===================== = End-of-Day report = =====================
Timeframe: Montag 19-08-2024 18:00 − Dienstag 20-08-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Windows driver zero-day exploited by Lazarus hackers to install rootkit ∗∗∗ --------------------------------------------- The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-expl...
∗∗∗ Solaranlagen und die Cloud: Entwickler befürchtet Kollaps europäischer Stromnetze ∗∗∗ --------------------------------------------- Moderne Solaranlagen sind häufig mit Clouddiensten der Hersteller verbunden. Ein Entwickler sieht darin eine große Gefahr für unsere Energieversorgung. --------------------------------------------- https://www.golem.de/news/solaranlagen-und-die-cloud-entwickler-befuerchtet-...
∗∗∗ Approach to mainframe penetration testing on z/OS ∗∗∗ --------------------------------------------- We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. --------------------------------------------- https://securelist.com/zos-mainframe-pentesting/113427/
∗∗∗ Hacking Wireless Bicycle Shifters ∗∗∗ --------------------------------------------- This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually .. --------------------------------------------- https://www.schneier.com/blog/archives/2024/08/hacking-wireless-bicycle-shif...
∗∗∗ Ransomware Victims Paid $460 Million in First Half of 2024 ∗∗∗ --------------------------------------------- Ransomware payments in H1 2024 totaled nearly $460 million and $1.58 billion have been stolen in cryptocurrency heists. --------------------------------------------- https://www.securityweek.com/ransomware-victims-paid-460-million-in-first-ha...
∗∗∗ Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover ∗∗∗ --------------------------------------------- A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. --------------------------------------------- https://www.securityweek.com/critical-flaw-in-donation-plugin-exposed-100000...
∗∗∗ Navigating the Uncharted: A Framework for Attack Path Discovery ∗∗∗ --------------------------------------------- This is the second post in a series on Identity-Driven Offensive Tradecraft, which is also the focus of the new course we will launch in October. In the previous post, I asked, “How does one discover and abuse new attack paths?” To start answering .. --------------------------------------------- https://posts.specterops.io/navigating-the-uncharted-a-framework-for-attack-...
∗∗∗ Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum ∗∗∗ --------------------------------------------- The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. --------------------------------------------- https://www.rapid7.com/blog/post/2024/08/20/selling-ransomware-breaches-4-tr...
∗∗∗ Challenges in Automating and Scaling Remote Vulnerability Detection ∗∗∗ --------------------------------------------- We cover investments that Bitsight is making to greatly scale out our vulnerability coverage in record time through automation. --------------------------------------------- https://www.bitsight.com/blog/challenges-automating-and-scaling-remote-vulne...
∗∗∗ Österreichs Innenminister will Messenger ausspionieren ∗∗∗ --------------------------------------------- Österreichs Geheimdienste sollen mehr Befugnisse erhalten, Malware einschleusen und WLAN-Catcher nutzen dürfen. Das beantragt die Regierungspartei ÖVP. --------------------------------------------- https://heise.de/-9840256
∗∗∗ Softwareentwicklung: Schadcode-Attacken auf Jenkins-Server beobachtet ∗∗∗ --------------------------------------------- Derzeit nutzen Angreifer eine kritische Lücke im Software-System Jenkins aus. Davon sind auch Instanzen in Deutschland bedroht. --------------------------------------------- https://heise.de/-9840463
===================== = Vulnerabilities = =====================
∗∗∗ SolarWinds Product Security Update Advisory (CVE-2024-28986) ∗∗∗ --------------------------------------------- https://asec.ahnlab.com/en/82529/
∗∗∗ Intel Family Security Update Advisory ∗∗∗ --------------------------------------------- https://asec.ahnlab.com/en/82531/