===================== = End-of-Day report = =====================
Timeframe: Donnerstag 26-09-2024 18:00 − Freitag 27-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Storm-0501: Ransomware attacks expanding to hybrid cloud environments ∗∗∗ --------------------------------------------- Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomwa...
∗∗∗ NIST Recommends Some Common-Sense Password Rules ∗∗∗ --------------------------------------------- NIST’s second draft of its “SP 800-63-4“ - its digital identify guidelines - finally contains some really good rules about passwords. --------------------------------------------- https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-s...
∗∗∗ Kaspersky Defends Stealth Swap of Antivirus Software on US Computers ∗∗∗ --------------------------------------------- Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software. Kaspersky .. --------------------------------------------- https://it.slashdot.org/story/24/09/26/1825249/kaspersky-defends-stealth-swa...
∗∗∗ Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate."These attacks could be .. --------------------------------------------- https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.htm...
∗∗∗ Victims lose $70K to one single wallet-draining app on Googles Play Store ∗∗∗ --------------------------------------------- Attackers got 10k people to download trusted web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign .. --------------------------------------------- https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/
∗∗∗ Patch now: Critical Nvidia bug allows container escape, complete host takeover ∗∗∗ --------------------------------------------- 33% of cloud environments using the toolkit impacted, were told A critical bug in Nvidias widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. --------------------------------------------- https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/
∗∗∗ Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected ∗∗∗ --------------------------------------------- A researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems. --------------------------------------------- https://www.securityweek.com/highly-anticipated-linux-flaw-allows-remote-cod...
∗∗∗ US Announces Charges, Sanctions Against Russian Administrator of Carding Website ∗∗∗ --------------------------------------------- US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash. --------------------------------------------- https://www.securityweek.com/us-announces-charges-sanctions-against-russian-...
∗∗∗ Spatenstich für Cybersecurity-Campus der TU Graz ∗∗∗ --------------------------------------------- Rund 25 Millionen Euro werden in den Komplex für bis zu 160 Forschende in der Sandgasse investiert. Auch IT-Start-ups sollen dort Platz finden --------------------------------------------- https://www.derstandard.at/story/3000000238456/spatenstich-fuer-cybersecurit...
∗∗∗ Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 ∗∗∗ --------------------------------------------- ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine --------------------------------------------- https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way...
∗∗∗ Geoblocking als einfache DDoS-Abwehr ∗∗∗ --------------------------------------------- Distributed Denial of Service (DDoS) Angriffe gibt es in diversen Varianten, das reicht von reflected UDP mit hoher Bandbreite über Tricksereien auf Layer 4 (etwa TCP-SYN Flooding, oder auch nur Überlastung der State-Tabellen in Firewalls) bis hin zu Layer 7 Angriffen mit vielen teuren http Anfragen. Aktuell sehen wir gerade letztere, dazu wollen wir ein .. --------------------------------------------- https://www.cert.at/de/blog/2024/9/geoblocking-gegen-ddos
∗∗∗ Meta fined $101 million for storing hundreds of millions of passwords in plaintext ∗∗∗ --------------------------------------------- European regulators fined Meta for an engineering mistake that the social media giant first reported in 2019. --------------------------------------------- https://therecord.media/meta-unprotected-passwords-fine-gdpr
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-24-1290: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1290/
∗∗∗ ZDI-24-1289: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1289/