Daily October 2024

daily@lists.cert.at

1 participants
23 discussions

Tageszusammenfassung - 03.10.2024
by Daily end-of-shift report 03 Oct '24

03 Oct '24

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-10-2024 18:00 − Donnerstag 03-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Fake browser updates spread updated WarmCookie malware ∗∗∗ --------------------------------------------- A new FakeUpdate campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-browser-updates-spread-… ∗∗∗ FIN7 hackers launch deepfake nude “generator” sites to spread malware ∗∗∗ --------------------------------------------- The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fin7-hackers-launch-deepfake… ∗∗∗ Weird Zimbra Vulnerability ∗∗∗ --------------------------------------------- Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage .. --------------------------------------------- https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.h… ∗∗∗ INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa ∗∗∗ --------------------------------------------- INTERPOL has announced the arrest of eight individuals in Côte dIvoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud.Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes .. --------------------------------------------- https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html ∗∗∗ APT and financial attacks on industrial organizations in Q2 2024 ∗∗∗ --------------------------------------------- This summary provides an overview of the reports of APT and financial attacks on industrial enterprises that were disclosed in Q2 2024, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities. --------------------------------------------- https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-in… ∗∗∗ Experts warn of DDoS attacks using linux printing vulnerability ∗∗∗ --------------------------------------------- A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline. --------------------------------------------- https://therecord.media/ddos-attacks-cups-linux-print-vulnerability ∗∗∗ As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever ∗∗∗ --------------------------------------------- Of the 1,253 incidents reported to the Information Commissioner’s Office (ICO) in 2023, only 87 were investigated — fewer than 7%. The numbers so far for 2024 are similar. --------------------------------------------- https://therecord.media/uk-ico-ransomware-investigations-data ∗∗∗ Threat actor believed to be spreading new MedusaLocker variant since 2022 ∗∗∗ --------------------------------------------- Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat .. --------------------------------------------- https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-ne… ∗∗∗ perfctl: A Stealthy Malware Targeting Millions of Linux Servers ∗∗∗ --------------------------------------------- In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you .. --------------------------------------------- https://blog.aquasec.com/perfctl-a-stealthy-malware-targeting-millions-of-l… ∗∗∗ "Alptraum": Daten aller niederländischen Polizisten geklaut – von Drittstaat? ∗∗∗ --------------------------------------------- Hacker haben die Kontaktdaten aller Mitarbeiter der Polizei erbeutet. Nun kommt das Justizministerium mit einer weiteren alarmierenden Nachricht. --------------------------------------------- https://heise.de/-9961529 ∗∗∗ Thailändische Regierung von neuem APT "CeranaKeeper" angegriffen ∗∗∗ --------------------------------------------- Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden. --------------------------------------------- https://heise.de/-9961562 ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-24-1321: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-40841. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1321/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (cups-filters), Debian (chromium and php8.2), Fedora (firefox), Oracle (cups-filters, flatpak, kernel, krb5, oVirt 4.5 ovirt-engine, and python-urllib3), Red Hat (cups-filters, firefox, go-toolset:rhel8, golang, and thunderbird), SUSE (postgresql16), and Ubuntu (gnome-shell and linux-azure-fde-5.15). --------------------------------------------- https://lwn.net/Articles/992798/ ∗∗∗ Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2024-043 ∗∗∗ Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.10.2024
by Daily end-of-shift report 02 Oct '24

02 Oct '24

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-10-2024 18:00 − Mittwoch 02-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Crook made millions by breaking into execs’ Office365 inboxes, feds say ∗∗∗ --------------------------------------------- Email accounts inside 5 US companies unlawfully breached through password resets. --------------------------------------------- https://arstechnica.com/?p=2053721 ∗∗∗ Evil Corp hit with new sanctions, BitPaymer ransomware charges ∗∗∗ --------------------------------------------- The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/evil-corp-hit-with-new-sanct… ∗∗∗ Arc browser launches bug bounty program after fixing RCE bug ∗∗∗ --------------------------------------------- The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/arc-browser-launches-bug-bou… ∗∗∗ CISA: Network switch RCE flaw impacts critical infrastructure ∗∗∗ --------------------------------------------- U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-network-switch-rce-flaw… ∗∗∗ PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data ∗∗∗ --------------------------------------------- A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft .. --------------------------------------------- https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html ∗∗∗ Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities ∗∗∗ --------------------------------------------- A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices."These vulnerabilities could enable attackers to take control .. --------------------------------------------- https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html ∗∗∗ NISTs security flaw database still backlogged with 17K+ unprocessed bugs. Not great ∗∗∗ --------------------------------------------- Logjam hurting infosec processes world over one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process - though its not quite on target as hoped. --------------------------------------------- https://www.theregister.com/2024/10/02/cve_pileup_nvd_missed_deadline/ ∗∗∗ After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks ∗∗∗ --------------------------------------------- Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai. --------------------------------------------- https://www.securityweek.com/after-code-execution-researchers-show-how-cups… ∗∗∗ Dotnet Source Generators in 2024 Part 1: Getting Started ∗∗∗ --------------------------------------------- In this blog post, we will cover the basics of a source generator, the major types involved, some common issues you might encounter, how to properly log those issues, and how to fix them. --------------------------------------------- https://posts.specterops.io/dotnet-source-generators-in-2024-part-1-getting… ∗∗∗ Aktive Ausnutzung einer Sicherheitslücke in Zimbra Mail Server (CVE-2024-45519) ∗∗∗ --------------------------------------------- Der Hersteller des Zimbra Mail-Servers, Synacor, hat ein Advisory zu einer Sicherheitslücke in Zimbra Collaboration veröffentlicht. Die veröffentlichte Schwachstelle, CVE-2024-45519, erlaubt es nicht-authentifizierten Benutzern aus der Ferne Code auszuführen. Für die betroffenen Versionen (9.0.0, 10.0.9, 10.1.1 und 8.8.15) stehen jeweils Updates bereit, welche eine .. --------------------------------------------- https://www.cert.at/de/aktuelles/2024/10/zimbra-rce-cve-2024-45519 ∗∗∗ Sicherheit: Datenabflüsse bei Cyberangriffen ∗∗∗ --------------------------------------------- Nach einem Cyberangriff auf eine Klinik in Bad Wildungen im August 2024 sind nun Daten im Darknet aufgetaucht. Auch bei der niederländischen Polizei gab es einen Datenabfluss nach einem Cyberangriff. Hier einige Informationen .. --------------------------------------------- https://www.borncity.com/blog/2024/10/02/sicherheit-datenabfluesse-bei-cybe… ∗∗∗ All that JavaScript for… spear phishing? ∗∗∗ --------------------------------------------- NVISO employs several hunting rules in multiple Threat Intelligence Platforms and other sources, such as VirusTotal. As you can imagine, there is no lack of APT (Advanced Persistent Threat) campaigns, cybercriminals and their associated malware families and campaigns, phishing, and so on. But now and then, something slightly different and perhaps novel .. --------------------------------------------- https://blog.nviso.eu/2024/10/02/all-that-javascript-for-spear-phishing/ ∗∗∗ ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations ∗∗∗ --------------------------------------------- Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) - in partnership with CISA, U.S. government and international partners - released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-a… ∗∗∗ LKA Niedersachsen warnt vor andauernder Masche mit Erpresser-Mails ∗∗∗ --------------------------------------------- Die Betrüger lassen nicht nach, warnt das LKA Niedersachsen. Erpresser-Mails etwa mit angeblichen Videoaufnahmen kursieren weiter. --------------------------------------------- https://heise.de/-9960503 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (grafana), Fedora (cjson and php), Oracle (389-ds-base, freeradius, grafana, kernel, and krb5), Slackware (cryfs, cups, and mozilla), SUSE (OpenIPMI, openssl-3, openvpn, thunderbird, and tomcat), and Ubuntu (cups, cups-filters, knot-resolver, linux-raspi, linux-raspi-5.4, orc, php7.4, php8.1, php8.3, python-asyncssh, ruby-devise-two-factor, and vim). --------------------------------------------- https://lwn.net/Articles/992650/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2024
by Daily end-of-shift report 01 Oct '24

01 Oct '24

===================== = End-of-Day report = ===================== Timeframe: Montag 30-09-2024 18:00 − Dienstag 01-10-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Microsoft Defender adds detection of unsecure Wi-Fi networks ∗∗∗ --------------------------------------------- Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when theyre connected to unsecured Wi-Fi networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-defender-now-autom… ∗∗∗ Microsoft overhauls security for publishing Edge extensions ∗∗∗ --------------------------------------------- Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-securit… ∗∗∗ What Are Hackers Searching for in SolarWinds Serv-U (CVE-2024-28995)? ∗∗∗ --------------------------------------------- Discover how GreyNoise’s honeypots are monitoring exploit attempts on the SolarWinds Serv-U vulnerability (CVE-2024-28995). Gain insights into the specific files attackers target and how real-time data helps security teams focus on true threats. --------------------------------------------- https://www.greynoise.io/blog/what-are-hackers-searching-for-in-solarwinds-… ∗∗∗ Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning ∗∗∗ --------------------------------------------- Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model. --------------------------------------------- https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-t… ∗∗∗ Rackspace internal monitoring web servers hit by zero-day ∗∗∗ --------------------------------------------- Reading between the lines, it appears Rackspace was hosting a ScienceLogic-powered monitoring dashboard for its customers on its own internal web servers, those servers included a program that was bundled with ScienceLogic's software, and that program was exploited, using a zero-day vulnerability, by miscreants to gain access to those web servers. From there, the intruders were able to get hold of some monitoring-related customer information before being caught. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/09/30/rackspace_ze… ∗∗∗ Crooked Cops, Stolen Laptops & the Ghost of UGNazi ∗∗∗ --------------------------------------------- A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the mans alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012. --------------------------------------------- https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-o… ∗∗∗ BSI empfiehlt die Nutzung von Passkeys ∗∗∗ --------------------------------------------- Das BSI empfiehlt die Nutzung von Passkeys. Eine Umfrage zeige auf, dass die Bekanntheit und Verbreitung ausbaufähig seien. --------------------------------------------- https://heise.de/-9959270 ∗∗∗ Ransomware: Ermittler melden neue Erfolge im Kampf gegen Lockbit ∗∗∗ --------------------------------------------- Neben Verhaftungen in Frankreich und Großbritannien haben internationale Strafverfolger die Infrastruktur der Erpresser gestört – zudem ergingen Sanktionen. --------------------------------------------- https://heise.de/-9959100 ∗∗∗ WordPress Vulnerability & Patch Roundup September 2024 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. --------------------------------------------- https://blog.sucuri.net/2024/09/wordpress-vulnerability-patch-roundup-septe… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5). --------------------------------------------- https://lwn.net/Articles/992444/ ∗∗∗ Mozilla Foundation Security Advisories 2024-10-01 (Thunderbird and Firefox) ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/ ∗∗∗ Juniper: 2024-09-30 Out of Cycle Security Advisory: Multiple Products: RADIUS protocol susceptible to forgery attacks (Blast-RADIUS) (CVE-2024-3596) ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Securit… ∗∗∗ Bosch: Sensitive information disclosure in Bosch Configuration Manager ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-981803-bt.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily October 2024