===================== = End-of-Day report = =====================
Timeframe: Montag 16-12-2024 18:00 − Dienstag 17-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Verbraucherzentrale warnt vor aktueller Paypal-Betrugsmasche ∗∗∗ --------------------------------------------- Die Verbraucherzentrale NRW warnt, dass Kriminelle "Bezahlen ohne Paypal-Konto" missbrauchen. Schutz davor ist kaum möglich. [..] Im Zentrum der Kritik steht eine Paypal-Bezahloption, die sich "Zahlen ohne Paypal-Konto" nennt und auch als "Gast-Konto" oder "Gastzahlung" bekannt ist. Damit können Käufer über das Lastschrift-Verfahren zahlen, ohne dass ein Paypal-Konto angelegt wird. Dafür ist eine IBAN anzugeben. --------------------------------------------- https://heise.de/-10202355
∗∗∗ Malicious ads push Lumma infostealer via fake CAPTCHA pages ∗∗∗ --------------------------------------------- DeceptionAds can be seen as a newer and more dangerous variant of the "ClickFix" attacks, where victims are tricked into running malicious PowerShell commands on their machine, infecting themselves with malware. ClickFix actors have employed phishing emails, fake CAPTCHA pages on pirate software sites, malicious Facebook pages, and even GitHub issues redirecting users to dangerous landing pages. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-info...
∗∗∗ Over 25,000 SonicWall VPN Firewalls exposed to critical flaws ∗∗∗ --------------------------------------------- Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. [..] Public exposure means that the firewall's management or SSL VPN interfaces are accessible from the internet, presenting an opportunity for attackers to probe for vulnerabilities, outdated/unpatched firmware, misconfigurations, and brute-force weak passwords. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-fir...
∗∗∗ Sicherheitsbehörde warnt: Kernel-Schwachstelle in Windows wird aktiv ausgenutzt ∗∗∗ --------------------------------------------- Konkret geht es um die Sicherheitslücke CVE-2024-35250. Diese ermöglicht es Angreifern, auf anfälligen Systemen ihre Rechte auszuweiten. Nach Angaben der US-Cybersicherheitsbehörde Cisa gibt es neuerdings Hinweise auf eine aktive Ausnutzung. [..] Patches gegen CVE-2024-35250 stehen schon seit Juni für alle anfälligen Betriebssysteme bereit und dürften daher auf den meisten Systemen längst eingespielt worden sein. --------------------------------------------- https://www.golem.de/news/sicherheitsbehoerde-warnt-kernel-schwachstelle-in-...
∗∗∗ Python Delivering AnyDesk Client as RAT, (Tue, Dec 17th) ∗∗∗ --------------------------------------------- Yesterday, I found an interesting piece of Python script that will install AnyDesk on the victim’s computer. Even better, it reconfigures the tool if it is already installed. The script, called “an5.py” has a low VT score (6/63). Note that the script is compatible with Windows and Linux victims. --------------------------------------------- https://isc.sans.edu/diary/rss/31524
∗∗∗ Technical Analysis of RiseLoader ∗∗∗ --------------------------------------------- In October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePro’s communication protocol, we named this new malware family RiseLoader. --------------------------------------------- https://www.zscaler.com/blogs/security-research/technical-analysis-riseloade...
∗∗∗ Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks ∗∗∗ --------------------------------------------- APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors. --------------------------------------------- https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gstreamer1.0), Fedora (jupyterlab and python-notebook), Oracle (gimp:2.8.22, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, php:8.2, postgresql, and python3.11), SUSE (aws-iam-authenticator, firefox, installation-images, kernel, libaom, libyuv, libsoup, libsoup2, python-aiohttp, socat, thunderbird, and vim), and Ubuntu (curl, Docker, imagemagick, and kernel). --------------------------------------------- https://lwn.net/Articles/1002496/
∗∗∗ CrushFTP: Attacken auf Admins möglich ∗∗∗ --------------------------------------------- Angreifer können in Logs von CrushFTP Schadcode verstecken. Dagegen gerüstete Versionen sind verfügbar. --------------------------------------------- https://heise.de/-10202537
∗∗∗ Xen Security Advisory CVE-2024-53241 / XSA-466 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-466.html
∗∗∗ Xen Security Advisory CVE-2024-53240 / XSA-465 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-465.html
∗∗∗ Rockwell Automation PowerMonitor 1000 Remote ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-03
∗∗∗ Hitachi Energy TropOS Devices Series 1400/2400/6400 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-02
∗∗∗ ThreatQuotient ThreatQ Platform ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-01
∗∗∗ MISP v2.5.3 and v2.4.201 released with numerous enhancements, bug fixes, and security improvements to strengthen threat information sharing capabilities. ∗∗∗ --------------------------------------------- https://github.com/MISP/MISP/releases/tag/v2.5.3
∗∗∗ BD Diagnostic Solutions Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-352-01