[CERT-daily] Tageszusammenfassung - 26.08.2024
Daily end-of-shift report
team at cert.at
Mon Aug 26 18:36:27 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 23-08-2024 18:00 − Montag 26-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Stealthy sedexp Linux malware evaded detection for two years ∗∗∗
---------------------------------------------
A stealthy Linux malware named sedexp has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/stealthy-sedexp-linux-malware-evaded-detection-for-two-years/
∗∗∗ BSI: Prüfung der Sicherheit von Huawei bleibt ein Staatsgeheimnis ∗∗∗
---------------------------------------------
Da die Sicherheitsinteressen Deutschlands berührt sind, legt das BSI die technische Prüfung von Huawei nicht offen. Immerhin hat Golem.de erreicht, dass die Einstufung überprüft wurde.
---------------------------------------------
https://www.golem.de/news/bsi-pruefung-der-sicherheit-von-huawei-bleibt-ein-staatsgeheimnis-2408-188365.html
∗∗∗ DSGVO-Verstoß: Uber soll 290 Millionen Euro Geldstrafe zahlen ∗∗∗
---------------------------------------------
Dem beliebten Fahrdienst wird vorgeworfen, mehr als zwei Jahre lang sensible Fahrerdaten bei unzureichendem Schutz in die USA übermittelt zu haben.
---------------------------------------------
https://www.golem.de/news/datenuebertragung-in-die-usa-uber-soll-290-millionen-euro-strafe-zahlen-2408-188404.html
∗∗∗ From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th) ∗∗∗
---------------------------------------------
If you follow my diaries, you probably already know that one of my favorite topics around malware is obfuscation. I&#;x26;#;39;m often impressed by the crazy techniques attackers use to ..
---------------------------------------------
https://isc.sans.edu/diary/From+Highly+Obfuscated+Batch+File+to+XWorm+and+Redline/31204
∗∗∗ SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access ∗∗∗
---------------------------------------------
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as ..
---------------------------------------------
https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html
∗∗∗ Cisco calls for United Nations to revisit cyber-crime convention ∗∗∗
---------------------------------------------
Echoes human rights groups concerns that it could suppress free speech and more Networking giant Cisco has suggested the United Nations first-ever convention against cyber-crime is dangerously flawed and should be revised before being put to a formal vote.
---------------------------------------------
https://www.theregister.com/2024/08/22/cisco_criticizes_un_cybercrime_convention/
∗∗∗ Post-Quantum Cryptography: Standards and Progress ∗∗∗
---------------------------------------------
The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come.
---------------------------------------------
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
∗∗∗ Meta blockiert Whatsapp-Konten nach Hackerangriffen ∗∗∗
---------------------------------------------
Hierbei wurde die iranische Hackergruppe APT42 ins Visier genommen
---------------------------------------------
https://www.derstandard.at/story/3000000233708/meta-blockiert-whatsapp-konten-nach-hackerangriffen
∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/08/23/cisa-adds-one-known-exploited-vulnerability-catalog-versa-networks-director
∗∗∗ PEAKLIGHT: Decoding the Stealthy Memory-Only Malware ∗∗∗
---------------------------------------------
Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT.
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Stable Channel Update for Desktop ∗∗∗
---------------------------------------------
http://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
∗∗∗ WPS Office Security Update Advisory ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82637/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list