[CERT-daily] Tageszusammenfassung - 12.07.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 11-07-2024 18:00 − Freitag 12-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Nach Social-Media-Drama: Signal patcht eine seit 2018 bekannte Schwachstelle ∗∗∗
---------------------------------------------
Durch die Schwachstelle können andere Anwendungen auf Signal-Chats zugreifen. Bekannt ist das Problem schon seit sechs Jahren. Nun soll endlich ein Fix kommen.
---------------------------------------------
https://www.golem.de/news/nach-social-media-drama-signal-patcht-seit-sechs-jahren-bekannte-schwachstelle-2407-186986.html


∗∗∗ Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots ∗∗∗
---------------------------------------------
Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like "uname -a" to fingerprint the kernel. However, other commands are less intuitive and are not commands a normal user would use. I am trying to summarize some of the more common ones here, focusing on commands attackers use to figure out if they are inside a honeypot.
---------------------------------------------
https://isc.sans.edu/diary/Understanding+SSH+Honeypot+Logs+Attackers+Fingerprinting+Honeypots/31064


∗∗∗ 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack ∗∗∗
---------------------------------------------
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the ..
---------------------------------------------
https://thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html


∗∗∗ Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments ∗∗∗
---------------------------------------------
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users inboxes.The vulnerability, tracked as CVE-2024-39929, has a CVSS ..
---------------------------------------------
https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html


∗∗∗ Telefonbetrug: Scam Anruf von Anwälten im Umlauf ∗∗∗
---------------------------------------------
Der Betrüger fälscht die Telefonnummer einer renommierten Anwaltskanzlei in der Umgebung und ruft das Opfer an. Im Gespräch gibt sich der vermeintliche Anwalt als eine echte Person aus, die ..
---------------------------------------------
https://blog.zettasecure.com/telefonbetrug-scam-anruf-von-anwaelten-im-umlauf/


∗∗∗ AT&T wurde Opfer eines riesigen Hackerangriffs ∗∗∗
---------------------------------------------
Verbindungsdaten von 109 Millionen Kunden wurden von unbekannten Angreifern heruntergeladen
---------------------------------------------
https://www.derstandard.at/story/3000000228237/att-wurde-opfer-eines-riesigen-hackerangriffs


∗∗∗ Apple sends new warning about mercenary spyware attacks to iPhone users. Should you worry now? ∗∗∗
---------------------------------------------
Though mercenary spyware attacks are rare and typically sent only to targeted individuals, Apple has alerted iPhone users about them for the second time this year.
---------------------------------------------
https://www.zdnet.com/article/apple-warns-of-mercenary-spyware-attacks-against-iphone-users-should-you-be-worried/#ftag=RSSbaffb68


∗∗∗ mSpy: Dritter Hack seit 2010 legt Millionen Nutzerdaten offen ∗∗∗
---------------------------------------------
Es heißt ja "Aller guten Dinge sind drei" – was aber hier wohl eher nicht zutrifft. Der Anbieter von Smartphone-Überwachung, mySpy, ist erneut durch ein Datenleck auf Grund eines Hacks aufgefallen (der dritte Vorfall seit 2010). Ein ..
---------------------------------------------
https://www.borncity.com/blog/2024/07/12/mspy-dritter-hack-seit-2010-legt-millionen-nutzerdaten-offen/


∗∗∗ Checking in on the state of cybersecurity and the Olympics ∗∗∗
---------------------------------------------
Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos.
---------------------------------------------
https://blog.talosintelligence.com/threat-source-newsletter-july-12-2024/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-5729-1 apache2 - security update ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been discovered in the Apache HTTP server,which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00140.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily