End-of-Day report
Timeframe: Mittwoch 26-06-2024 18:00 - Donnerstag 27-06-2024 18:00
Handler: Alexander Riepl
Co-Handler: Thomas Pribitzer
News
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
https://www.bleepingcomputer.com/news/security/exploit-for-critical-fortra-filecatalyst-workflow-sqli-flaw-released/
Sicherheitslücke: Ungeschützte API liefert sensible Daten deutscher Häftlinge
Welcher Häftling wann mit seinem Anwalt oder Therapeuten telefoniert hat, ist aufgrund der Sicherheitslücke für jedermann einsehbar gewesen.
https://www.golem.de/news/sicherheitsluecke-ungeschuetzte-api-liefert-sensible-daten-deutscher-haeftlinge-2406-186483.html
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th)
For anyone who doesn-t know what a honeypot is, it is a server created specifically for the purpose of gathering information about unauthorized users that connect to it. A honeypot is usually vulnerable by design and often designed to be enticing to trap unsuspecting criminals into spending more time with it. I named my honeypot -Winnie.-
https://isc.sans.edu/diary/rss/31038
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners.
https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html
Warnung vor Fake Finanzamt-SMS
Es häufen sich Berichte über eine erneute Smishing-Welle, bei der Kriminelle versuchen, ahnungslose Bürger:innen mit gefälschten SMS-Nachrichten im Namen des Finanzamtes hereinzulegen.
https://www.watchlist-internet.at/news/warnung-finanzamt-sms/
Rabbit R1: Verrissenes KI-Gadget erweist sich auch als Sicherheitsalbtraum
Hacker demonstrieren, dass sie auf jede an R1-Geräte geschickte Antwort zugreifen können. Zudem lassen sich die Geräte auf diesem Weg beschädigen und Antworten manipulieren.
https://www.derstandard.at/story/3000000226115/rabbit-r1-verrissenes-ki-gadget-erweist-sich-auch-als-sicherheitsalbtraum
Snowflake isn-t an outlier, it-s the canary in the coal mine
Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform.
https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems
FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data.
https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems
The Growing Threat of Malware Concealed Behind Cloud Services
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers.
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
Vulnerabilities
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites.
https://thehackernews.com/2024/06/over-110000-websites-affected-by.html
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques.
https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html
GitLab Security Updates Patch 14 Vulnerabilities
GitLab CE and EE updates resolve 14 vulnerabilities, including a critical- and three high-severity bugs.
https://www.securityweek.com/gitlab-security-updates-patch-14-vulnerabilities/
Multiple vulnerabilities in TP-Link Omada system could lead to root access
Affected devices could include wireless access points, routers, switches and VPNs.
https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/
TELSAT marKoni FM Transmitter
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01
Johnson Controls Illustra Essentials Gen 4
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04
Johnson Controls Illustra Essentials Gen 4
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-07
SDG Technologies PnPSCADA
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02
Johnson Controls Illustra Essentials Gen 4
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-05
Yokogawa FAST/TOOLS and CI Server
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-03
Johnson Controls Illustra Essentials Gen 4
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-06
Local Privilege Escalation über MSI Installer in SoftMaker Office / FreeOffice
https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-ueber-msi-installer-in-softmaker-office-freeoffice/