[CERT-daily] Tageszusammenfassung - 28.12.2023

Daily end-of-shift report team at cert.at
Thu Dec 28 18:17:52 CET 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 27-12-2023 18:00 − Donnerstag 28-12-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Lockbit ransomware disrupts emergency care at German hospitals ∗∗∗
---------------------------------------------
German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions were caused by a Lockbit ransomware attack where the threat actors gained access to IT systems and encrypted devices on the network.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/


∗∗∗ Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary], (Wed, Dec 27th) ∗∗∗
---------------------------------------------
In this post, I dig into my instance of the DShield honeypot to see what attack vectors malicious actors are trying to exploit. What I found were several attempts to upload the Mirai family of malware.
---------------------------------------------
https://isc.sans.edu/diary/rss/30514


∗∗∗ Operation Triangulation: "Raffiniertester Exploit aller Zeiten" auf iPhones ∗∗∗
---------------------------------------------
Im Sommer wurde bekannt, dass iPhones der russischen Sicherheitsfirma Kaspersky per hoch entwickeltem Exploit übernommen wurden. Auf dem 37C3 gab es Details.
---------------------------------------------
https://www.heise.de/-9583427


∗∗∗ Neuer iPhone-Diebstahlschutz: "Wichtige Orte" als Sicherheitsloch ∗∗∗
---------------------------------------------
Apple will bald die Account-Ausplünderung nach iPhone-Diebstählen erschweren. Ein Sicherheitsfeature bietet allerdings eine Umgehungsmöglichkeit.
---------------------------------------------
https://www.heise.de/-9582753


∗∗∗ Jahresrückblick: Diese Themen beschäftigten uns 2023! ∗∗∗
---------------------------------------------
2023 geht für die Watchlist Internet erfolgreich zu Ende: Mit rund 3,2 Millionen Besucher:innen konnten wir auch heuer wieder zahlreiche Menschen vor Internetbetrug warnen. Monatlich erreichten uns dabei rund 1.000 Meldungen, die wir 2023 in rund 200 Warnartikel und durch die Veröffentlichung von über 12.000 Domains auf unseren Warnlisten verarbeitet haben. Danke an unsere Leser:innen, die diesen Erfolg ermöglichen.
---------------------------------------------
https://www.watchlist-internet.at/news/jahresrueckblick-diese-themen-beschaeftigten-uns-2023/


∗∗∗ How to report Gmail messages as spam to improve your life and make you a hero ∗∗∗
---------------------------------------------
The act of marking and reporting an email as spam in Gmail has an important side effect that makes it totally worth a few seconds of your day.
---------------------------------------------
https://www.zdnet.com/article/how-to-report-gmail-messages-as-spam-to-improve-your-life-and-make-you-a-hero/


∗∗∗ Trend Analysis on Kimsuky Group’s Attacks Using AppleSeed ∗∗∗
---------------------------------------------
While the Kimsuky group typically uses spear phishing attacks for initial access, most of their recent attacks involve the use of shortcut-type malware in LNK file format. Although LNK malware comprise a large part of recent attacks, cases using JavaScripts or malicious documents are continuing to be detected.
---------------------------------------------
https://asec.ahnlab.com/en/60054/


∗∗∗ Cyber Toufan goes Oprah mode, with free Linux system wipes of over 100 organisations ∗∗∗
---------------------------------------------
For the past 6 or so weeks, I’ve been tracking Cyber Toufan on Telegram. They appeared in November, and they’ve been very busy and very naughty boys. They actually set up their infrastructure around October, and started owning things apparently undetected. They’re not a lame DDoS pretend hacktivist group like NoName016 — instead, they claim to be Palestinian state cyber warriors.
---------------------------------------------
https://doublepulsar.com/cyber-toufan-goes-oprah-mode-with-free-linux-system-wipes-of-over-100-organisations-eaf249b042dc



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Juniper: 2023-12 Security Bulletin: JSA Series: Multiple vulnerabilities resolved ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been resolved in Juniper Secure Analytics in 7.5.0 UP7 IF03. Severity Assessment (CVSS) Score 9.8
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-12-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (haproxy, libssh, and nodejs), Fedora (filezilla and minizip-ng), Gentoo (Git, libssh, and OpenSSH), and SUSE (gstreamer, postfix, webkit2gtk3, and zabbix).
---------------------------------------------
https://lwn.net/Articles/956257/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list