[CERT-daily] Tageszusammenfassung - 02.08.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 01-08-2024 18:00 − Freitag 02-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Tech support scam ring leader gets 7 years in prison, $6M fine ∗∗∗
---------------------------------------------
The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million.
---------------------------------------------
https://www.bleepingcomputer.com/news/legal/tech-support-scam-ring-leader-gets-7-years-in-prison-6m-fine/


∗∗∗ A recent spate of Internet disruptions ∗∗∗
---------------------------------------------
Cloudflare Radar is constantly monitoring the Internet for widespread disruptions. Here we examine several recent noteworthy disruptions detected in the first month of Q3, including traffic anomalies observed in Bangladesh, Syria, Pakistan, and Venezuela
---------------------------------------------
https://blog.cloudflare.com/a-recent-spate-of-internet-disruptions-july-2024


∗∗∗ Leaked GitHub Python Token ∗∗∗
---------------------------------------------
Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).JFrog discussed what could ..
---------------------------------------------
https://www.schneier.com/blog/archives/2024/08/leaked-github-python-token.html


∗∗∗ Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal ∗∗∗
---------------------------------------------
Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which ..
---------------------------------------------
https://thehackernews.com/2024/08/mirai-botnet-targeting-ofbiz-servers.html


∗∗∗ New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism. The newly identified malware ..
---------------------------------------------
https://thehackernews.com/2024/08/new-windows-backdoor-bitsloth-exploits.html


∗∗∗ This Week in Security: Echospoofing, Ransomware Records, and Github Attestations ∗∗∗
---------------------------------------------
It’s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the ..
---------------------------------------------
https://hackaday.com/2024/08/02/this-week-in-security-echospoofing-ransomware-records-and-github-attestations/


∗∗∗ Russland bekommt zwei schwerkriminelle Hacker zurück ∗∗∗
---------------------------------------------
Niemand soll je so viele Menschen finanziell geschädigt haben wie Roman Selesnew. Wladislaw Kljuschin hingegen gilt als Putins Trader und Schrecken der Wall Street
---------------------------------------------
https://www.derstandard.at/story/3000000230914/russland-bekommt-zwei-schwerkriminelle-hacker-zurueck


∗∗∗ China dismisses Germany’s accusations over cyberattack as ‘targeted defamation’ ∗∗∗
---------------------------------------------
Chinese officials on Thursday responded to accusations from Germany that it was behind an attack on the country’s state cartography agency, calling them “unfounded.” 
---------------------------------------------
https://therecord.media/china-germany-cyberattack-unfounded


∗∗∗ White House officials meet with allies, industry on connected car risks ∗∗∗
---------------------------------------------
Leaders from the White House and State Department met with representatives from several major allied countries, the European Union and industry leaders Wednesday for what has been billed as the “first multinational meeting” to address the national security risks posed by connected cars. 
---------------------------------------------
https://therecord.media/white-house-officials-meet-with-nations-industry-connected-cars


∗∗∗ From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements ∗∗∗
---------------------------------------------
What is this blog post about? This blog post is about why incident responder artifacts not only play a role on the defensive but also offensive side of cyber security. We are gonna look at some of the usually collected evidences and how they can be valuable to us as red team operators. We ..
---------------------------------------------
https://blog.nviso.eu/2024/08/02/from-evidence-to-advantage-leveraging-incident-response-artifacts-for-red-team-engagements/


∗∗∗ CISA Releases Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle ∗∗∗
---------------------------------------------
Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the release of its “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain ..
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-releases-software-acquisition-guide-government-enterprise-consumers-software-assurance-cyber


∗∗∗ Panamorfi: A New Discord DDoS Campaign ∗∗∗
---------------------------------------------
Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed ‘Panamorfi’, utilizing the Java written minecraft DDoS package - mineping - the threat actor launches a DDoS. Thus far weve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat actor and how to protect your environments.
---------------------------------------------
https://blog.aquasec.com/panamorfi-a-new-discord-ddos-campaign


∗∗∗ Unbefugte Zugriffe auf IT-Managementlösung Aruba ClearPass möglich ∗∗∗
---------------------------------------------
Die Entwickler von HPE Aruba Networking haben in ClearPass Policy Manager unter anderem eine kritische Sicherheitslücke geschlossen.
---------------------------------------------
https://heise.de/-9821717


∗∗∗ Bericht: Cyberkriminelle nutzen Cloudflare-Tunnel zur Verbreitung von Malware ∗∗∗
---------------------------------------------
Bisher unbekannte Cyberkriminelle nutzen "TryCloudflare" zur unbehelligten Verbreitung von Malware. Das berichten Sicherheitsexperten.
---------------------------------------------
https://heise.de/-9821797



=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium), SUSE (docker and patch), and Ubuntu (bind9, gross, linux-azure, linux-azure-4.15, linux-lowlatency-hwe-6.5, and tomcat8, tomcat9).
---------------------------------------------
https://lwn.net/Articles/984370/


∗∗∗ ZDI-24-1042: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1042/


∗∗∗ ZDI-24-1041: Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1041/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily