[CERT-daily] Tageszusammenfassung - 05.07.2024

Fri Jul 5 18:19:28 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-07-2024 18:00 − Freitag 05-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New Eldorado ransomware targets Windows, VMware ESXi VMs ∗∗∗
---------------------------------------------
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms/


∗∗∗ Turla: A Master’s Art of Evasion ∗∗∗
---------------------------------------------
Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this.
---------------------------------------------
https://www.gdatasoftware.com/blog/2024/07/37977-turla-evasion-lnk-files


∗∗∗ New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks ∗∗∗
---------------------------------------------
Cybersecurity researchers have uncovered a new botnet called Zergeca thats capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top").
---------------------------------------------
https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html


∗∗∗ Latest Ghostscript vulnerability haunts experts as the next big breach enabler ∗∗∗
---------------------------------------------
Theres also chatter about whether medium severity scare is actually code red nightmare Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/07/05/ghostscript_vulnerability_severity/


∗∗∗ Binance-Kund:innen aufgepasst: SMS zu Login-Versuch ist Fake ∗∗∗
---------------------------------------------
Aktuell erreichen uns Meldungen über eine SMS im Namen der Handelsplattform Binance: Angeblich gibt es einen Login-Versuch aus Malta oder einem anderen Land. Es wird um einen Rückruf gebeten. Ignorieren Sie die SMS. Kriminelle versuchen Ihr Konto zu kapern und an Ihr Geld zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/binance-login-fake/


∗∗∗ TeamViewer gibt Entwarnung: Keine Kundendaten beim Hack im Juni 2024 abgeflossen ∗∗∗
---------------------------------------------
Der Hack des Fernwartungsanbieters TeamViewer scheint wohl glimpflicher abgegangen zu sein, als befürchtet. Ein staatlicher Akteur (APT29) hatte zwar Zugriff auf die interne IT-Umgebung des Unternehmens. Aber weder die Produktivumgebung mit den Quellen und Binärdateien der Fernwartungssoftware noch Kundendaten scheinen betroffen. Das hat der Anbieter in einem nunmehr dritten Statusupdate bekannt gegeben.
---------------------------------------------
https://www.borncity.com/blog/2024/07/05/teamviewer-gibt-entwarnung-keine-kundendaten-beim-hack-im-juni-2024-abgeflossen/


∗∗∗ Turning Jenkins Into a Cryptomining Machine From an Attackers Perspective ∗∗∗
---------------------------------------------
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).
---------------------------------------------
https://lwn.net/Articles/980855/


∗∗∗ ZDI-24-897: Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-897/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily