End-of-Day report
Timeframe: Montag 02-09-2024 18:00 - Dienstag 03-09-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [..] The researcher published the information on August 27, 2024, but has withheld the publication of proof-of-concept (PoC) exploits for now.
https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/
The state of sandbox evasion techniques in 2024
This post is about sandbox evasion techniques and their usefulness in more targeted engagements.
https://fudgedotdotdot.github.io/posts/sandbox-evasion-in-2024/sandboxes.html
CVE-2024-37084: Spring Cloud Remote Code Execution
CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. [..] The vulnerability affects versions 2.11.0 through 2.11.3 of Spring Cloud Skipper.
https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
Intel Responds to SGX Hacking Research
Intel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.
https://www.securityweek.com/intel-responds-to-sgx-hacking-research/
Rechnungen und Mahnungen von cvneed.com ignorieren
Sie haben einen Lebenslauf auf cvneed.com erstellt? Sie sind davon ausgegangen, dass dies kostenlos ist? Doch plötzlich flattern Rechnungen und sogar Mahnungen ins Haus? Ignorieren Sie diese und zahlen Sie nichts. Es handelt sich um eine Abo-Falle!
https://www.watchlist-internet.at/news/mahnungen-von-cvneed/
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CVE-2021-20123/CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability,
CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability
https://www.cisa.gov/news-events/alerts/2024/09/03/cisa-adds-three-known-exploited-vulnerabilities-catalog
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called -MacroPack.-
https://blog.talosintelligence.com/threat-actors-using-macropack/
A look into Web Application Security
An in-depth look into Web Application Security, and Bitsights approach to related security metrics.
https://www.bitsight.com/blog/look-web-application-security
Vulnerabilities
Zyxel: Mehrere hochriskante Sicherheitslücken in Firewalls
Zyxel warnt vor mehreren Sicherheitslücken in den Firewalls des Unternehmens. Updates stehen bereit, die Lecks abdichten. [..] Am schwerwiegendsten ist eine Lücke, die Angreifern das Einschleusen von Befehlen im IPSec VPN der Zyxel-Firewalls ermöglicht. Mit manipulierten Nutzernamen können sie Befehle schmuggeln, die vom Betriebssystem ausgeführt werden.
https://heise.de/-9855938
VMSA-2024-0018:VMware Fusion update addresses a code execution vulnerability (CVE-2024-38811)
VMware Fusion contains a code-execution vulnerability due to the usage of an insecure environment variable. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
https://support.broadcom.com/web/ecx/support-=content-notification/-/external/content/SecurityAdvisories/0/24939
OpenSSL Security Advisory [3rd September 2024]
Possible denial of service in X.509 name checks (CVE-2024-6119) [..] OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue.
https://openssl-library.org/news/secadv/20240903.txt
Security updates for Tuesday
Security updates have been issued by AlmaLinux (python3.12), Debian (calibre, exfatprogs, frr, git, libtommath, nbconvert, ruby-nokogiri, ruby-tzinfo, and webkit2gtk), Fedora (flatpak, lua-mpack, and python3.12), Red Hat (389-ds-base, 389-ds:1.4, buildah, fence-agents, gvisor-tap-vsock, httpd:2.4, kernel, kernel-rt, nodejs:18, orc, postgresql, postgresql:12, postgresql:13, postgresql:15, python-urllib3, python3.12, and skopeo), SUSE (389-ds, bubblewrap and flatpak, cacti, cacti-spine, curl, glib2, kernel-firmware, libqt5-qt3d, libqt5-qtquick3d, opera, python39, qemu, unbound, xen, and zziplib), and Ubuntu (ffmpeg, linux-raspi-5.4, and python-webob).
https://lwn.net/Articles/988570/
Chrome 128 Updates Patch High-Severity Vulnerabilities
https://www.securityweek.com/chrome-128-updates-patch-high-severity-vulnerabilities/
Lenze: Install Directory with insufficient permissions
https://certvde.com/de/advisories/VDE-2024-053/
LOYTEC Electronics LINX Series
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01