===================== = End-of-Day report = =====================
Timeframe: Mittwoch 18-12-2024 18:00 − Donnerstag 19-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Attackers exploiting a patched FortiClient EMS vulnerability in the wild ∗∗∗ --------------------------------------------- During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. --------------------------------------------- https://securelist.com/patched-forticlient-ems-vulnerability-exploited-in-th...
∗∗∗ HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims Microsoft Azure cloud infrastructure. [..] Targets include at least 20,000 automotive, chemical, and industrial compound manufacturing users in Europe. [..] The attacks involve sending phishing emails with Docusign-themed lures that urge recipients to view a document, which then redirects users to malicious HubSpot Free Form Builder links, from where they are led to a fake Office 365 Outlook Web App login page in order to steal their credentials. --------------------------------------------- https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html
∗∗∗ Spyware distributed through Amazon Appstore ∗∗∗ --------------------------------------------- Recently, we uncovered a seemingly harmless app called “BMI CalculationVsn” on the Amazon App Store, which is secretly stealing the package name of installed apps and incoming SMS messages under the guise of a simple health tool. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyware-distributed-thr...
∗∗∗ Achtung: AG Reparaturservice ist Betrug ∗∗∗ --------------------------------------------- Geschirrspüler kaputt? Die Website ag-reparaturservice.at bietet angeblich Reparaturen verschiedenster Geräte an. Von Kühlschränken über Waschmaschinen bis hin zu Backöfen repariert das Unternehmen angeblich Haushaltsgeräte. Wir raten zur Vorsicht: Die Reparatur wird trotz Bezahlung nicht durchgeführt. Sie verlieren Ihr Geld. Wir zeigen Ihnen, wie Sie die Betrugsmasche erkennen! --------------------------------------------- https://www.watchlist-internet.at/news/ag-reparaturservice-ist-betrug/
∗∗∗ CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach ∗∗∗ --------------------------------------------- A 5-page advisory provided troves of guidance for both Apple and Android users, urging all “highly targeted individuals” to rely on the “consistent use of end-to-end encryption.” --------------------------------------------- https://therecord.media/cisa-urges-senior-officials-to-lock-down-devices-sal...
∗∗∗ Hacker könnten über Schwachstellen in Solaranlagen das europäische Stromnetz knacken ∗∗∗ --------------------------------------------- Unschöne, aber keineswegs neue Erkenntnis. Deutschland ist zwar "stolz" ob der installierten Leistung an Solarkollektoren. Aber ein griechischer White Hat-Hacker hat gezeigt, wie er sich mittels Notebook und Internet in zahlreiche europäischen Solaranlagen hacken und diese – auch in Deutschland – einfach ausknipsen könnte. --------------------------------------------- https://www.borncity.com/blog/2024/12/19/hacker-koennten-ueber-schwachstelle...
∗∗∗ Kritische LDAP-Schwachstelle in Windows (CVE-2024-49112) ∗∗∗ --------------------------------------------- Noch ein kleiner Nachtrag vom Dezember 2024-Patchday. Zum 10. Dezember 2024 hat Microsoft einen kritische Schwachstelle (CVE-2024-49112) im Lightweight Directory Access Protocol (LDAP) öffentlich gemacht. Diese ermöglicht Remote-Angriffe auf Windows-Clients und -Server, wurde aber gepatcht. [..] Hunter schreibt, dass jährlich 178.900 LDAP- und LDAPS-Dienste jährlich beim Scans über hunter.how gefunden würden. --------------------------------------------- https://www.borncity.com/blog/2024/12/19/kritische-ldap-schwachstelle-in-win...
∗∗∗ Exploring vulnerable Windows drivers ∗∗∗ --------------------------------------------- This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. --------------------------------------------- https://blog.talosintelligence.com/exploring-vulnerable-windows-drivers/
∗∗∗ Betrugsmail: Cyberversicherung muss Schaden nicht ersetzen ∗∗∗ --------------------------------------------- Klassisches Mail-Spoofing kostete eine deutsche Firma 85.000 Euro. Ihre Cyberversicherung deckt den Schaden nicht, sagt das Landgericht Hagen. --------------------------------------------- https://heise.de/-10215212
∗∗∗ Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages ∗∗∗ --------------------------------------------- Socket’s threat research team identified a malware campaign infiltrating the npm ecosystem, deploying the Skuld infostealer just weeks after a similar attack targeted Roblox developers. [..] Before their removal, these packages compromised hundreds of machines, demonstrating how even low-complexity attacks can rapidly gain traction. --------------------------------------------- https://socket.dev/blog/skuld-infostealer-returns-to-npm
===================== = Vulnerabilities = =====================
∗∗∗ FortiWLM Unauthenticated limited file read vulnerability ∗∗∗ --------------------------------------------- A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files. Severity: Critical, CVE-2023-34990 --------------------------------------------- https://www.fortiguard.com/psirt/FG-IR-23-144
∗∗∗ FortiManager OS command injection ∗∗∗ --------------------------------------------- An Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability [CWE-78] in FortiManager may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. Severity: High, CVE-2024-48889 --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-24-425
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (bluez, edk2:20220126gitbb1bba3d77, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, kernel-rt, mpg123, php:8.2, python3.11-urllib3, and tuned), Fedora (ColPack, glibc, golang-github-chainguard-dev-git-urls, golang-github-task, icecat, python-nbdime, python3.13, and python3.14), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, dwarves and kernel-linus), Red Hat (gstreamer1-plugins-base and gstreamer1-plugins-good), SUSE (curl, emacs, git-bug, glib2, helm, kernel, and traefik2), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, gstreamer1.0, libvpx, linux-gcp, phpunit, and yara). --------------------------------------------- https://lwn.net/Articles/1002903/
∗∗∗ Delta Electronics DTM Soft ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-03
∗∗∗ Hitachi Energy SDM600 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-02
∗∗∗ Hitachi Energy RTU500 series CMU ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01
∗∗∗ Ossur Mobile Logic Application ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01
∗∗∗ Tibbo AggreGate Network Manager ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05