[CERT-daily] Tageszusammenfassung - 20.08.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 19-08-2024 18:00 − Dienstag 20-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Windows driver zero-day exploited by Lazarus hackers to install rootkit ∗∗∗
---------------------------------------------
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/


∗∗∗ Solaranlagen und die Cloud: Entwickler befürchtet Kollaps europäischer Stromnetze ∗∗∗
---------------------------------------------
Moderne Solaranlagen sind häufig mit Clouddiensten der Hersteller verbunden. Ein Entwickler sieht darin eine große Gefahr für unsere Energieversorgung.
---------------------------------------------
https://www.golem.de/news/solaranlagen-und-die-cloud-entwickler-befuerchtet-kollaps-europaeischer-stromnetze-2408-188177.html


∗∗∗ Approach to mainframe penetration testing on z/OS ∗∗∗
---------------------------------------------
We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.
---------------------------------------------
https://securelist.com/zos-mainframe-pentesting/113427/


∗∗∗ Hacking Wireless Bicycle Shifters ∗∗∗
---------------------------------------------
This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually ..
---------------------------------------------
https://www.schneier.com/blog/archives/2024/08/hacking-wireless-bicycle-shifters.html


∗∗∗ Ransomware Victims Paid $460 Million in First Half of 2024 ∗∗∗
---------------------------------------------
Ransomware payments in H1 2024 totaled nearly $460 million and $1.58 billion have been stolen in cryptocurrency heists.
---------------------------------------------
https://www.securityweek.com/ransomware-victims-paid-460-million-in-first-half-of-2024/


∗∗∗ Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover ∗∗∗
---------------------------------------------
A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion.
---------------------------------------------
https://www.securityweek.com/critical-flaw-in-donation-plugin-exposed-100000-wordpress-sites-to-takeover/


∗∗∗ Navigating the Uncharted: A Framework for Attack Path Discovery ∗∗∗
---------------------------------------------
This is the second post in a series on Identity-Driven Offensive Tradecraft, which is also the focus of the new course we will launch in October. In the previous post, I asked, “How does one discover and abuse new attack paths?” To start answering ..
---------------------------------------------
https://posts.specterops.io/navigating-the-uncharted-a-framework-for-attack-path-discovery-c5a0a020a144


∗∗∗ Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum ∗∗∗
---------------------------------------------
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/08/20/selling-ransomware-breaches-4-trends-spotted-on-the-ramp-forum/


∗∗∗ Challenges in Automating and Scaling Remote Vulnerability Detection ∗∗∗
---------------------------------------------
We cover investments that Bitsight is making to greatly scale out our vulnerability coverage in record time through automation.
---------------------------------------------
https://www.bitsight.com/blog/challenges-automating-and-scaling-remote-vulnerability-detection


∗∗∗ Österreichs Innenminister will Messenger ausspionieren ∗∗∗
---------------------------------------------
Österreichs Geheimdienste sollen mehr Befugnisse erhalten, Malware einschleusen und WLAN-Catcher nutzen dürfen. Das beantragt die Regierungspartei ÖVP.​
---------------------------------------------
https://heise.de/-9840256


∗∗∗ Softwareentwicklung: Schadcode-Attacken auf Jenkins-Server beobachtet ∗∗∗
---------------------------------------------
Derzeit nutzen Angreifer eine kritische Lücke im Software-System Jenkins aus. Davon sind auch Instanzen in Deutschland bedroht.
---------------------------------------------
https://heise.de/-9840463


=====================
=  Vulnerabilities  =
=====================


∗∗∗ SolarWinds Product Security Update Advisory (CVE-2024-28986) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82529/


∗∗∗ Intel Family Security Update Advisory ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82531/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily