===================== = End-of-Day report = =====================
Timeframe: Freitag 20-12-2024 18:00 − Montag 23-12-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Middle East Cyberwar Rages On, With No End in Sight ∗∗∗ --------------------------------------------- Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale. --------------------------------------------- https://www.darkreading.com/cyberattacks-data-breaches/middle-east-cyberwar-...
∗∗∗ Cloud Atlas seen using a new tool in its attacks ∗∗∗ --------------------------------------------- We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims data with various PowerShell scripts. --------------------------------------------- https://securelist.com/cloud-atlas-attacks-with-new-backdoor-vbcloud/115103/
∗∗∗ Modiloader From Obfuscated Batch File ∗∗∗ --------------------------------------------- My last investigation is a file called "Albertsons Payments.gz", received via email. The file looks like an archive but is identified as a picture by .. --------------------------------------------- https://isc.sans.edu/diary/Modiloader+From+Obfuscated+Batch+File/31540
∗∗∗ Vulnerability & Patch Roundup - November 2024 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help .. --------------------------------------------- https://blog.sucuri.net/2024/12/vulnerability-patch-roundup-november-2024.ht...
∗∗∗ Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service ∗∗∗ --------------------------------------------- An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm."It appears that the [Rockstar2FA] group running the service experienced at least a .. --------------------------------------------- https://thehackernews.com/2024/12/rockstar2fa-collapse-fuels-expansion-of.ht...
∗∗∗ l+f: Sicherheitsforscher bestellt bei McDonalds für 1 Cent ∗∗∗ --------------------------------------------- Der McDonalds-Lieferservice in Indien war kaputt und Bestellungen waren umfangreich manipulierbar. --------------------------------------------- https://www.heise.de/news/l-f-Sicherheitsforscher-bestellt-bei-McDonald-s-fu...
∗∗∗ Webbrowser: Chrome und Edge sollen mittels KI vor Spam-Seiten warnen ∗∗∗ --------------------------------------------- Um Nutzer vor betrügerischen Websites zu warnen, haben Chrome und Edge neuerdings einen KI-Schutz an Bord. Noch ist das Feature aber nicht standardmäßig aktiv. --------------------------------------------- https://www.heise.de/news/Webbrowser-Chrome-und-Edge-sollen-mittels-KI-vor-S...
∗∗∗ Heels on fire. Hacking smart ski socks ∗∗∗ --------------------------------------------- TL;DR A silly-season BLE connectivity story Overheat people’s smart ski socks .. but only when in Bluetooth range AND when the owner’s phone is out of range of their feet! Having […]The post Heels on fire. Hacking smart ski socks first appeared on Pen Test Partners. --------------------------------------------- https://www.pentestpartners.com/security-blog/heels-on-fire-hacking-smart-sk...
∗∗∗ Fast zwei Drittel aller gestohlenen Kryptogelder wanderten 2024 nach Nordkorea ∗∗∗ --------------------------------------------- Eine aktuelle Analyse zeigt, dass der Gesamtwert gestohlener Kryptowährungen heuer bisher um 21 Prozent auf 2,2 Milliarden Dollar gestiegen ist --------------------------------------------- https://www.derstandard.at/story/3000000250591/fast-zwei-drittel-aller-gesto...
∗∗∗ NSO-Group für WhatsApp-Angriff mit Pegasus-Spyware schuldig gesprochen ∗∗∗ --------------------------------------------- Im Jahr 2019 wurden WhatsApp-Nutzer Opfer eines Angriffs durch Spyware, die über eine Schwachstelle auf Android und iOS-Geräte installiert werden konnte. WhatsApp verklagte die NSO Group, die den .. --------------------------------------------- https://www.borncity.com/blog/2024/12/22/nso-group-fuer-angriff-mit-pegasus-...
∗∗∗ Jingle Shells: How Virtual Offices Enable a Facade of Legitimacy ∗∗∗ --------------------------------------------- Virtual offices have revolutionized the way businesses operate. They provide cost-effective flexibility by eliminating the .. --------------------------------------------- https://www.team-cymru.com/post/how-virtual-offices-enable-a-facade-of-legit...
∗∗∗ A Primer on JA4+: Empowering Threat Analysts with Better Traffic Analysis ∗∗∗ --------------------------------------------- What is JA4+ and Why Does It Matter? Introduction Threat analysts and researchers are continually seeking tools and methodologies to gain .. --------------------------------------------- https://www.team-cymru.com/post/a-primer-on-ja4-empowering-threat-analysts-w...
∗∗∗ Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner ∗∗∗ --------------------------------------------- Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats. --------------------------------------------- https://hackread.com/supply-chain-attack-rspack-vant-npm-monero-miner/
∗∗∗ Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition ∗∗∗ --------------------------------------------- A comprehensive analysis of benign internet scanning activity from November 2024, examining how quickly and thoroughly various legitimate scanning services (like Shodan, Censys, and others) discover and probe new internet-facing assets. The study deployed 24 new sensors across 8 geographies and 5 autonomous systems, revealing that most scanners .. --------------------------------------------- https://www.greynoise.io/blog/checking-it-twice-profiling-benign-internet-sc...
∗∗∗ Kritische Sicherheitslücken bedrohen Sophos-Firewalls ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für Firewalls von Sophos erschienen. Mit den Standardeinstellungen installieren sie sich automatisch. --------------------------------------------- https://heise.de/-10218914
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gst-plugins-base1.0, libxstream-java, php-laravel-framework, python-urllib3, and sqlparse), Fedora (chromium, libcomps, libdnf, mingw-directxmath, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-orc, ofono, prometheus-podman-exporter, .. --------------------------------------------- https://lwn.net/Articles/1003287/
∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008 ∗∗∗ --------------------------------------------- Date Reported: December 22, 2024 Advisory ID: WSA-2024-0008 CVE identifiers: CVE-2024-54479, CVE-2024-54502, CVE-2024-54505, CVE-2024-54508, CVE-2024-54534 Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2024-54479 Versions affected: WebKitGTK and WPE WebKit before 2.46.5. Credit to Seunghyun Lee. Impact: Processing maliciously .. --------------------------------------------- https://webkitgtk.org/security/WSA-2024-0008.html
∗∗∗ TR-91 - Vulnerability identified as CVE-2024-0012, affecting Palo Alto Networks PAN-OS software ∗∗∗ --------------------------------------------- https://www.circl.lu/pub/tr-91