===================== = End-of-Day report = =====================
Timeframe: Donnerstag 04-07-2024 18:00 − Freitag 05-07-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ New Eldorado ransomware targets Windows, VMware ESXi VMs ∗∗∗ --------------------------------------------- A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targe...
∗∗∗ Turla: A Master’s Art of Evasion ∗∗∗ --------------------------------------------- Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. --------------------------------------------- https://www.gdatasoftware.com/blog/2024/07/37977-turla-evasion-lnk-files
∗∗∗ New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers have uncovered a new botnet called Zergeca thats capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top"). --------------------------------------------- https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.ht...
∗∗∗ Latest Ghostscript vulnerability haunts experts as the next big breach enabler ∗∗∗ --------------------------------------------- Theres also chatter about whether medium severity scare is actually code red nightmare Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2024/07/05/ghostscript_v...
∗∗∗ Binance-Kund:innen aufgepasst: SMS zu Login-Versuch ist Fake ∗∗∗ --------------------------------------------- Aktuell erreichen uns Meldungen über eine SMS im Namen der Handelsplattform Binance: Angeblich gibt es einen Login-Versuch aus Malta oder einem anderen Land. Es wird um einen Rückruf gebeten. Ignorieren Sie die SMS. Kriminelle versuchen Ihr Konto zu kapern und an Ihr Geld zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/binance-login-fake/
∗∗∗ TeamViewer gibt Entwarnung: Keine Kundendaten beim Hack im Juni 2024 abgeflossen ∗∗∗ --------------------------------------------- Der Hack des Fernwartungsanbieters TeamViewer scheint wohl glimpflicher abgegangen zu sein, als befürchtet. Ein staatlicher Akteur (APT29) hatte zwar Zugriff auf die interne IT-Umgebung des Unternehmens. Aber weder die Produktivumgebung mit den Quellen und Binärdateien der Fernwartungssoftware noch Kundendaten scheinen betroffen. Das hat der Anbieter in einem nunmehr dritten Statusupdate bekannt gegeben. --------------------------------------------- https://www.borncity.com/blog/2024/07/05/teamviewer-gibt-entwarnung-keine-ku...
∗∗∗ Turning Jenkins Into a Cryptomining Machine From an Attackers Perspective ∗∗∗ --------------------------------------------- In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. --------------------------------------------- https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-crypto...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource). --------------------------------------------- https://lwn.net/Articles/980855/
∗∗∗ ZDI-24-897: Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-897/