[CERT-daily] Tageszusammenfassung - 12.09.2024

Thu Sep 12 18:02:48 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 11-09-2024 18:00 − Donnerstag 12-09-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


=====================
=       News        =
=====================


∗∗∗ GitLab warns of critical pipeline execution vulnerability ∗∗∗
---------------------------------------------
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/


∗∗∗ Sicherheitspaket: CCC droht mit Anleitungen zur Überwachungssabotage ∗∗∗
---------------------------------------------
Zivilgesellschaftliche Verbände sind empört über das Sicherheitspaket der Bundesregierung. Der "billige Populismus" spiele Rechtsextremen in die Hände.
---------------------------------------------
https://www.golem.de/news/sicherheitspaket-ccc-droht-mit-anleitungen-zur-ueberwachungssabotage-2409-188906.html


∗∗∗ SiteCheck Remote Website Scanner — Mid-Year 2024 Report ∗∗∗
---------------------------------------------
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote website scanners may not provide as comprehensive of a scan as server-side scanners, ..
---------------------------------------------
https://blog.sucuri.net/2024/09/sitecheck-remote-website-scanner-mid-year-2024-report.html


∗∗∗ DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe ∗∗∗
---------------------------------------------
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation.The black hat SEO ..
---------------------------------------------
https://thehackernews.com/2024/09/dragonrank-black-hat-seo-campaign.html


∗∗∗ Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking ∗∗∗
---------------------------------------------
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns."Selenium Grid is a server that facilitates running test cases in parallel ..
---------------------------------------------
https://thehackernews.com/2024/09/exposed-selenium-grid-servers-targeted.html


∗∗∗ Transport for London confirms 5,000 user bank data exposed, pulls large chunks of IT infra offline ∗∗∗
---------------------------------------------
Hauling in 30,000 staff IN PERSON to do password resets Breaking Transport for Londons ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees passwords will need to be reset via in-person appointments.
---------------------------------------------
https://www.theregister.com/2024/09/12/transport_for_londons_cyber_attack/


∗∗∗ Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey ∗∗∗
---------------------------------------------
Repair functions of Microsoft Windows MSI installers can be vulnerable in several ways, for instance allowing local attackers to ..
---------------------------------------------
https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/


∗∗∗ Living off the land, GPO style ∗∗∗
---------------------------------------------
TL;DR The ability to edit Group Policy Object (GPOs) from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/


∗∗∗ Ransomware: Attacks Once More Nearing Peak Levels ∗∗∗
---------------------------------------------
Attacks surge again in second quarter of 2024 as attackers bounce back from disruption.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound


∗∗∗ Introduction to Third-Party Risk Management ∗∗∗
---------------------------------------------
In today’s world, organizations are increasingly depending on their third-party vendors, suppliers, and partners to support their operations. This way of working, in addition to the digitalization era we’re in, can have great advantages such as being able to offer new services quickly while relying on other’s expertise or cutting costs on already existing processes.
---------------------------------------------
https://blog.nviso.eu/2024/09/12/introduction-to-third-party-risk-management/


∗∗∗ Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API ∗∗∗
---------------------------------------------
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-roundup-sept-11-2024/


∗∗∗ Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities ∗∗∗
---------------------------------------------
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html


∗∗∗ Hadooken Malware Targets Weblogic Applications ∗∗∗
---------------------------------------------
Aqua Nautilus researchers identified a new Linux malware targeting Weblogic servers. The main payload calls itself Hadooken which we think is referring to the attack “surge fist” in the Street Fighter series. When Hadooken is executed, ..
---------------------------------------------
https://blog.aquasec.com/hadooken-malware-targets-weblogic-applications-1


∗∗∗ Microsoft Office: ActiveX wird abgedreht ∗∗∗
---------------------------------------------
Länger war es still darum, aber ActiveX gibt es noch. Kommende Microsoft Office-Versionen schalten die Unterstützung endlich ab. Zumindest fast.
---------------------------------------------
https://heise.de/-9865690


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Cisco Routed Passive Optical Network Controller Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL


∗∗∗ Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy


∗∗∗ Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp


∗∗∗ Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC


∗∗∗ Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe


∗∗∗ Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S


∗∗∗ Cisco IOS XR Software CLI Arbitrary File Read Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD


∗∗∗ Cisco IOS XR Software CLI Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily