Tageszusammenfassung - 06.02.2024

End-of-Day report

Timeframe: Montag 05-02-2024 18:00 - Dienstag 06-02-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

Rust Won-t Save Us: An Analysis of 2023-s Known Exploited Vulnerabilities

We have analyzed all critical vulnerabilities from the CISA KEV catalog starting from January 2023 through January 2024, categorized the vulnerability root causes, and attempted to analyze if the current efforts in the information security industry match with the current threat vectors being abused.

https://www.horizon3.ai/analysis-of-2023s-known-exploited-vulnerabilities/

Unseriöse Dirndl-Shops drohen mit Anzeige? Ignorieren Sie die Nachrichten!

Zahlreiche Betroffene wenden sich aktuell an die Watchlist Internet, weil unseriöse Bekleidungs- und Dirndl-Shops Monate nach den Bestellungen versuchen, Kund:innen einzuschüchtern und zu einer Zahlung zu drängen. Da völlig falsche Produkte geliefert wurden, besteht aber kein Grund zur Zahlung und somit auch kein Grund zur Sorge!

https://www.watchlist-internet.at/news/unserioese-dirndl-shops-drohen-mit-anzeige-ignorieren-sie-die-nachrichten/

How are user credentials stolen and used by threat actors?

You-ve probably heard the phrase, -Attackers don-t hack anyone these days. They log on.- In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can log on with valid account details, and outline our recommendations for defense.

https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/

Navigating the Rising Tide of CI/CD Vulnerabilities: The Jenkins and TeamCity Case Studies

In the evolving landscape of cybersecurity, a new threat has emerged, targeting the core of software development processes. Recently, an alarming incident has brought to light a significant vulnerability in Jenkins CI/CD servers. Approximately 45,000 Jenkins servers have been left exposed to remote code execution (RCE) attacks, leveraging multiple exploit public POCs. This breach is not just a standalone event but a symptom of a growing trend of attacks on Continuous Integration/Continuous Deployment (CI/CD) software supply chains.

https://checkmarx.com/blog/navigating-the-rising-tide-of-ci-cd-vulnerabilities-the-jenkins-and-teamcity-case-studies/

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Three new security vulnerabilities have been discovered in Azure HDInsights Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. [..] Following responsible disclosure, Microsoft has rolled out fixes as part of updates released on October 26, 2023.

https://thehackernews.com/2024/02/high-severity-flaws-found-in-azure.html

Exploring the (Not So) Secret Code of Black Hunt Ransomware

In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.

https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2/

Vulnerabilities

Patchday Android: Kritische Schadcode-Lücke auf Systemebene geschlossen

Mehrere Sicherheitslücken gefährden Android-Geräte. Für bestimmte Smartphones und Tablets sind Updates erschienen.

https://www.heise.de/-9619910

Sicherheitsupdate: Mehrere Lücken gefährden Server-Monitoring-Tool Nagios XI

Unter bestimmten Bedingungen können Angreifer Schadcode auf Server mit Nagios XI laden. Ein Sicherheitsupdate schließt diese und weitere Schwachstellen.

https://www.heise.de/-9620155

Kritische Schwachstellen in Multifunktions- und Laserdruckern von Canon

Canon warnt vor kritischen Sicherheitslücken in einigen SOHO-Multifunktions- und Laserdruckern. Gegenmaßnahmen sollen helfen.

https://www.heise.de/-9620345

Security updates for Tuesday

Security updates have been issued by CentOS (firefox, gstreamer1-plugins-bad-free, and tigervnc), Debian (ruby-sanitize), Fedora (kernel, kernel-headers, qt5-qtwebengine, and runc), Oracle (gnutls, kernel, libssh, rpm, runc, and tigervnc), Red Hat (runc), and SUSE (bouncycastle, jsch, python, and runc).

https://lwn.net/Articles/961083/

WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001

CVE identifiers: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213, CVE-2023-40414, CVE-2023-42833, CVE-2014-1745

https://webkitgtk.org/security/WSA-2024-0001.html

CISA Adds One Known Exploited Vulnerability to Catalog

Google Chromium V8 Type Confusion Vulnerability CVE-2023-4762

https://www.cisa.gov/news-events/alerts/2024/02/06/cisa-adds-one-known-exploited-vulnerability-catalog

MISP 2.4.184 released with performance improvements, security and bugs fixes.

A series of security fixes were done in this release, the vulnerabilities are accessible to authenticated users, especially those with specific privileges like Org admin. We urge users to update to this version especially if you have different organisations having access to your instances.

https://github.com/MISP/MISP/releases/tag/v2.4.184

ZDI-24-086: TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-086/

ZDI-24-085: (Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-085/

ZDI-24-087: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-087/

IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/

Pilz: Multiple products affected by uC/HTTP vulnerability

https://cert.vde.com/de/advisories/VDE-2024-002/

HID Global Encoders

https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01

HID Global Reader Configuration Cards

https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02