[CERT-daily] Tageszusammenfassung - 16.07.2024

Tue Jul 16 18:31:09 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 15-07-2024 18:00 − Dienstag 16-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Zwei Tage nach Attentat: FBI knackt Smartphone des Trump-Schützen ∗∗∗
---------------------------------------------
Ein Attentat auf Donald Trump sorgte am Wochenende für Aufsehen. Das FBI ist nun in der Lage, die Inhalte des Smartphones des Schützen zu analysieren.
---------------------------------------------
https://www.golem.de/news/zwei-tage-nach-attentat-fbi-knackt-smartphone-des-trump-schuetzen-2407-187092.html


∗∗∗ "Reply-chain phishing" with a twist, (Tue, Jul 16th) ∗∗∗
---------------------------------------------
Few weeks ago, I was asked by a customer to take a look at a phishing message which contained a link that one of their employees clicked on. The concern was whether the linked-to site was only a generic credential stealing web page or something targeted/potentially more dangerous. Luckily, it was only a run-of-the-mill phishing kit login page, nevertheless, the e-mail message itself turned out to be somewhat more interesting, since although it didn’t look like anything special, it did make it to the recipient’s inbox, instead of the e-mail quarantine where it should have ended up.
---------------------------------------------
https://isc.sans.edu/diary/rss/31084


∗∗∗ Konfety Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins ∗∗∗
---------------------------------------------
Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities.
---------------------------------------------
https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html


∗∗∗ DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed ∗∗∗
---------------------------------------------
Meet the new boss, same as the old boss The DarkGate malware family has become more prevalent in recent months, after one of its main competitors was taken down by the FBI.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/07/16/darkgate_malware/


∗∗∗ Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages ∗∗∗
---------------------------------------------
A hacker group called “NullBulge” says it stole more than a terabyte of Disneys internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.
---------------------------------------------
https://www.wired.com/story/disney-slack-leak-nullbulge/


∗∗∗ Kaspersky Leaving US Following Government Ban ∗∗∗
---------------------------------------------
Kaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.
---------------------------------------------
https://www.securityweek.com/kaspersky-leaving-us-following-government-ban/


∗∗∗ Beware of BadPack: One Weird Trick Being Used Against Android Devices ∗∗∗
---------------------------------------------
Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts.
---------------------------------------------
https://unit42.paloaltonetworks.com/apk-badpack-malware-tampered-headers/


∗∗∗ Check Point Research Reports Highest Increase of Global Cyber Attacks seen in last two years – a 30% Increase in Q2 2024 Global Cyber Attacks ∗∗∗
---------------------------------------------
Check Point Research (CPR) releases new data on Q2 2024 cyber attack trends. The data is segmented by global volume, industry and geography. These cyber attack numbers were driven by a variety of reasons, ranging from the continued increase in digital transformation and the growing sophistication of cybercriminals using advanced techniques like AI and machine learning.
---------------------------------------------
https://blog.checkpoint.com/research/check-point-research-reports-highest-increase-of-global-cyber-attacks-seen-in-last-two-years-a-30-increase-in-q2-2024-global-cyber-attacks/


∗∗∗ Punch Card Hacking – Exploring a Mainframe Attack Vector ∗∗∗
---------------------------------------------
Mainframes are the unseen workhorses that carry the load for many services we use on a daily basis: Withdrawing money from an ATM, credit card payments, and airline reservations to name just a few of the high volume workloads that are primarily handled by mainframes. [..] In this article, we demonstrate an entry level technique for penetration testers to get started using a different twist on a familiar technology to attack these computing giants.
---------------------------------------------
https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Xen Security Advisory CVE-2024-31144 / XSA-459 ∗∗∗
---------------------------------------------
If a fraudulent metadata backup has been written into an SR which also contains a legitimate metadata backup, and an administrator explicitly chooses to restore from backup, the fraudulent metadata might be consumed instead of the legitimate metadata.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-459.html


∗∗∗ Xen Security Advisory CVE-2024-31143 / XSA-458 ∗∗∗
---------------------------------------------
Denial of Service (DoS) affecting the entire host, crashes, information leaks, or elevation of privilege all cannot be ruled out.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-458.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel), Fedora (erlang-jose, mingw-python-certifi, and yt-dlp), Mageia (firefox, nss, libreoffice, sendmail, and tomcat), Red Hat (firefox, ghostscript, git-lfs, kernel, kernel-rt, ruby, and skopeo), SUSE (Botan, cockpit, kernel, nodejs18, p7zip, python3, and tomcat), and Ubuntu (ghostscript, linux, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-azure-6.5, linux-gcp-6.5, and linux-gke, linux-nvidia).
---------------------------------------------
https://lwn.net/Articles/982169/


∗∗∗ Rockwell Automation Pavilion 8 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily