[CERT-daily] Tageszusammenfassung - 14.06.2024

Fri Jun 14 18:17:49 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 13-06-2024 18:00 − Freitag 14-06-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ 2023 Hacked Website & Malware Threat Report ∗∗∗
---------------------------------------------
This year, we’ve included new insights to highlight the most prevalent tactics and techniques observed in compromised web environments and remote scanners.
---------------------------------------------
https://blog.sucuri.net/2024/06/2023-hacked-website-malware-threat-report.html


∗∗∗ How to Write Good Incident Response Reports ∗∗∗
---------------------------------------------
Creating an informative and readable report is among the many challenges of responding to cybersecurity incidents. A good report not only answers its readers questions but also instills confidence in the response and enables the organization to learn from the incident. This blog highlights my advice on writing such incident reports.
---------------------------------------------
https://zeltser.com/good-incident-reports/


∗∗∗ Edge Devices: The New Frontier for Mass Exploitation Attacks ∗∗∗
---------------------------------------------
The increase in mass exploitation involving edge services and devices is likely to worsen.
---------------------------------------------
https://www.securityweek.com/edge-devices-the-new-frontier-for-mass-exploitation-attacks/


∗∗∗ Microsoft president tells lawmakers red lines needed for nation-state attacks ∗∗∗
---------------------------------------------
Microsoft president Brad Smith testified before a congressional committee on Thursday, at times accepting responsibility for the company’s recent cybersecurity mistakes while simultaneously deflecting criticism of the tech giant’s practices. He also called on the government to create "consequences" for nation-state hackers who compromise U.S. systems.
---------------------------------------------
https://therecord.media/microsoft-president-brad-smith-lawmakers-cyber


∗∗∗ Windows 11 "Copilot+PC" kommt (vorerst) ohne Recall ∗∗∗
---------------------------------------------
Was für ein PR-Desaster für Microsoft – nächste Woche sollen Geräte mit dem Konzept "Copilot+PC" auf den Markt kommen. Aber die wichtigste Funktion "Windows Recall", die Microsoft noch vor kurzen als den "Stein der KI-Weisen" in den Himmel gelobt hat, wird fehlen. Es gibt den recall von Recall, was als Meme inzwischen durch das Netz geistert. [..] Denn Sicherheit habe bei Microsoft "oberste Priorität" und dieser Rückruf sei im Sinne der Secure Future Initiative (SFI).
---------------------------------------------
https://www.borncity.com/blog/2024/06/14/windows-11-copilotpc-kommt-vorerst-ohne-recall/


∗∗∗ Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups ∗∗∗
---------------------------------------------
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html


∗∗∗ UNC3944 Targets SaaS Applications ∗∗∗
---------------------------------------------
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider," and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse.
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Nextcloud Security Advisories 2024-06-14 ∗∗∗
---------------------------------------------
2x High, 5x Moderate, 5x Low
---------------------------------------------
https://github.com/nextcloud/security-advisories/security?page=1


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (389-ds-base, bind, bind-dyndb-ldap, and dhcp, firefox, glibc, ipa, less, libreoffice, and thunderbird), Debian (cups), Fedora (chromium and cyrus-imapd), Mageia (golang and poppler), Oracle (bind, bind-dyndb-ldap, and dhcp, gvisor-tap-vsock, python-idna, and ruby), Red Hat (dnsmasq and expat), SUSE (libaom, php8, podman, python-pymongo, python-scikit-learn, and tiff), and Ubuntu (h2database and vte2.91).
---------------------------------------------
https://lwn.net/Articles/978418/


∗∗∗ Security Vulnerabilities fixed in Firefox ESR 115.12 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily