[CERT-daily] Tageszusammenfassung - 10.07.2024

Wed Jul 10 18:06:41 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-07-2024 18:00 − Mittwoch 10-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Ticket Heist network of 700 domains sells fake Olympic Games tickets ∗∗∗
---------------------------------------------
A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ticket-heist-network-of-700-domains-sells-fake-olympic-games-tickets/


∗∗∗ Im Klartext: Linksys-Router senden wohl WLAN-Passwörter an US-Server ∗∗∗
---------------------------------------------
Eine Verbraucherorganisation hat zwei Routermodelle von Linksys getestet. Beide übermitteln wohl sensible Daten an einen Server in den USA. Einen Patch gibt es bisher nicht.
---------------------------------------------
https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html


∗∗∗ Cyberangriff trifft IT-Konzern: 49 Systeme von Fujitsu mit Malware infiziert ∗∗∗
---------------------------------------------
Cyberkriminellen ist es gelungen, interne Systeme von Fujitsu zu infiltrieren. Potenziell sind auch Kundendaten abgeflossen. Viele Details nennt der Konzern aber nicht.
---------------------------------------------
https://www.golem.de/news/cyberangriff-trifft-it-konzern-49-systeme-von-fujitsu-mit-malware-infiziert-2407-186903.html


∗∗∗ Finding Honeypot Data Clusters Using DBSCAN: Part 1 ∗∗∗
---------------------------------------------
Sometimes data needs to be transformed or different tools need to be used so that it can be compared with other data. Some honeypot data is easy to compare since there is no customized information such as randomly generated file names, IP addresses, etc.
---------------------------------------------
https://isc.sans.edu/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+1/31050


∗∗∗ Ransomware crews investing in custom data stealing malware ∗∗∗
---------------------------------------------
BlackByte, LockBit among the criminals using bespoke tools As ransomware crews increasingly shift beyond just encrypting victims files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the ..
---------------------------------------------
https://www.theregister.com/2024/07/10/ransomware_data_exfil_malware/


∗∗∗ Google Is Adding Passkey Support for Its Most Vulnerable Users ∗∗∗
---------------------------------------------
Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.
---------------------------------------------
https://www.wired.com/story/google-passkey-advance-protection-program/


∗∗∗ Augen auf beim Ticketkauf ∗∗∗
---------------------------------------------
Wie Betrüger beliebte Ticketplattformen für ihre finsteren Zwecke missbrauchen
---------------------------------------------
https://www.welivesecurity.com/de/tipps-ratgeber/augen-auf-beim-ticketkauf/


∗∗∗ Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities ∗∗∗
---------------------------------------------
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities.
---------------------------------------------
https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2024/


∗∗∗ Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs ∗∗∗
---------------------------------------------
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.
---------------------------------------------
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/


∗∗∗ Eldorado Ransomware Targeting Windows and Linux with New Malware ∗∗∗
---------------------------------------------
Another day, another threat against Windows and Linux systems!
---------------------------------------------
https://hackread.com/eldorado-ransomware-windows-linux-malware/


∗∗∗ CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook ∗∗∗
---------------------------------------------
Morphisec researchers have identified a significant vulnerability, CVE-2024-38021 — a zero-click remote code execution (RCE) vulnerability that impacts most Microsoft Outlook applications.
---------------------------------------------
https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, kernel-rt, libreswan, linux-firmware, pki-core, and podman), Fedora (firefox and jpegxl), Gentoo (Buildah, HarfBuzz, and LIVE555 Media Server), Oracle (buildah, gvisor-tap-vsock, kernel, libreswan, and podman), Red Hat (containernetworking-plugins, dotnet6.0, dotnet8.0, fence-agents, kernel, libreswan, libvirt, perl-HTTP-Tiny, python39:3.9, toolbox, and virt:rhel and virt-devel:rhel modules), SUSE (firefox,
---------------------------------------------
https://lwn.net/Articles/981508/


∗∗∗ [20240705] - Core - XSS in com_fields default field value ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html


∗∗∗ [20240704] - Core - XSS in Wrapper extensions ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/938-20240704-core-xss-in-wrapper-extensions.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily