[CERT-daily] Tageszusammenfassung - 17.07.2024

Wed Jul 17 18:05:18 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-07-2024 18:00 − Mittwoch 17-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks ∗∗∗
---------------------------------------------
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its ..
---------------------------------------------
https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html


∗∗∗ Ransomware continues to pile on costs for critical infrastructure victims ∗∗∗
---------------------------------------------
Millions more spent without any improvement in recovery times Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year.
---------------------------------------------
https://www.theregister.com/2024/07/17/ransomware_continues_to_pile_on/


∗∗∗ Anlagebetrug: Vorsicht vor E-Mails mit Entschädigungsversprechen ∗∗∗
---------------------------------------------
Sie haben in der Vergangenheit durch Anlagebetrug Geld verloren? Vorsicht: Sie sind noch immer im Visier von Kriminellen. Diese kontaktieren nämlich ehemalige Opfer mit der Behauptung, dass Ihr Geld gefunden wurde. Ignorieren Sie solche Angebote und gehen Sie nicht darauf ein, sonst verlieren Sie erneut Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/anlagebetrug-vorsicht-vor-e-mails-mit-entschaedigungsversprechen/


∗∗∗ ‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years ∗∗∗
---------------------------------------------
An elusive and highly covert Chinese hacking group tracked as GhostEmperor - notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia - has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection. 
---------------------------------------------
https://therecord.media/ghostemperor-spotted-first-time-in-two-years


∗∗∗ Reverse-Proxy-Phishing-Angriffe trotz Phishing-Schutz ∗∗∗
---------------------------------------------
Weltweit lässt sich eine Zunahme von Phishing und Reverse-Proxy-Phishing-Angriffen konstatieren. Anbieter von Sicherheitslösungen haben damit begonnen, fortschrittlichere Erkennungsmethoden zu implementieren. Aber reicht das aus, um entschlossene und ausgebuffte Angreifer abzuwehren? Kuba Gretzky hat sich auf der ..
---------------------------------------------
https://www.borncity.com/blog/2024/07/17/reverse-proxy-phishing-angriffe-anti-phishing-schutz/


∗∗∗ Private HTS Program Continuously Used in Attacks ∗∗∗
---------------------------------------------
AhnLab SEcurity intelligence Center (ASEC) has previously covered a case where Quasar RAT was distributed through private home trading systems (HTS) in the blog post “Quasar RAT Being Distributed by Private HTS Program“. The same threat actor has been continuously distributing malware, and attack cases have been confirmed even recently. Similar to the previous ..
---------------------------------------------
https://asec.ahnlab.com/en/67969/


∗∗∗ Root-Sicherheitslücke bedroht KI-Gadget Rabbit R1 ∗∗∗
---------------------------------------------
Angreifer können das KI-Gadget Rabbit R1 über den Android-Exploit Kamakiri komplett kompromittieren. Bislang gibt es keinen Sicherheitspatch.
---------------------------------------------
https://heise.de/-9803666


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-5731-1 linux - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00142.html


∗∗∗ Oracle Critical Patch Update Advisory - July 2024 ∗∗∗
---------------------------------------------
https://www.oracle.com/security-alerts/cpujul2024.html


∗∗∗ Security Vulnerabilities fixed in Thunderbird 115.13 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/


∗∗∗ Security Vulnerabilities fixed in Thunderbird 128 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-32/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily