===================== = End-of-Day report = =====================
Timeframe: Donnerstag 11-07-2024 18:00 − Freitag 12-07-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Nach Social-Media-Drama: Signal patcht eine seit 2018 bekannte Schwachstelle ∗∗∗ --------------------------------------------- Durch die Schwachstelle können andere Anwendungen auf Signal-Chats zugreifen. Bekannt ist das Problem schon seit sechs Jahren. Nun soll endlich ein Fix kommen. --------------------------------------------- https://www.golem.de/news/nach-social-media-drama-signal-patcht-seit-sechs-j...
∗∗∗ Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots ∗∗∗ --------------------------------------------- Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like "uname -a" to fingerprint the kernel. However, other commands are less intuitive and are not commands a normal user would use. I am trying to summarize some of the more common ones here, focusing on commands attackers use to figure out if they are inside a honeypot. --------------------------------------------- https://isc.sans.edu/diary/Understanding+SSH+Honeypot+Logs+Attackers+Fingerp...
∗∗∗ 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack ∗∗∗ --------------------------------------------- Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the .. --------------------------------------------- https://thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.htm...
∗∗∗ Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments ∗∗∗ --------------------------------------------- A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users inboxes.The vulnerability, tracked as CVE-2024-39929, has a CVSS .. --------------------------------------------- https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.ht...
∗∗∗ Telefonbetrug: Scam Anruf von Anwälten im Umlauf ∗∗∗ --------------------------------------------- Der Betrüger fälscht die Telefonnummer einer renommierten Anwaltskanzlei in der Umgebung und ruft das Opfer an. Im Gespräch gibt sich der vermeintliche Anwalt als eine echte Person aus, die .. --------------------------------------------- https://blog.zettasecure.com/telefonbetrug-scam-anruf-von-anwaelten-im-umlau...
∗∗∗ AT&T wurde Opfer eines riesigen Hackerangriffs ∗∗∗ --------------------------------------------- Verbindungsdaten von 109 Millionen Kunden wurden von unbekannten Angreifern heruntergeladen --------------------------------------------- https://www.derstandard.at/story/3000000228237/att-wurde-opfer-eines-riesige...
∗∗∗ Apple sends new warning about mercenary spyware attacks to iPhone users. Should you worry now? ∗∗∗ --------------------------------------------- Though mercenary spyware attacks are rare and typically sent only to targeted individuals, Apple has alerted iPhone users about them for the second time this year. --------------------------------------------- https://www.zdnet.com/article/apple-warns-of-mercenary-spyware-attacks-again...
∗∗∗ mSpy: Dritter Hack seit 2010 legt Millionen Nutzerdaten offen ∗∗∗ --------------------------------------------- Es heißt ja "Aller guten Dinge sind drei" – was aber hier wohl eher nicht zutrifft. Der Anbieter von Smartphone-Überwachung, mySpy, ist erneut durch ein Datenleck auf Grund eines Hacks aufgefallen (der dritte Vorfall seit 2010). Ein .. --------------------------------------------- https://www.borncity.com/blog/2024/07/12/mspy-dritter-hack-seit-2010-legt-mi...
∗∗∗ Checking in on the state of cybersecurity and the Olympics ∗∗∗ --------------------------------------------- Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. --------------------------------------------- https://blog.talosintelligence.com/threat-source-newsletter-july-12-2024/
===================== = Vulnerabilities = =====================
∗∗∗ DSA-5729-1 apache2 - security update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in the Apache HTTP server,which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service. --------------------------------------------- https://lists.debian.org/debian-security-announce/2024/msg00140.html