===================== = End-of-Day report = =====================
Timeframe: Freitag 19-07-2024 18:00 − Montag 22-07-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Attackers Abuse Swap File to Steal Credit Cards ∗∗∗ --------------------------------------------- Bad actors exploited the humble swap file to maintain a persistent credit card skimmer on a Magento e-commerce site. This clever tactic allowed the malware to survive multiple cleanup attempts. --------------------------------------------- https://blog.sucuri.net/2024/07/attackers-abuse-swap-file-to-steal-credit-ca...
∗∗∗ Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware ∗∗∗ --------------------------------------------- Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. --------------------------------------------- https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
∗∗∗ SocGholish Malware Exploits BOINC Project for Covert Cyberattacks ∗∗∗ --------------------------------------------- The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. --------------------------------------------- https://thehackernews.com/2024/07/socgholish-malware-exploits-boinc.html
∗∗∗ PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing ∗∗∗ --------------------------------------------- A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. --------------------------------------------- https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html
∗∗∗ From RA Group to RA World: Evolution of a Ransomware Group ∗∗∗ --------------------------------------------- Ransomware gang RA World rebranded from RA Group. We discuss their updated tactics from leak site changes to an analysis of their operational tools. --------------------------------------------- https://unit42.paloaltonetworks.com/ra-world-ransomware-group-updates-tool-s...
∗∗∗ Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation ∗∗∗ --------------------------------------------- Published guidance instructs administrators to reboot the machine in Safe Mode, delete a specific file, and reboot back to normal mode. Obviously, this isn’t a viable resolution on virtual machines hosted in the public cloud as there is no way to get to Safe Mode. --------------------------------------------- https://orca.security/resources/blog/crowdstrike-cloud-vm-automated-remediat...
∗∗∗ Crowdstrike-Ausfälle: Microsoft veröffentlicht Wiederherstellungstool ∗∗∗ --------------------------------------------- Microsoft hat ein Image für USB-Sticks veröffentlicht, mit dem sich betroffene Systeme wiederherstellen lassen. Vorausgesetzt, man hat den BitLocker-Key. --------------------------------------------- https://heise.de/-9808481
===================== = Vulnerabilities = =====================
∗∗∗ Telegram zero-day allowed sending malicious Android APKs as videos ∗∗∗ --------------------------------------------- A Telegram for Android zero-day vulnerability dubbed EvilVideo allowed attackers to send malicious Android APK payloads disguised as video files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sen...
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (botan2, chromium, ffmpeg, fluent-bit, gtk3, httpd, suricata, tcpreplay, and thunderbird), Mageia (apache, chromium-browser-stable, libfm & libfm-qt, and thunderbird), Oracle (firefox, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libndp, qt5-qtbase, ruby, skopeo, thunderbird, and virt:ol and virt-devel:rhel), Red Hat (containernetworking-plugins, firefox, libndp, qt5-qtbase, and thunderbird), SUSE (caddy,[...] --------------------------------------------- https://lwn.net/Articles/982845/
∗∗∗ Sicherheitsupdates: Angreifer können Sonicwall-Firewalls lahmlegen ∗∗∗ --------------------------------------------- Einige Firewalls von Sonicwall sind verwundbar. Attacken könnten bevorstehen. --------------------------------------------- https://heise.de/-9808904
∗∗∗ BIOS-Sicherheitslücke gefährdet unzählige HP-PCs ∗∗∗ --------------------------------------------- Angreifer können viele Desktopcomputer von HP mit Schadcode attackieren. --------------------------------------------- https://heise.de/-9809134
∗∗∗ SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-071402.html