[CERT-daily] Tageszusammenfassung - 31.07.2024

Wed Jul 31 18:09:13 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 30-07-2024 18:00 − Mittwoch 31-07-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Black Basta ransomware switches to more evasive custom malware ∗∗∗
---------------------------------------------
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-switches-to-more-evasive-custom-malware/


∗∗∗ Fraud ring pushes 600+ fake web shops via Facebook ads ∗∗∗
---------------------------------------------
A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors personal and financial information.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fraud-ring-pushes-600-plus-fake-web-shops-via-facebook-ads/


∗∗∗ Kampf gegen Cyberkriminalität: Spamhaus Project wirft Cloudflare Untätigkeit vor ∗∗∗
---------------------------------------------
Laut Spamhaus macht sich Cloudflare "das Leben leicht", indem es Beschwerden über böswillige Aktivitäten weiterreicht, statt selber Maßnahmen einzuleiten.
---------------------------------------------
https://www.golem.de/news/kampf-gegen-cyberkriminalitaet-spamhaus-project-wirft-cloudflare-untaetigkeit-vor-2407-187612.html


∗∗∗ Apple Patches Everything. July 2024 Edition ∗∗∗
---------------------------------------------
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings ..
---------------------------------------------
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+July+2024+Edition/31128/


∗∗∗ SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor ∗∗∗
---------------------------------------------
Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sys01-infostealer-and-rilide-malware-likely-developed-by-the-same-threat-actor/


∗∗∗ Five months after takedown, LockBit is a shadow of its former self ∗∗∗
---------------------------------------------
An unprecedented period for an unparalleled force in cybercrime Feature For roughly two years, LockBits ransomware operation was by far the most prolific of its kind, until the fateful events of February. After claiming thousands of victims, extorting hundreds of millions of dollars, and building a robust army of sophisticated cybercriminals, the lifes ..
---------------------------------------------
https://www.theregister.com/2024/07/31/five_months_after_lockbit/


∗∗∗ ThreatLabz Ransomware Report: Unveiling a $75M Ransom Payout Amid Rising Attacks ∗∗∗
---------------------------------------------
Ransomware has been a daunting threat to organizations worldwide for decades. Recent trends show that ransomware attacks continue to grow more advanced and persistent. It’s become increasingly clear that no one is spared as cybercriminals carry out attacks that even target the children of corporate executives to force ransom payments. Despite the ..
---------------------------------------------
https://www.zscaler.com/blogs/security-research/threatlabz-ransomware-report-unveiling-75m-ransom-payout-amid-rising


∗∗∗ Don’t Let Your Domain Name Become a “Sitting Duck” ∗∗∗
---------------------------------------------
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds.
---------------------------------------------
https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/


∗∗∗ Deutschland bestellt chinesischen Botschafter wegen Cyberangriff ein ∗∗∗
---------------------------------------------
Die Attacke ereignete sich im Jahr 2021 und kann laut Nachrichtendiensten chinesischen staatlichen Akteuren zugeordnet werden
---------------------------------------------
https://www.derstandard.at/story/3000000230669/deutschland-bestellt-chinesischen-botschafter-wegen-cyberangriff-ein


∗∗∗ DigiCert Certificate Revocations ∗∗∗
---------------------------------------------
DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/07/30/digicert-certificate-revocations


∗∗∗ Cyber-Angriff und Bug Ursache des Microsoft Cloud-Ausfalls vom 30.7.2024 ∗∗∗
---------------------------------------------
Am 30. Juli 2024 kam es weltweit zu einem partiellen Ausfall der Microsoft Cloud-Dienste (Azure, Microsoft 365 etc.). Ich hatte berichtet – aber nicht alle Nutzer waren betroffen. Nun hat Microsoft einen Post Incident-Report vorgelegt ..
---------------------------------------------
https://www.borncity.com/blog/2024/07/31/cyber-angriff-und-bug-ursache-des-microsoft-cloud-ausfalls-vom-30-7-2024/


∗∗∗ Moderne Sklaverei: Mann monatelang festgehalten und zu Online-Betrug gezwungen ∗∗∗
---------------------------------------------
Ein IT-Spezialist wurde monatelang unter Folter dazu gezwungen, sich als eine reiche Frau aus Singapur auszugeben. Das berichtet das Wall Street Journal.
---------------------------------------------
https://heise.de/-9818990


∗∗∗ Statt "schalke04" und "1234": Passkeys werden immer beliebter ∗∗∗
---------------------------------------------
Die passwortlose Authentifizierung etabliert sich, wie aktuelle Zahlen nahelegen. Insbesondere Kunden bei Amazon, eBay und Co. setzen Passkeys inzwischen ein.
---------------------------------------------
https://heise.de/-9819866


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (xdg-desktop-portal-hyprland), Red Hat (freeradius, freeradius:3.0, git-lfs, httpd, kernel, openssh, and varnish:6), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, ..
---------------------------------------------
https://lwn.net/Articles/984080/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily