[CERT-daily] Tageszusammenfassung - 30.08.2024

Daily end-of-shift report team at cert.at
Fri Aug 30 18:18:08 CEST 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 29-08-2024 18:00 − Freitag 30-08-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Fake Palo Alto GlobalProtect used as lure to backdoor enterprises ∗∗∗
---------------------------------------------
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-palo-alto-globalprotect-used-as-lure-to-backdoor-enterprises/


∗∗∗ FBI: RansomHub ransomware breached 210 victims since February ∗∗∗
---------------------------------------------
​Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-ransomhub-ransomware-breached-210-victims-since-february/


∗∗∗ Russische Hacker nutzen die gleichen Lücken wie Staatstrojaner ∗∗∗
---------------------------------------------
Immer wieder warnen Experten davor, dass auch Kriminelle jene Schlupflöcher nutzen können, über die auch Regierungen Verdächtige überwachen.
---------------------------------------------
https://futurezone.at/netzpolitik/russische-hacker-staatstrojaner-messenger-ueberwachung-sicherheit-nso-pegasus-predator-apt29/402941959


∗∗∗ Studie: 78 Prozent aller Ransomware-Opfer zahlen offenbar Lösegeld ∗∗∗
---------------------------------------------
Viele betroffene Unternehmen zahlen wohl sogar mehrfach. Auch vier- oder mehr Lösegeldzahlungen sind keine Seltenheit - vor allem nicht in Deutschland.
---------------------------------------------
https://www.golem.de/news/studie-78-prozent-aller-ransomware-opfer-zahlen-offenbar-loesegeld-2408-188565.html


∗∗∗ Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom ∗∗∗
---------------------------------------------
Sordid search history evidence in case that could see him spend 35 years for extortion and wire fraud A former infrastructure engineer who allegedly locked IT department colleagues out of their employers systems, then threatened to shut down servers unless paid a ransom, has been arrested and charged after an FBI investigation.
---------------------------------------------
https://www.theregister.com/2024/08/29/vm_engineer_extortion_allegations/


∗∗∗ How to enhance the security of your social media accounts ∗∗∗
---------------------------------------------
TL;DR Strong passwords: Use a password manager. Multi-factor authentication (MFA): MFA requires multiple forms of identification, adding an extra layer of security. This makes it harder for unauthorised users to ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/how-to-enhance-the-security-of-your-social-media-accounts/


∗∗∗ TLD Tracker: Exploring Newly Released Top-Level Domains ∗∗∗
---------------------------------------------
Unit 42 researchers use a novel graph-based pipeline to detect misuse of 19 new TLDs for phishing, chatbots and more in several case studies.
---------------------------------------------
https://unit42.paloaltonetworks.com/tracking-newly-released-top-level-domains/


∗∗∗ Malicious North Korean packages appear again in open source code repository ∗∗∗
---------------------------------------------
North Korean hackers continue to exploit the widely used npm code repository, publishing malicious packages intended to infect software developers’ devices with malware, according to recent research. 
---------------------------------------------
https://therecord.media/npm-javascript-repository-north-korean-malware


∗∗∗ TR-88 - Motivation, procedure and rational for leaked credential notifications ∗∗∗
---------------------------------------------
In today’s digital landscape, protecting user data is essential for every organization. When public data leaks expose customer credentials, it is critical to respond promptly to mitigate risks. This document outlines why CIRCL ..
---------------------------------------------
https://www.circl.lu/pub/tr-88


∗∗∗ Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence ∗∗∗
---------------------------------------------
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html


∗∗∗ Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches ∗∗∗
---------------------------------------------
The stakes continue growing higher for organizations when it comes to cybersecurity incidents, with the fallout of such incidents becoming more costly and complex. According to the Fortinet 2024 Cybersecurity Skills Gap Report, the overwhelming majority (87%) of those surveyed said they experienced one or ..
---------------------------------------------
https://www.fortinet.com/blog/industry-trends/gaps-in-skills-knowledge-technology-pave-way-for-breaches


∗∗∗ Ransomware Roundup - Underground ∗∗∗
---------------------------------------------
The Underground ransomware has victimized companies in various industries since July 2023. It encrypts files without changing the original file extension.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/ransomware-roundup-underground


∗∗∗ Nach Cyberangriff: Solaranbieter "Qcells" informiert Kunden über Datenleck ∗∗∗
---------------------------------------------
Wieder gibt es ein Datenleck in der Solarbranche. Kunden von Qcell werden darum informiert.
---------------------------------------------
https://heise.de/-9852641


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (libvpx, postgresql, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Debian (chromium and ghostscript), Fedora (python3.13), and SUSE (chromium and podman).
---------------------------------------------
https://lwn.net/Articles/987836/


∗∗∗ DSA-5761-1 chromium - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00174.html


∗∗∗ IPCOM vulnerable to information disclosure ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN29238389/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list