[CERT-daily] Tageszusammenfassung - 29.08.2024
Daily end-of-shift report
team at cert.at
Thu Aug 29 18:10:44 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 28-08-2024 18:00 − Donnerstag 29-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Unpatchable 0-day in surveillance cam is being exploited to install Mirai ∗∗∗
---------------------------------------------
Vulnerability is easy to exploit and allows attackers to remotely execute commands.
---------------------------------------------
https://arstechnica.com/?p=2046043
∗∗∗ Iranian hackers work with ransomware gangs to extort breached orgs ∗∗∗
---------------------------------------------
An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/
∗∗∗ Endlich: Maßnahme gegen Anrufe mit gefälschten Nummern tritt in Kraft ∗∗∗
---------------------------------------------
Dass die eigene Handynummer für Spamanrufe genutzt wird, soll ab dem 1. September nicht mehr möglich sein.
---------------------------------------------
https://futurezone.at/netzpolitik/rtr-veordnung-massnahme-nummer-gefaelscht-spoofing-sim-oesterreich/402941615
∗∗∗ Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations ∗∗∗
---------------------------------------------
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the ..
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/
∗∗∗ Cybercrime and Sabotage Cost German Firms $300 Billion In Past Year ∗∗∗
---------------------------------------------
According to a new survey from Bitkom, cybercrime and other acts of sabotage have cost German companies around $298 billion in the past year, up 29% on the year before. Reuters reports: Bitkom surveyed around 1,000 companies from all sectors and found that 90% expect more cyberattacks in the next 12 months, with the remaining 10% expecting the same level of ..
---------------------------------------------
https://it.slashdot.org/story/24/08/28/211228/cybercrime-and-sabotage-cost-german-firms-300-billion-in-past-year
∗∗∗ 12 Best Practices to Secure Your WordPress Login Page ∗∗∗
---------------------------------------------
WordPress powers a significant portion of websites on the internet. With this popularity comes the need for strict security measures, especially for the login page. These entry points are prime targets for hackers and malicious actors. By implementing proper security practices outlined in this guide, you can maintain a secure WordPress login and ..
---------------------------------------------
https://blog.sucuri.net/2024/08/12-best-practices-to-secure-your-wordpress-login-page.html
∗∗∗ Microsoft hosts a security summit but no press, public allowed ∗∗∗
---------------------------------------------
CrowdStrike, other vendors, friendly govt reps .. but not anyone who would tell you what happened op-ed Microsoft will host a security summit next month with CrowdStrike and other "key" endpoint security partners joining the fun - and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item.
---------------------------------------------
https://www.theregister.com/2024/08/28/microsoft_closed_security_summit/
∗∗∗ Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets Service Providers ∗∗∗
---------------------------------------------
Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers.
---------------------------------------------
https://www.securityweek.com/censys-finds-hundreds-of-exposed-servers-as-volt-typhoon-apt-targets-isps-msps/
∗∗∗ Telegram als Betrugsfalle ∗∗∗
---------------------------------------------
Der Kurznachrichtendienst Telegram ist spätestens seit der Verhaftung des Erfinders Pawel Durow in Paris in aller Munde. Telegram beschäftigt uns bei der Watchlist Internet aber schon viel länger. Kaum woanders gelingt es Kriminellen besser, Opfer in ihre Fallen zu locken. Insbesondere Investitionsbetrug, Schneeballsysteme und betrügerische Jobangebote sorgen teils für horrende Schadenssummen. Konsequenzen gibt es auf Telegram für die Kriminellen bisher keine.
---------------------------------------------
https://www.watchlist-internet.at/news/telegram-als-betrugsfalle/
∗∗∗ $2.5 million reward offered for hacker linked to notorious Angler Exploit Kit ∗∗∗
---------------------------------------------
Who doesnt fancy earning US $2.5 million? Thats the reward thats on offer from US authorities for information leading to the arrest and/or conviction of the man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. Read more in my article on the Tripwire State of Security blog.
---------------------------------------------
https://www.tripwire.com/state-of-security/25-million-reward-offered-cyber-criminal-linked-notorious-angler-exploit-kit
∗∗∗ Cisco: BlackByte ransomware gang only posting 20% to 30% of successful attacks ∗∗∗
---------------------------------------------
The BlackByte ransomware gang is only posting a fraction of its successful attacks on its leak site this year, according to researchers from Cisco.
---------------------------------------------
https://therecord.media/blackbyte-ransomware-group-posting-fraction-of-leaks
∗∗∗ State-backed attackers and commercial surveillance vendors repeatedly use the same exploits ∗∗∗
---------------------------------------------
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.
---------------------------------------------
https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
∗∗∗ The Big TIBER Encyclopedia ∗∗∗
---------------------------------------------
An analysis of current TIBER implementations ahead of DORA’s TLPT requirements Introduction TIBER (Threat Intelligence-Based Ethical Red Teaming) is a framework introduced by the European Central Bank (ECB) in 2018 as a response to the increasing number of cyber threats faced by financial institutions. The framework provides a ..
---------------------------------------------
https://blog.nviso.eu/2024/08/29/the-big-tiber-encyclopedia/
∗∗∗ The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks ∗∗∗
---------------------------------------------
Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.
---------------------------------------------
https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco Family August 2024 First Round Security Update Advisory ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/82727/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list