[CERT-daily] Tageszusammenfassung - 16.08.2024

Fri Aug 16 18:31:19 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 14-08-2024 18:00 − Freitag 16-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Opinion: More layers in malware campaigns are not a sign of sophistication ∗∗∗
---------------------------------------------
Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so?
---------------------------------------------
https://www.gdatasoftware.com/blog/2024/08/37995-malware-sophistication


∗∗∗ Ailurophile: New Infostealer sighted in the wild ∗∗∗
---------------------------------------------
We discovered a new stealer in the wild called "Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the ..
---------------------------------------------
https://www.gdatasoftware.com/blog/2024/08/38005-ailurophile-infostealer


∗∗∗ Tusk: unraveling a complex infostealer campaign ∗∗∗
---------------------------------------------
Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data.
---------------------------------------------
https://securelist.com/tusk-infostealers-campaign/113367/


∗∗∗ PrestaShop GTAG Websocket Skimmer ∗∗∗
---------------------------------------------
During a recent investigation we uncovered another credit card skimmer leveraging a web socket connection to steal credit card details from an infected PrestaShop website.While PrestaShop is not the most popular eCommerce solution for online stores it is still in the top 10 most common ecommerce platforms in use on the web, and clocks in at just ..
---------------------------------------------
https://blog.sucuri.net/2024/08/prestashop-gtag-websocket-skimmer.html


∗∗∗ Ransomware Attacks on Industrial Firms Surged in Q2 2024 ∗∗∗
---------------------------------------------
Dragos has seen a significant increase in ransomware attacks on industrial organizations in Q2 2024 compared to the previous quarter.
---------------------------------------------
https://www.securityweek.com/ransomware-attacks-on-industrial-firms-surged-in-q2-2024/


∗∗∗ Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments ∗∗∗
---------------------------------------------
We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations AWS environments.
---------------------------------------------
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/


∗∗∗ New infostealer targets macOS devices, appears to have Russian links ∗∗∗
---------------------------------------------
Researchers have discovered new information-stealing malware labeled Banshee Stealer that is designed to breach Apple computers. 
---------------------------------------------
https://therecord.media/apple-macos-infostealer-banshee-stealer


∗∗∗ Iranian backed group steps up phishing campaigns against Israel, U.S. ∗∗∗
---------------------------------------------
Google’s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.
---------------------------------------------
https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/


∗∗∗ Ransomware Prevention Guide for Managed Service Providers ∗∗∗
---------------------------------------------
This comprehensive ransomware prevention guide outlines a strategic approach to preventing ransomware attacks, drawing upon industry best practices, compelling statistics, and expert insights.
---------------------------------------------
https://www.emsisoft.com/en/blog/45911/ransomware-prevention-guide-for-managed-service-providers/


∗∗∗ Hacking Beyond.com — Enumerating Private TLDs ∗∗∗
---------------------------------------------
My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL certificates that included the client name. In these certificates I identified that the client owned its own top-level domain (TLD). A TLD is the last part of a domain name, the letters that come after ..
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (389-ds-base, dotnet8.0, python3.13, roundcubemail, thunderbird, and tor), Mageia (roundcubemail), Oracle (.NET 8.0, bind and bind-dyndb-ldap, bind9.16, container-tools:ol8, edk2, firefox, gnome-shell, grafana, httpd:2.4, jose, kernel, krb5, mod_auth_openidc:2.3, orc, poppler, python-urllib3, ..
---------------------------------------------
https://lwn.net/Articles/985980/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily