[CERT-daily] Tageszusammenfassung - 23.08.2024

Daily end-of-shift report team at cert.at
Fri Aug 23 18:07:41 CEST 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 22-08-2024 18:00 − Freitag 23-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


=====================
=       News        =
=====================


∗∗∗ Qilin ransomware now steals credentials from Chrome browsers ∗∗∗
---------------------------------------------
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qilin-ransomware-now-steals-credentials-from-chrome-browsers/


∗∗∗ Hackers are exploiting critical bug in LiteSpeed Cache plugin ∗∗∗
---------------------------------------------
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-bug-in-litespeed-cache-plugin/


∗∗∗ Warnung vor Ebola-Infektion: Uni löst mit Phishing-Test unnötige Panik aus ∗∗∗
---------------------------------------------
Studenten und Mitarbeiter der UCSC haben per E-Mail eine falsche Warnung vor einer Ebola-Infektion auf dem Campus erhalten. Der CISO der Uni entschuldigt sich.
---------------------------------------------
https://www.golem.de/news/warnung-vor-ebola-infektion-phishing-test-an-einer-uni-loest-unnoetige-panik-aus-2408-188318.html


∗∗∗ Mäh- und Saugroboter: Ecovacs will Spionagelücken nun doch angehen ∗∗∗
---------------------------------------------
Mehrere Mäh- und Saugroboter von Ecovacs lassen sich von Angreifern übernehmen. Erst wollte der Hersteller gar nicht patchen, doch nun kommt die Kehrtwende.
---------------------------------------------
https://www.golem.de/news/hersteller-lenkt-ein-ecovacs-arbeitet-nun-doch-an-patches-gegen-spionageangriffe-2408-188329.html


∗∗∗ WordPress Websites Used to Distribute ClearFake Trojan Malware ∗∗∗
---------------------------------------------
Unfortunately, scams are all over the place, and anybody who has surfed the web should know this. We’ve all gotten phishing emails, or redirected to questionable websites at some point or another. Being on your guard is an important posture to take online, and part of that is knowing how to identify threats, scams, or places you shouldn’t visit ..
---------------------------------------------
https://blog.sucuri.net/2024/08/wordpress-websites-used-to-distribute-clearfake-trojan-malware.html


∗∗∗ Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control ∗∗∗
---------------------------------------------
Details have emerged about a China-nexus threat groups exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection.The activity, attributed to Velvet Ant, was ..
---------------------------------------------
https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html


∗∗∗ Halliburton probes an issue disrupting business ops ∗∗∗
---------------------------------------------
What could the problem be? Reportedly, a cyberattack American oil giant Halliburton is investigating an "issue," reportedly a cyberattack, that has disrupted some business operations and global networks.
---------------------------------------------
https://www.theregister.com/2024/08/22/halliburton_investigates_incident_amid_cyberattack/


∗∗∗ Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware ∗∗∗
---------------------------------------------
We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials.
---------------------------------------------
https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/


∗∗∗ CrowdStrike Outage Timeline and Analysis ∗∗∗
---------------------------------------------
Bitsights analysis of the CrowdStrike outage and timeline mysteries.
---------------------------------------------
https://www.bitsight.com/blog/crowdstrike-outage-timeline-and-analysis


∗∗∗ A Global Treaty to Fight Cybercrime—Without Combating Mercenary Spyware: Article by Kate Robertson in Lawfare ∗∗∗
---------------------------------------------
In an article for Lawfare, the Citizen Labs senior research associate Kate Robertson analyzes how, in its current form, the draft treaty is poised "to become a vehicle for complicity in the global mercenary spy trade."
---------------------------------------------
https://citizenlab.ca/2024/08/a-global-treaty-to-fight-cybercrime-without-combating-mercenary-spyware/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ SonicOS Improper Access Control Vulnerability ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list