===================== = End-of-Day report = =====================
Timeframe: Freitag 27-09-2024 18:00 − Montag 30-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ US-Wahlkampf: Anklage wegen des Hacks der Trump-Kampagne erhoben ∗∗∗ --------------------------------------------- Drei Männer müssen sich vor Gericht wegen des Cyberangriffs auf das Wahlkampfteam von Donald Trump verantworten. --------------------------------------------- https://www.golem.de/news/us-wahlkampf-anklage-wegen-des-hacks-der-trump-kam...
∗∗∗ How to Know if Your Website Is Hacked ∗∗∗ --------------------------------------------- Whether you manage a gaming blog, an e-commerce platform, or an enterprise-level website you probably want to be able to detect infections when they occur. A hacked website can lead to financial loss, disruption of business operations, and the exposure of confidential information. The key is acting fast once you discover possible .. --------------------------------------------- https://blog.sucuri.net/2024/09/how-do-website-owners-know-that-their-websit...
∗∗∗ If youre holding important data, Iran is probably trying spearphish it ∗∗∗ --------------------------------------------- Its election year for more than 50 countries and the Islamic Republic threatens a bunch of them US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments. --------------------------------------------- https://www.theregister.com/2024/09/30/iran_spearphishing/
∗∗∗ The Pig Butchering Invasion Has Begun ∗∗∗ --------------------------------------------- Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process. --------------------------------------------- https://www.wired.com/story/pig-butchering-scam-invasion/
∗∗∗ Eliminating Memory Safety Vulnerabilities at the Source ∗∗∗ --------------------------------------------- Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning .. --------------------------------------------- http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabili...
∗∗∗ The Data Breach Disclosure Conundrum ∗∗∗ --------------------------------------------- The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? --------------------------------------------- https://www.troyhunt.com/the-data-breach-disclosure-conundrum/
∗∗∗ How can you protect your data, privacy, and finances if your phone gets lost or stolen? ∗∗∗ --------------------------------------------- Steps to take when your device is lost or stolen TL;DR This is a guide to help prepare for a situation where your mobile device is lost or stolen, including .. --------------------------------------------- https://www.pentestpartners.com/security-blog/how-can-you-protect-your-data-...
∗∗∗ Cyber Security Month: Stärken Sie Ihr Wissen ∗∗∗ --------------------------------------------- Im Oktober dreht sich alles um das Thema Cybersicherheit. Nutzen Sie die Gelegenheit, um Ihr Wissen über Phishing, Schadsoftware und andere Cyberbedrohungen aufzufrischen. --------------------------------------------- https://www.watchlist-internet.at/news/cyber-security-month-2024/
∗∗∗ Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware ∗∗∗ --------------------------------------------- In November 2023, we identified a BlackCat ransomware intrusion started by Nitrogen malware hosted on a website impersonating Advanced IP .. --------------------------------------------- https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends...
∗∗∗ Datenschutzvorfall bei GlobalSign (Sept. 2024) ∗∗∗ --------------------------------------------- Der Anbieter GlobalSign musste gegenüber einigen Kunden einen Datenschutzvorfall eingestehen. Bei deren Customer Relationship Management Platform (CRM) kam es zu einer Fehlkonfigurierung, so dass ein .. --------------------------------------------- https://www.borncity.com/blog/2024/09/30/datenschutzvorfall-bei-globalsign-s...
∗∗∗ Facial DNA provider leaks biometric data via WordPress folder ∗∗∗ --------------------------------------------- ChiceDNA exposed 8,000 sensitive records, including biometric images, personal details, and facial DNA data in an unsecured WordPress… --------------------------------------------- https://hackread.com/facial-dna-provider-leak-biometric-data-wordpress-folde...
===================== = Vulnerabilities = =====================
∗∗∗ Local Privilege Escalation mittels MSI Installer in Nitro PDF Pro ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escala...