Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 02.10.2024
by Daily end-of-shift report 02 Oct '24

02 Oct '24

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-10-2024 18:00 − Mittwoch 02-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Crook made millions by breaking into execs’ Office365 inboxes, feds say ∗∗∗ --------------------------------------------- Email accounts inside 5 US companies unlawfully breached through password resets. --------------------------------------------- https://arstechnica.com/?p=2053721 ∗∗∗ Evil Corp hit with new sanctions, BitPaymer ransomware charges ∗∗∗ --------------------------------------------- The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/evil-corp-hit-with-new-sanct… ∗∗∗ Arc browser launches bug bounty program after fixing RCE bug ∗∗∗ --------------------------------------------- The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/arc-browser-launches-bug-bou… ∗∗∗ CISA: Network switch RCE flaw impacts critical infrastructure ∗∗∗ --------------------------------------------- U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-network-switch-rce-flaw… ∗∗∗ PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data ∗∗∗ --------------------------------------------- A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft .. --------------------------------------------- https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html ∗∗∗ Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities ∗∗∗ --------------------------------------------- A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices."These vulnerabilities could enable attackers to take control .. --------------------------------------------- https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html ∗∗∗ NISTs security flaw database still backlogged with 17K+ unprocessed bugs. Not great ∗∗∗ --------------------------------------------- Logjam hurting infosec processes world over one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process - though its not quite on target as hoped. --------------------------------------------- https://www.theregister.com/2024/10/02/cve_pileup_nvd_missed_deadline/ ∗∗∗ After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks ∗∗∗ --------------------------------------------- Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai. --------------------------------------------- https://www.securityweek.com/after-code-execution-researchers-show-how-cups… ∗∗∗ Dotnet Source Generators in 2024 Part 1: Getting Started ∗∗∗ --------------------------------------------- In this blog post, we will cover the basics of a source generator, the major types involved, some common issues you might encounter, how to properly log those issues, and how to fix them. --------------------------------------------- https://posts.specterops.io/dotnet-source-generators-in-2024-part-1-getting… ∗∗∗ Aktive Ausnutzung einer Sicherheitslücke in Zimbra Mail Server (CVE-2024-45519) ∗∗∗ --------------------------------------------- Der Hersteller des Zimbra Mail-Servers, Synacor, hat ein Advisory zu einer Sicherheitslücke in Zimbra Collaboration veröffentlicht. Die veröffentlichte Schwachstelle, CVE-2024-45519, erlaubt es nicht-authentifizierten Benutzern aus der Ferne Code auszuführen. Für die betroffenen Versionen (9.0.0, 10.0.9, 10.1.1 und 8.8.15) stehen jeweils Updates bereit, welche eine .. --------------------------------------------- https://www.cert.at/de/aktuelles/2024/10/zimbra-rce-cve-2024-45519 ∗∗∗ Sicherheit: Datenabflüsse bei Cyberangriffen ∗∗∗ --------------------------------------------- Nach einem Cyberangriff auf eine Klinik in Bad Wildungen im August 2024 sind nun Daten im Darknet aufgetaucht. Auch bei der niederländischen Polizei gab es einen Datenabfluss nach einem Cyberangriff. Hier einige Informationen .. --------------------------------------------- https://www.borncity.com/blog/2024/10/02/sicherheit-datenabfluesse-bei-cybe… ∗∗∗ All that JavaScript for… spear phishing? ∗∗∗ --------------------------------------------- NVISO employs several hunting rules in multiple Threat Intelligence Platforms and other sources, such as VirusTotal. As you can imagine, there is no lack of APT (Advanced Persistent Threat) campaigns, cybercriminals and their associated malware families and campaigns, phishing, and so on. But now and then, something slightly different and perhaps novel .. --------------------------------------------- https://blog.nviso.eu/2024/10/02/all-that-javascript-for-spear-phishing/ ∗∗∗ ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations ∗∗∗ --------------------------------------------- Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) - in partnership with CISA, U.S. government and international partners - released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-a… ∗∗∗ LKA Niedersachsen warnt vor andauernder Masche mit Erpresser-Mails ∗∗∗ --------------------------------------------- Die Betrüger lassen nicht nach, warnt das LKA Niedersachsen. Erpresser-Mails etwa mit angeblichen Videoaufnahmen kursieren weiter. --------------------------------------------- https://heise.de/-9960503 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (grafana), Fedora (cjson and php), Oracle (389-ds-base, freeradius, grafana, kernel, and krb5), Slackware (cryfs, cups, and mozilla), SUSE (OpenIPMI, openssl-3, openvpn, thunderbird, and tomcat), and Ubuntu (cups, cups-filters, knot-resolver, linux-raspi, linux-raspi-5.4, orc, php7.4, php8.1, php8.3, python-asyncssh, ruby-devise-two-factor, and vim). --------------------------------------------- https://lwn.net/Articles/992650/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2024
by Daily end-of-shift report 01 Oct '24

01 Oct '24

===================== = End-of-Day report = ===================== Timeframe: Montag 30-09-2024 18:00 − Dienstag 01-10-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Microsoft Defender adds detection of unsecure Wi-Fi networks ∗∗∗ --------------------------------------------- Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when theyre connected to unsecured Wi-Fi networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-defender-now-autom… ∗∗∗ Microsoft overhauls security for publishing Edge extensions ∗∗∗ --------------------------------------------- Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-securit… ∗∗∗ What Are Hackers Searching for in SolarWinds Serv-U (CVE-2024-28995)? ∗∗∗ --------------------------------------------- Discover how GreyNoise’s honeypots are monitoring exploit attempts on the SolarWinds Serv-U vulnerability (CVE-2024-28995). Gain insights into the specific files attackers target and how real-time data helps security teams focus on true threats. --------------------------------------------- https://www.greynoise.io/blog/what-are-hackers-searching-for-in-solarwinds-… ∗∗∗ Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning ∗∗∗ --------------------------------------------- Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model. --------------------------------------------- https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-t… ∗∗∗ Rackspace internal monitoring web servers hit by zero-day ∗∗∗ --------------------------------------------- Reading between the lines, it appears Rackspace was hosting a ScienceLogic-powered monitoring dashboard for its customers on its own internal web servers, those servers included a program that was bundled with ScienceLogic's software, and that program was exploited, using a zero-day vulnerability, by miscreants to gain access to those web servers. From there, the intruders were able to get hold of some monitoring-related customer information before being caught. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/09/30/rackspace_ze… ∗∗∗ Crooked Cops, Stolen Laptops & the Ghost of UGNazi ∗∗∗ --------------------------------------------- A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the mans alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012. --------------------------------------------- https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-o… ∗∗∗ BSI empfiehlt die Nutzung von Passkeys ∗∗∗ --------------------------------------------- Das BSI empfiehlt die Nutzung von Passkeys. Eine Umfrage zeige auf, dass die Bekanntheit und Verbreitung ausbaufähig seien. --------------------------------------------- https://heise.de/-9959270 ∗∗∗ Ransomware: Ermittler melden neue Erfolge im Kampf gegen Lockbit ∗∗∗ --------------------------------------------- Neben Verhaftungen in Frankreich und Großbritannien haben internationale Strafverfolger die Infrastruktur der Erpresser gestört – zudem ergingen Sanktionen. --------------------------------------------- https://heise.de/-9959100 ∗∗∗ WordPress Vulnerability & Patch Roundup September 2024 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. --------------------------------------------- https://blog.sucuri.net/2024/09/wordpress-vulnerability-patch-roundup-septe… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5). --------------------------------------------- https://lwn.net/Articles/992444/ ∗∗∗ Mozilla Foundation Security Advisories 2024-10-01 (Thunderbird and Firefox) ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/ ∗∗∗ Juniper: 2024-09-30 Out of Cycle Security Advisory: Multiple Products: RADIUS protocol susceptible to forgery attacks (Blast-RADIUS) (CVE-2024-3596) ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Securit… ∗∗∗ Bosch: Sensitive information disclosure in Bosch Configuration Manager ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-981803-bt.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.09.2024
by Daily end-of-shift report 30 Sep '24

30 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-09-2024 18:00 − Montag 30-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ US-Wahlkampf: Anklage wegen des Hacks der Trump-Kampagne erhoben ∗∗∗ --------------------------------------------- Drei Männer müssen sich vor Gericht wegen des Cyberangriffs auf das Wahlkampfteam von Donald Trump verantworten. --------------------------------------------- https://www.golem.de/news/us-wahlkampf-anklage-wegen-des-hacks-der-trump-ka… ∗∗∗ How to Know if Your Website Is Hacked ∗∗∗ --------------------------------------------- Whether you manage a gaming blog, an e-commerce platform, or an enterprise-level website you probably want to be able to detect infections when they occur. A hacked website can lead to financial loss, disruption of business operations, and the exposure of confidential information. The key is acting fast once you discover possible .. --------------------------------------------- https://blog.sucuri.net/2024/09/how-do-website-owners-know-that-their-websi… ∗∗∗ If youre holding important data, Iran is probably trying spearphish it ∗∗∗ --------------------------------------------- Its election year for more than 50 countries and the Islamic Republic threatens a bunch of them US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments. --------------------------------------------- https://www.theregister.com/2024/09/30/iran_spearphishing/ ∗∗∗ The Pig Butchering Invasion Has Begun ∗∗∗ --------------------------------------------- Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process. --------------------------------------------- https://www.wired.com/story/pig-butchering-scam-invasion/ ∗∗∗ Eliminating Memory Safety Vulnerabilities at the Source ∗∗∗ --------------------------------------------- Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning .. --------------------------------------------- http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabil… ∗∗∗ The Data Breach Disclosure Conundrum ∗∗∗ --------------------------------------------- The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? --------------------------------------------- https://www.troyhunt.com/the-data-breach-disclosure-conundrum/ ∗∗∗ How can you protect your data, privacy, and finances if your phone gets lost or stolen? ∗∗∗ --------------------------------------------- Steps to take when your device is lost or stolen TL;DR This is a guide to help prepare for a situation where your mobile device is lost or stolen, including .. --------------------------------------------- https://www.pentestpartners.com/security-blog/how-can-you-protect-your-data… ∗∗∗ Cyber Security Month: Stärken Sie Ihr Wissen ∗∗∗ --------------------------------------------- Im Oktober dreht sich alles um das Thema Cybersicherheit. Nutzen Sie die Gelegenheit, um Ihr Wissen über Phishing, Schadsoftware und andere Cyberbedrohungen aufzufrischen. --------------------------------------------- https://www.watchlist-internet.at/news/cyber-security-month-2024/ ∗∗∗ Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware ∗∗∗ --------------------------------------------- In November 2023, we identified a BlackCat ransomware intrusion started by Nitrogen malware hosted on a website impersonating Advanced IP .. --------------------------------------------- https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-end… ∗∗∗ Datenschutzvorfall bei GlobalSign (Sept. 2024) ∗∗∗ --------------------------------------------- Der Anbieter GlobalSign musste gegenüber einigen Kunden einen Datenschutzvorfall eingestehen. Bei deren Customer Relationship Management Platform (CRM) kam es zu einer Fehlkonfigurierung, so dass ein .. --------------------------------------------- https://www.borncity.com/blog/2024/09/30/datenschutzvorfall-bei-globalsign-… ∗∗∗ Facial DNA provider leaks biometric data via WordPress folder ∗∗∗ --------------------------------------------- ChiceDNA exposed 8,000 sensitive records, including biometric images, personal details, and facial DNA data in an unsecured WordPress… --------------------------------------------- https://hackread.com/facial-dna-provider-leak-biometric-data-wordpress-fold… ===================== = Vulnerabilities = ===================== ∗∗∗ Local Privilege Escalation mittels MSI Installer in Nitro PDF Pro ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escal… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.09.2024
by Daily end-of-shift report 27 Sep '24

27 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-09-2024 18:00 − Freitag 27-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Storm-0501: Ransomware attacks expanding to hybrid cloud environments ∗∗∗ --------------------------------------------- Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomw… ∗∗∗ NIST Recommends Some Common-Sense Password Rules ∗∗∗ --------------------------------------------- NIST’s second draft of its “SP 800-63-4“ - its digital identify guidelines - finally contains some really good rules about passwords. --------------------------------------------- https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-… ∗∗∗ Kaspersky Defends Stealth Swap of Antivirus Software on US Computers ∗∗∗ --------------------------------------------- Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software. Kaspersky .. --------------------------------------------- https://it.slashdot.org/story/24/09/26/1825249/kaspersky-defends-stealth-sw… ∗∗∗ Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate."These attacks could be .. --------------------------------------------- https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.ht… ∗∗∗ Victims lose $70K to one single wallet-draining app on Googles Play Store ∗∗∗ --------------------------------------------- Attackers got 10k people to download trusted web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign .. --------------------------------------------- https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/ ∗∗∗ Patch now: Critical Nvidia bug allows container escape, complete host takeover ∗∗∗ --------------------------------------------- 33% of cloud environments using the toolkit impacted, were told A critical bug in Nvidias widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. --------------------------------------------- https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/ ∗∗∗ Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected ∗∗∗ --------------------------------------------- A researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems. --------------------------------------------- https://www.securityweek.com/highly-anticipated-linux-flaw-allows-remote-co… ∗∗∗ US Announces Charges, Sanctions Against Russian Administrator of Carding Website ∗∗∗ --------------------------------------------- US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash. --------------------------------------------- https://www.securityweek.com/us-announces-charges-sanctions-against-russian… ∗∗∗ Spatenstich für Cybersecurity-Campus der TU Graz ∗∗∗ --------------------------------------------- Rund 25 Millionen Euro werden in den Komplex für bis zu 160 Forschende in der Sandgasse investiert. Auch IT-Start-ups sollen dort Platz finden --------------------------------------------- https://www.derstandard.at/story/3000000238456/spatenstich-fuer-cybersecuri… ∗∗∗ Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 ∗∗∗ --------------------------------------------- ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine --------------------------------------------- https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-wa… ∗∗∗ Geoblocking als einfache DDoS-Abwehr ∗∗∗ --------------------------------------------- Distributed Denial of Service (DDoS) Angriffe gibt es in diversen Varianten, das reicht von reflected UDP mit hoher Bandbreite über Tricksereien auf Layer 4 (etwa TCP-SYN Flooding, oder auch nur Überlastung der State-Tabellen in Firewalls) bis hin zu Layer 7 Angriffen mit vielen teuren http Anfragen. Aktuell sehen wir gerade letztere, dazu wollen wir ein .. --------------------------------------------- https://www.cert.at/de/blog/2024/9/geoblocking-gegen-ddos ∗∗∗ Meta fined $101 million for storing hundreds of millions of passwords in plaintext ∗∗∗ --------------------------------------------- European regulators fined Meta for an engineering mistake that the social media giant first reported in 2019. --------------------------------------------- https://therecord.media/meta-unprotected-passwords-fine-gdpr ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-24-1290: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1290/ ∗∗∗ ZDI-24-1289: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1289/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.09.2024
by Daily end-of-shift report 26 Sep '24

26 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-09-2024 18:00 − Donnerstag 26-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC ∗∗∗ --------------------------------------------- Cisco Talos’ Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. One is a vulnerability in the High-Definition Audio Bus Driver in Windows systems that could lead to a denial of service, while the other is a memory corruption issue that exists in a multicasting protocol in Windows 10. [..] For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website. --------------------------------------------- https://blog.talosintelligence.com/talos-discovers-denial-of-service-vulner… ∗∗∗ The Cyber Resilience Act, an Accidental European Alien Torts Statute? ∗∗∗ --------------------------------------------- What if someone is harmed by their own government, but the technology used against them was created by a company based in the United States? Should that person be able to hold the American company responsible? --------------------------------------------- https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidenta… ∗∗∗ Threat landscape for industrial automation systems, Q2 2024 ∗∗∗ --------------------------------------------- In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types. --------------------------------------------- https://securelist.com/industrial-threat-landscape-q2-2024/113981/ ∗∗∗ Direct Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking ∗∗∗ --------------------------------------------- DMA allows input-output (I/O) devices to access memory without CPU involvement. Bypassing the Operating System (OS) by providing direct high-speed access to the system’s memory improves efficiency for Graphics processing units (GPUs), Network Interface Cards (NICs), storage devices (e.g. NVMe) and peripheral devices. DMA capable connections include PCI, PCI Express (PCIe), Thunderbolt, FireWire, ExpressCard. Without additional safeguards, DMA can make systems vulnerable to attacks. --------------------------------------------- https://www.pentestpartners.com/security-blog/direct-memory-access-dma-atta… ∗∗∗ Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy ∗∗∗ --------------------------------------------- We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant). --------------------------------------------- https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/ ∗∗∗ Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam ∗∗∗ --------------------------------------------- Spammers are always looking for creative ways to bypass spam filters. As a spammer, one of the problems with creating your own architecture to deliver mail is that, once the spam starts flowing, these sources (IPs/domains) can be blocked. Spam can more easily find its way into the inbox if it is delivered from an unexpected or legitimate source. Realizing this, many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. --------------------------------------------- https://blog.talosintelligence.com/simple-mail-transfer-pirates/ ∗∗∗ Phishing and Social Engineering: The Human Factor in Election Security ∗∗∗ --------------------------------------------- Discover how phishing and social engineering threaten the 2024 U.S. elections in part three of our Election Cybersecurity series. Learn how attackers exploit human vulnerabilities to compromise systems and how to defend against these evolving threats. --------------------------------------------- https://www.greynoise.io/blog/phishing-and-social-engineering-the-human-fac… ∗∗∗ Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks ∗∗∗ --------------------------------------------- Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive internal files, including project documents and MFA data, were exposed. Dell has yet to issue a formal response. --------------------------------------------- https://hackread.com/dell-data-leak-in-week-amid-grep-cyberattacks/ ===================== = Vulnerabilities = ===================== ∗∗∗ HPE Aruba Networking fixes critical flaws impacting Access Points ∗∗∗ --------------------------------------------- HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-t… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (container-tools:rhel8, dovecot, emacs, expat, git-lfs, go-toolset:rhel8, golang, grafana, grafana-pcp, gtk3, kernel, kernel-rt, nano, python3, python3.11, python3.12, and virt:rhel and virt-devel:rhel), Debian (mediawiki and puredata), Fedora (chisel), Mageia (glib2.0, gtk+2.0 and gtk+3.0, and python-astropy), Red Hat (git-lfs, grafana, grafana-pcp, kernel, and kernel-rt), SUSE (kubernetes1.24, kubernetes1.25, kubernetes1.26, kubernetes1.27, kubernetes1.28, opensc, and python36), and Ubuntu (apparmor, apr, ca-certificates, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-raspi, openjpeg2, ruby-rack, and tomcat8, tomcat9). --------------------------------------------- https://lwn.net/Articles/991897/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187 --------------------------------------------- https://webkitgtk.org/security/WSA-2024-0005.html ∗∗∗ Cisco IOS XE Software for Wireless Controllers CWA Pre-Authentication ACL Bypass Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2024/09/wordfence-intelligence-weekly-wordpr… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.09.2024
by Daily end-of-shift report 25 Sep '24

25 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-09-2024 18:00 − Mittwoch 25-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ ChatGPT macOS Flaw Couldve Enabled Long-Term Spyware via Memory Function ∗∗∗ --------------------------------------------- A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions," security researcher Johann Rehberger said. --------------------------------------------- https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.h… ∗∗∗ Schon wieder: Offizielles Twitter-Konto OpenAIs von Krypto-Betrügern übernommen ∗∗∗ --------------------------------------------- Der offizielle Twitter-Account der Pressestelle von ChatGPT-Anbieter OpenAI wurde von Betrügern übernommen und genutzt, um eine Fake-Kryptowährung zu promoten. --------------------------------------------- https://heise.de/-9953073 ∗∗∗ AI-Generated Malware Found in the Wild ∗∗∗ --------------------------------------------- HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper. --------------------------------------------- https://www.securityweek.com/ai-generated-malware-found-in-the-wild/ ∗∗∗ Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz ∗∗∗ --------------------------------------------- Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more. --------------------------------------------- https://unit42.paloaltonetworks.com/phishing-platform-sniper-dz-unique-tact… ∗∗∗ LummaC2: Obfuscation Through Indirect Control Flow ∗∗∗ --------------------------------------------- This blog post delves into the analysis of a control flow obfuscation technique employed by recent LummaC2 (LUMMAC.V2) stealer samples. In addition to the traditional control flow flattening technique used in older versions, the malware now leverages customized control flow indirection to manipulate the execution of the malware. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscatio… ∗∗∗ Modified LockBit and Conti ransomware shows up in DragonForce gang’s attacks ∗∗∗ --------------------------------------------- The manufacturing, real estate and transportation industries are recent targets of the cybercrime operation known as DragonForce. Researchers say its serving up versions of LockBit and Conti to affiliates. --------------------------------------------- https://therecord.media/lockbit-conti-dragonforce-ransomware-cybercrime ∗∗∗ Shedding Light on Election Deepfakes ∗∗∗ --------------------------------------------- Contrary to popular belief, deepfakes — AI-crafted audio files, images, or videos that depict events and statements that never occurred; a portmanteau of “deep learning” and “fake” — are not all intrinsically malicious. [..] Let’s take a look at the state of deepfakes during the 2020 elections, how it’s currently making waves in the 2024 election cycle, and how voters can tell truth from digital deception. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/shedding-li… ===================== = Vulnerabilities = ===================== ∗∗∗ 20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin ∗∗∗ --------------------------------------------- This vulnerability makes it possible for an authenticated attacker to change the email of any user, including an administrator, which allows them to reset the password and take over the account and website. [..] After providing full disclosure details, the developer released a patch on September 23, 2024. [..] CVE ID: CVE-2024-8290 --------------------------------------------- https://www.wordfence.com/blog/2024/09/20000-wordpress-sites-affected-by-pr… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (booth), Gentoo (Xpdf), Oracle (go-toolset:ol8, golang, grafana, grafana-pcp, kernel, libnbd, openssl, pcp, and ruby:3.3), Red Hat (container-tools:rhel8, go-toolset:rhel8, golang, kernel, and kernel-rt), SUSE (apr, cargo-audit, chromium, obs-service-cargo, python311, python36, quagga, traefik, and xen), and Ubuntu (intel-microcode, linux-azure-fde-5.15, and puma). --------------------------------------------- https://lwn.net/Articles/991701/ ∗∗∗ WatchGuard SSO and Moodle ∗∗∗ --------------------------------------------- rt-sa-2024-008: WatchGuard SSO Client Denial-of-Service, rt-sa-2024-007: WatchGuard SSO Agent Telnet Authentication Bypass, rt-sa-2024-006: WatchGuard SSO Protocol is Unencrypted and Unauthenticated, rt-sa-2024-009: Moodle: Remote Code Execution via Calculated Questions --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/ ∗∗∗ Teamviewer: Hochriskante Lücken ermöglichen Rechteausweitung ∗∗∗ --------------------------------------------- In den Teamviewer-Remote-Clients können Angreifer eine unzureichende kryptografische Prüfung von Treiberinstallationen missbrauchen, um ihre Rechte auszuweiten und Treiber zu installieren (CVE-2024-7479, CVE-2024-7481; beide CVSS 8.8, Risiko "hoch"). [..] Die seit Dienstag dieser Woche verfügbare Version 15.58.4 oder neuere schließen diese Sicherheitslücken. --------------------------------------------- https://heise.de/-9953034 ∗∗∗ XenServer and Citrix Hypervisor Security Update for CVE-2024-45817 ∗∗∗ --------------------------------------------- https://support.citrix.com/s/article/CTX691646-xenserver-and-citrix-hypervi… ∗∗∗ Schwachstelle in BlackBerry CylanceOPTICS Windows Installer Package ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/schwachstelle-in-blac… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.09.2024
by Daily end-of-shift report 24 Sep '24

24 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Montag 23-09-2024 18:00 − Dienstag 24-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Hackerangriff hier, Hackerangriff da? Nein. ∗∗∗ --------------------------------------------- Ein Kommentar zur aktuellen Berichterstattung rund um DDoS-Angriffe gegen die Webseiten politischer Parteien in Österreich. --------------------------------------------- https://datenrausch.substack.com/p/hackerangriff-hier-hackerangriff ∗∗∗ New Mallox ransomware Linux variant based on leaked Kryptina code ∗∗∗ --------------------------------------------- An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-mallox-ransomware-linux-… ∗∗∗ New Octo Android malware version impersonates NordVPN, Google Chrome ∗∗∗ --------------------------------------------- A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-octo-android-malware-ver… ∗∗∗ Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120, (Tue, Sep 24th) ∗∗∗ --------------------------------------------- Late in July, a researcher using the alias "NETSECFISH" published a blog post revealing a vulnerability in RASIECOM gateway devices [1]. The vulnerability affects the "vpn/list_base_Config.php" endpoint and allows for unauthenticated remote code execution. According to Shodan, about 25,000 vulnerable devices are exposed to the internet. With a simple proof of concept available, it is no surprise that we aseethe vulnerability exploited. --------------------------------------------- https://isc.sans.edu/diary/rss/31292 ∗∗∗ Untersuchung von Solaris / SunOS - Persistenz mit Systemprozessen ∗∗∗ --------------------------------------------- Im Vergleich zu Windows oder sogar Linux ist das öffentliche Wissen und die Anleitung zur digitalen Forensik für Solaris / SunOS eher dünn. Während dieses Einsatzes haben wir unser Wissen über Solaris erheblich erweitert und es auf verschiedene Angreifertechniken hin untersucht. In diesem Blog-Beitrag möchten wir unsere Erfahrungen mit der Untersuchung potenzieller Persistenz durch Systemprozesse im Zusammenhang mit der MITRE ATT&CK-Technik T1543 teilen. --------------------------------------------- https://sec-consult.com/de/blog/detail/investigating-solaris-sunos-persiste… ∗∗∗ Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach ∗∗∗ --------------------------------------------- A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte. {..] Deloitte says no sensitive data exposed after a notorious hacker leaked what he claimed to be internal communications. --------------------------------------------- https://www.securityweek.com/deloitte-says-no-threat-to-sensitive-data-afte… ∗∗∗ Kirchenaustritt nicht über kirchenaustritt-digital-beantragen.at beantragen ∗∗∗ --------------------------------------------- Wer Informationen zum Kirchenaustritt sucht, landet schnell bei kirchenaustritt-digital-beantragen.at. Wir raten jedoch davon ab, über diesen kostenpflichtigen Dienst den Austritt zu beantragen. Beschwerden zufolge wird die Kündigung trotz Bezahlung nicht an die Kirche übermittelt. Außerdem werden sehr viele Daten und eine Ausweiskopie verlangt. Wir raten generell davon ab, Kündigungen usw. über Drittanbieter abzuwickeln. --------------------------------------------- https://www.watchlist-internet.at/news/kirchenaustritt/ ∗∗∗ Inside SnipBot: The Latest RomCom Malware Variant ∗∗∗ --------------------------------------------- We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain. --------------------------------------------- https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/ ∗∗∗ Hacker Leaks 12,000 Alleged Twilio Call Records with Audio Recordings ∗∗∗ --------------------------------------------- A hacker has leaked 12,000 alleged Twilio call records, including phone numbers and audio recordings. The breach exposes personal data, creating significant privacy risks for businesses and individuals using the service. --------------------------------------------- https://hackread.com/hacker-leaks-twilio-call-records-audio-recordings/ ===================== = Vulnerabilities = ===================== ∗∗∗ Unpatched Vulnerabilities Expose Riello UPSs to Hacking: Security Firm ∗∗∗ --------------------------------------------- Hackers can take control of Riello UPS devices by exploiting vulnerabilities that likely remain unpatched, according to CyberDanube, an Austria-based firm specializing in industrial cybersecurity. --------------------------------------------- https://www.securityweek.com/unpatched-vulnerabilities-expose-riello-upss-t… ∗∗∗ CISA Releases Eight Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-24-268-01 OPW Fuel Management Systems SiteSentinel, ICSA-24-268-02 Alisonic Sibylla, ICSA-24-268-03 Franklin Fueling Systems TS-550 EVO, ICSA-24-268-04 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE, ICSA-24-268-05 Moxa MXview One, ICSA-24-268-06 OMNTEC Proteus Tank Monitoring, ICSA-24-156-01 Uniview NVR301-04S2-P4 (Update A), ICSA-19-274-01 Interpeak IPnet TCP/IP Stack (Update E) --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-indu… ∗∗∗ Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions ∗∗∗ --------------------------------------------- Zyxel has released patches for some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions affected by post-authentication memory corruption vulnerabilities. Users are advised to install them for optimal protection. (CVE-2024-38266 CVE-2024-38267 CVE-2024-38268 CVE-2024-38269) --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… ∗∗∗ Critical Vulnerabilities Discovered in Automated Tank Gauge Systems ∗∗∗ --------------------------------------------- In this blogpost, we will explore the ATG systems, their inherent risk when exposed to the Internet and the several critical vulnerabilities uncovered by Bitsight TRACE. By understanding these vulnerabilities, we hope that the reader can better appreciate the urgent need for enhanced security measures and the steps that need to be taken to protect these systems from exploitation. --------------------------------------------- https://www.bitsight.com/blog/critical-vulnerabilities-discovered-automated… ∗∗∗ Xen Security Advisory CVE-2024-45817 / XSA-462 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-462.html ∗∗∗ Keycloak Security Update Advisory (CVE-2024-8698) ∗∗∗ --------------------------------------------- https://asec.ahnlab.com/en/83325/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.09.2024
by Daily end-of-shift report 23 Sep '24

23 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-09-2024 18:00 − Montag 23-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Hyper-V und VMware: Schwachstellen, Patches, PoCs ∗∗∗ --------------------------------------------- In Hyper-V wurde kürzlich eine Schwachstelle gepatcht – jetzt gibt es einen Proof of Concept (PoC) für diese Schwachstelle. Und bei VMware gibt es ebenfalls Schwachstellen sowie Infos, wie sich aus der VM ausbrechen lässt. --------------------------------------------- https://www.borncity.com/blog/2024/09/23/hyper-v-und-vmware-schwachstellen-… ∗∗∗ Android malware Necro infects 11 million devices via Google Play ∗∗∗ --------------------------------------------- A new version of the Necro Trojan malware for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-malware-necro-infect… ∗∗∗ Global infostealer malware operation targets crypto users, gamers ∗∗∗ --------------------------------------------- A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." --------------------------------------------- https://www.bleepingcomputer.com/news/security/global-infostealer-malware-o… ∗∗∗ Phishing links with @ sign and the need for effective security awareness building, (Mon, Sep 23rd) ∗∗∗ --------------------------------------------- While going over a batch of phishing e-mails that were delivered to us here at the Internet Storm Center during the first half of September, I noticed one message which was somewhat unusual. Not because it was untypically sophisticated or because it used some completely new technique, but rather because its authors took advantage of one of the less commonly misused aspects of the URI format – the ability to specify information about a user in the URI before its "host" part (domain or IP address). --------------------------------------------- https://isc.sans.edu/diary/rss/31288 ∗∗∗ Staying a Step Ahead: Mitigating the DPRK IT Worker Threat ∗∗∗ --------------------------------------------- This report aims to increase awareness of the DPRK's efforts to obtain employment as IT workers and shed light on their operational tactics for obtaining employment and maintaining access to corporate systems. Understanding these methods can help organizations better detect these sorts of suspicious behaviors earlier in the hiring process. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it… ∗∗∗ Why Do Criminals Love Phishing-as-a-Service Platforms? ∗∗∗ --------------------------------------------- Phishing-as-a-Service (PaaS) platforms have become the go-to tool for cybercriminals, to launch sophisticated phishing campaigns targeting the general public and businesses, especially in the financial services sector. [..] In this blog, we’ll explore the key features offered by PaaS platforms, highlight the major platforms Trustwave SpiderLabs has recently observed, and cover effective phishing mitigation strategies. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/why-do-crim… ∗∗∗ CISA boss: Makers of insecure software are enablers of the real villains ∗∗∗ --------------------------------------------- Software suppliers who ship buggy, insecure code are the true baddies in the cyber crime story, Jen Easterly, boss of the US government's Cybersecurity and Infrastructure Security Agency, has argued. "The truth is: Technology vendors are the characters who are building problems" into their products, which then "open the doors for villains to attack their victims," declared Easterly during a Wednesday keynote address at Mandiant's mWise conference. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/09/20/cisa_sloppy_… ∗∗∗ Proxy Detection: Comparing Detection Services with the Truth ∗∗∗ --------------------------------------------- In our previous blog post, we looked at different (free and paid) solutions to detect the use of anonymity tools during attacks executed on our Remote Desktop Protocol (RDP) honeypots. Confronted with inconclusive outcomes, this blog post aims to evaluate the different proxy detector tools by analyzing their results with our dataset of Truth. --------------------------------------------- https://gosecure.ai/blog/2024/09/23/proxy-detection-comparing-detection-ser… ∗∗∗ Hackers Claim Second Dell Data Breach in One Week ∗∗∗ --------------------------------------------- Hackers claim a second Dell data breach within a week, exposing sensitive internal files via compromised Atlassian tools. Allegedly, data from Jira, Jenkins, and Confluence was leaked. Dell is already investigating the first incident. --------------------------------------------- https://hackread.com/dell-hit-by-second-security-breach-in-week/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (expat, fence-agents, firefox, libnbd, openssl, pcp, ruby:3.3, and thunderbird), Debian (ruby-saml), Fedora (aardvark-dns, chromium, expat, jupyterlab, less, openssl, python-jupyterlab-server, python-notebook, python3-docs, and python3.12), Gentoo (calibre, curl, Emacs, org-mode, Exo, file, GPL Ghostscript, gst-plugins-good, liblouis, Mbed TLS, OpenVPN, Oracle VirtualBox, PJSIP, Portage, PostgreSQL, pypy, pypy3, Rust, Slurm, stb, VLC, and Xen), SUSE (container-suseconnect, ffmpeg-4, kernel, libpcap, python3, python310, python36, and wpa_supplicant), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-azure, and linux-ibm-5.15, linux-oracle-5.15). --------------------------------------------- https://lwn.net/Articles/991377/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.09.2024
by Daily end-of-shift report 20 Sep '24

20 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-09-2024 18:00 − Freitag 20-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ever wonder how crooks get the credentials to unlock stolen phones? ∗∗∗ --------------------------------------------- iServer provided a simple service for phishing credentials to unlock phones. --------------------------------------------- https://arstechnica.com/?p=2051165 ∗∗∗ CISA warns of actively exploited Apache HugeGraph-Server bug ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-explo… ∗∗∗ macOS Sequoia change breaks networking for VPN, antivirus software ∗∗∗ --------------------------------------------- Users of macOS 15 Sequoia are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers. --------------------------------------------- https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-net… ∗∗∗ 1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from The Register: Germanys Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrikes outage in July are dropping their current vendors products. Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to .. --------------------------------------------- https://it.slashdot.org/story/24/09/19/1721236/1-in-10-orgs-dumping-their-s… ∗∗∗ SAP Hash Cracking Techniques ∗∗∗ --------------------------------------------- Hashing is a one-way encryption technique employed to ensure data integrity, authenticate information, and secure passwords alongside other sensitive data. Hash functions convert input data into a fixed-size string of characters that are both uniform and deterministic, making them an excellent choice for maintaining data security. --------------------------------------------- https://redrays.io/blog/sap-hash-cracking-techniques/ ∗∗∗ This Windows PowerShell Phish Has Scary Potential ∗∗∗ --------------------------------------------- Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While its unlikely that many programmers fell for this .. --------------------------------------------- https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary… ∗∗∗ Ivanti Warns of Second CSA Vulnerability Exploited in Attacks ∗∗∗ --------------------------------------------- In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited. --------------------------------------------- https://www.securityweek.com/ivanti-warns-of-second-csa-vulnerability-explo… ∗∗∗ Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China ∗∗∗ --------------------------------------------- GreyNoise has observed millions of spoofed IPs flooding internet providers with web traffic primarily focusing on TCP connections. --------------------------------------------- https://www.securityweek.com/noise-storms-massive-amounts-of-spoofed-web-tr… ∗∗∗ Vorsicht vor gefälschten Gewinnspielen von ÖAMTC und ADAC ∗∗∗ --------------------------------------------- Vorsicht, wenn Sie per E-Mail ein Gewinnspiel für ein Auto-Notfallset erhalten. Kriminelle geben sich als ÖAMTC oder ADAC aus und behaupten, Sie hätten ein Auto-Notfallset gewonnen. Klicken Sie nicht auf den Link, Sie werden in eine Abo-Fall gelockt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gewinnspiele-oeamtc-adac/ ∗∗∗ Datendiebstahl via Slack, Disney stellt Nutzung des Messenger-Dienstes ein ∗∗∗ --------------------------------------------- Die Hackergruppe Nullbulge konnte Computercode und Details über unveröffentlichte Projekte stehlen und veröffentlichen --------------------------------------------- https://www.derstandard.at/story/3000000237370/datendiebstahl-disney-trennt… ∗∗∗ High-risk vulnerabilities in common enterprise technologies ∗∗∗ --------------------------------------------- Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries. --------------------------------------------- https://www.rapid7.com/blog/post/2024/09/19/etr-high-risk-vulnerabilities-i… ∗∗∗ Jugendherbergen offenbar Opfer von Ransomware-Bande Hunters ∗∗∗ --------------------------------------------- Ende August kam es zu Störungen bei rund 450 deutschen Jugendherbergen. Die Ursache war unklar. Offenbar ist eine Ransomware-Attacke schuld. --------------------------------------------- https://heise.de/-9938226 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-5773-1 chromium - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2024/msg00186.html ∗∗∗ OpenSSH 9.9 released ∗∗∗ --------------------------------------------- https://lwn.net/Articles/991028/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.09.2024
by Daily end-of-shift report 19 Sep '24

19 Sep '24

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-09-2024 18:00 − Donnerstag 19-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Clever GitHub Scanner campaign abusing repos to push malware ∗∗∗ --------------------------------------------- A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. [..] The domain, github-scanner[.]com is not affiliated with GitHub and is being used to deliver malware to visitors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/clever-github-scanner-campai… ∗∗∗ Sicherheitsexperte: Müssen uns nicht vor explodierenden Handys fürchten ∗∗∗ --------------------------------------------- Nach Explosionswellen im Libanon sorgen sich manche nun um die eigenen Smartphones. Cyberexperte Joe Pichelmayr sieht da aber wenig Gefahr. --------------------------------------------- https://futurezone.at/digital-life/sicherheitsexperte-handys-smartphone-exp… ∗∗∗ Google Cloud Document AI flaw (still) allows data theft despite bounty payout ∗∗∗ --------------------------------------------- Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information. [..] A Google spokesperson has told us in response to the above: [..] We developed a fix and are actively working to roll it out. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/09/17/google_cloud… ∗∗∗ Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware ∗∗∗ --------------------------------------------- In this blog, we’ll examine the mechanics of AsyncRAT, how it spreads by masquerading as cracked software, and the steps you can take to protect yourself from this increasingly common cyber threat. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cracked-software-or-cy… ∗∗∗ Solar Cybersecurity And The Nuances Of Renewable Energy Integration ∗∗∗ --------------------------------------------- The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems. --------------------------------------------- https://www.tripwire.com/state-of-security/solar-cybersecurity-and-nuances-… ∗∗∗ Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool ∗∗∗ --------------------------------------------- Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. --------------------------------------------- https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/ ∗∗∗ Betrugsfall mit tegut teo-App und fiktiver Mitarbeiternummer ∗∗∗ --------------------------------------------- Im Prozess sagte der Angeklagte: "Ich war zu der Zeit arbeitslos. Für die Märkte gibt es eine App und da konnte man bei Bezahlungsmitteln die Mitarbeiternummer als Karte hinterlegen. Ich habe es einfach mit einer zufälligen Zahl probiert, und es hat direkt geklappt. --------------------------------------------- https://www.borncity.com/blog/2024/09/19/betrugsfall-mit-tegut-teo-app-und-… ∗∗∗ Aktuelle Phishing-Masche: Terminwunsch für Telefonat mit angeblicher Sparkasse ∗∗∗ --------------------------------------------- Die Verbraucherzentrale NRW warnt vor einer aktuellen Phishing-Masche. Angeblich will die Sparkasse einen Termin für ein Telefonat. --------------------------------------------- https://heise.de/-9909574 ∗∗∗ Discord startet Ende-zu-Ende-Verschlüsselung für Audio- und Video-Chats ∗∗∗ --------------------------------------------- Um die Privatsphäre zu wahren, verschlüsselt der Onlinedienst Discord ab sofort bestimmte Formen des Nachrichtenaustauschs Ende-zu-Ende. --------------------------------------------- https://heise.de/-9909594 ===================== = Vulnerabilities = ===================== ∗∗∗ VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server ∗∗∗ --------------------------------------------- CVE-2024-7490 There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution. --------------------------------------------- https://kb.cert.org/vuls/id/138043 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (expat and tinyproxy), Fedora (frr, microcode_ctl, python3.10, python3.12, python3.6, and ruby), Oracle (expat, fence-agents, firefox, ghostscript, java-1.8.0-openjdk, kernel, and thunderbird), Red Hat (firefox, openssl, ruby:3.3, and thunderbird), SUSE (clamav, ffmpeg-4, kernel, libmfx, python3, python312, runc, ucode-intel, and wireshark), and Ubuntu (apache2, git, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle). --------------------------------------------- https://lwn.net/Articles/990877/ ∗∗∗ GitLab Patches Critical Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. [..] The issue, tracked as CVE-2024-45409 (CVSS score of 10/10), only affects GitLab CE/EE instances that have been configured to use SAML-based authentication. --------------------------------------------- https://www.securityweek.com/gitlab-patches-critical-authentication-bypass-… ∗∗∗ DSA-5772-1 libreoffice - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2024/msg00185.html ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2024/09/wordfence-intelligence-weekly-wordpr… ∗∗∗ MegaSys Computer Technologies Telenium Online Web Application ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-04 ∗∗∗ IDEC PLCs ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-02 ∗∗∗ Kastle Systems Access Control System ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05 ∗∗∗ IDEC CORPORATION WindLDR and WindO/I-NV4 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-03 ∗∗∗ Rockwell Automation RSLogix 5 and RSLogix 500 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily