End-of-Day report
Timeframe: Mittwoch 24-07-2024 18:00 - Donnerstag 25-07-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.
https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/
French police push PlugX malware self-destruct payload to clean PCs
The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France.
https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malware-self-destruct-payload-to-clean-pcs/
How a cheap barcode scanner helped fix CrowdStriked Windows PCs in a flash
Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards.
https://www.theregister.com/2024/07/25/crowdstrike_remediation_with_barcode_scanner/
XWorm Hidden With Process Hollowing
XWorm is not a brand-new malware family. Its a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique.
https://isc.sans.edu/diary/rss/31112
Kriminelle werben mit Fake-Profilen von Finanzexperten für betrügerische Investmentplattformen
Der österreichische Finanzjournalist und Unternehmer Niko Jilch betreibt verschiedene Informationskanäle zu Finanzen, Geldanlage und Bitcoin. Seine Reichweite und Bekanntheit nutzen mittlerweile aber auch Kriminelle, um Privatanleger:innen auf betrügerische Investmentplattformen zu locken.
https://www.watchlist-internet.at/news/kriminelle-werben-mit-fake-profilen-von-finanzexperten-fuer-betruegerische-investmentplattformen/
Vulnerabilities
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.
https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
Container angreifbar: Docker muss kritische Schwachstelle von 2019 erneut patchen
Docker hatte die Lücke längst geschlossen. Nur Monate später flog der Patch aber wieder raus. Die Docker Engine ist damit fünf Jahre lang angreifbar gewesen.
https://www.golem.de/news/container-angreifbar-docker-muss-kritische-schwachstelle-von-2019-erneut-patchen-2407-187423.html
Security updates for Thursday
Security updates have been issued by AlmaLinux (containernetworking-plugins, cups, edk2, httpd, httpd:2.4, libreoffice, libuv, libvirt, python3, and runc), Fedora (exim, python-zipp, xdg-desktop-portal-hyprland, and xmedcon), Red Hat (cups, fence-agents, freeradius, freeradius:3.0, httpd:2.4, kernel, kernel-rt, nodejs:18, podman, and resource-agents), Slackware (htdig and libxml2), SUSE (exim), and Ubuntu (ocsinventory-server, php-cas, and poppler).
https://lwn.net/Articles/983328/
Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products
Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products.
https://www.securityweek.com/nvidia-patches-high-severity-vulnerabilities-in-ai-networking-products/
Sicherheitsupdates: Aruba EdgeConnect SD-WAN vielfältig attackierbar
Die Entwickler von HPE haben in Arubas SD-WAN-Lösung EdgeConnect mehrere gefährliche Sicherheitslücken geschlossen.
https://heise.de/-9813256
Positron Broadcast Signal Processor
https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02