Security Advisory [3rd September 2024] ∗∗∗
---------------------------------------------
Possible denial of service in X.509 name checks (CVE-2024-6119) [..] OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue.
---------------------------------------------
https://openssl-library.org/news/secadv/20240903.txt


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (python3.12), Debian (calibre, exfatprogs, frr, git, libtommath, nbconvert, ruby-nokogiri, ruby-tzinfo, and webkit2gtk), Fedora (flatpak, lua-mpack, and python3.12), Red Hat (389-ds-base, 389-ds:1.4, buildah, fence-agents, gvisor-tap-vsock, httpd:2.4, kernel, kernel-rt, nodejs:18, orc, postgresql, postgresql:12, postgresql:13, postgresql:15, python-urllib3, python3.12, and skopeo), SUSE (389-ds, bubblewrap and flatpak, cacti, cacti-spine, curl, glib2, kernel-firmware, libqt5-qt3d, libqt5-qtquick3d, opera, python39, qemu, unbound, xen, and zziplib), and Ubuntu (ffmpeg, linux-raspi-5.4, and python-webob).
---------------------------------------------
https://lwn.net/Articles/988570/


∗∗∗ Chrome 128 Updates Patch High-Severity Vulnerabilities ∗∗∗
---------------------------------------------
https://www.securityweek.com/chrome-128-updates-patch-high-severity-vulnerabilities/


∗∗∗ Lenze: Install Directory with insufficient permissions ∗∗∗
---------------------------------------------
https://certvde.com/de/advisories/VDE-2024-053/


∗∗∗ LOYTEC Electronics LINX Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily