[CERT-daily] Tageszusammenfassung - 07.08.2024

Wed Aug 7 18:16:36 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 06-08-2024 18:00 − Mittwoch 07-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Schweiz: Kuh stirbt nach Cyberangriff auf Melkroboter ∗∗∗
---------------------------------------------
Die Angreifer forderten ein Lösegeld. Da der Landwirt nicht zahlen wollte, ist ihm der Zugang zu wichtigen Informationen über seine Kühe verwehrt geblieben.
---------------------------------------------
https://www.golem.de/news/schweiz-kuh-stirbt-nach-cyberangriff-auf-melkroboter-2408-187792.html


∗∗∗ New Linux Kernel Exploit Technique SLUBStick Discovered by Researchers ∗∗∗
---------------------------------------------
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive."Initially, it exploits ..
---------------------------------------------
https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html


∗∗∗ Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victims web browser and steal sensitive information from their account under specific ..
---------------------------------------------
https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html


∗∗∗ CrowdStrike hires outside security outfits to review troubled Falcon code ∗∗∗
---------------------------------------------
And reveals the small mistake that bricked 8.5M Windows boxes CrowdStrike has hired two outside security firms to review its threat-detection suite Falcon that sparked a global IT outage last month - though it may not have an awful lot ..
---------------------------------------------
https://www.theregister.com/2024/08/07/crowdstrike_full_incident_root_cause_analysis/


∗∗∗ Police take just 2 days to recover $40M stolen in business email scam ∗∗∗
---------------------------------------------
Timor-Leste is a known cybercrime hotspot Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week.
---------------------------------------------
https://www.theregister.com/2024/08/07/police_take_just_two_days/


∗∗∗ Small CSS tweaks can help nasty emails slip through Outlooks anti-phishing net ∗∗∗
---------------------------------------------
A simple HTML change and the warning is gone! Researchers say cybercriminals can have fun bypassing one of Microsofts anti-phishing measures in Outlook with some simple CSS tweaks.
---------------------------------------------
https://www.theregister.com/2024/08/07/small_css_tweaks_can_help/


∗∗∗ BloodHound Operator — Dog Whispering Reloaded ∗∗∗
---------------------------------------------
Back in the BloodHound “Legacy” days, I wrote some PowerShell tooling to make my life easy and automate various tasks around BloodHound. When the new BloodHound came out, most of these tools ..
---------------------------------------------
https://posts.specterops.io/bloodhound-operator-dog-whispering-reloaded-156020b7c5e9


∗∗∗ CISA Releases Secure by Demand Guidance ∗∗∗
---------------------------------------------
Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start.An organization’s acquisition staff often has a general ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/08/06/cisa-releases-secure-demand-guidance


∗∗∗ Achtung: Microsofts UEFI Zertifikat läuft am 19. Okt. 2026 aus – Secure Boot betroffen ∗∗∗
---------------------------------------------
[English]Ich stelle mal ein Thema hier im Blog ein, was noch "ein paar Tage Zeit hat", aber arg unangenehme Folgen haben könnte. Im Herbst 2026 läuft ein Zertifikat in Windows aus, welches im UEFI dafür sorgt, dass der ..
---------------------------------------------
https://www.borncity.com/blog/2024/08/07/achtung-microsofts-uefi-zertifikat-luft-am-19-okt-2026-aus-secure-boot-betroffen/


∗∗∗ Looking back at the ballot – securing the general election ∗∗∗
---------------------------------------------
NCSC CEO Felicity Oswald shares reflections on keeping the 2024 General Election safe.
---------------------------------------------
https://www.ncsc.gov.uk/blog-post/looking-back-at-the-ballot-securing-the-general-election


∗∗∗ The Risks of Parked Domains ∗∗∗
---------------------------------------------
Many organizations view parked domains as dormant, low-risk, and not worth the investment in robust security measures. This is a misconception. Heres why.
---------------------------------------------
https://www.bitsight.com/blog/risks-parked-domains


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-5739-1 wpa - security update ∗∗∗
---------------------------------------------
Rory McNamara reported a local privilege escalation in wpasupplicant: A user able to escalate to the netdev group can load arbitrary shared object files in the context of the wpa_supplicant process running as root.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00151.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily