[CERT-daily] Tageszusammenfassung - 05.11.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 04-11-2024 18:00 − Dienstag 05-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Windows Server 2025 released—here are the new features ∗∗∗
---------------------------------------------
​Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-server-2025-released-here-are-the-new-features/


∗∗∗ Nokia investigates breach after hacker claims to steal source code ∗∗∗
---------------------------------------------
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the companys stolen source code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/


∗∗∗ Google fixes two Android zero-days used in targeted attacks ∗∗∗
---------------------------------------------
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-used-in-targeted-attacks/


∗∗∗ Angriff auf Schneider Electric: Hungrige Hacker fordern Baguettes als Lösegeld ∗∗∗
---------------------------------------------
Die Angreifer behaupten, über 40 GBytes an Daten von Schneider Electric erbeutet zu haben. Ihre Forderung: 125.000 US-Dollar in Form von Baguettes.
---------------------------------------------
https://www.golem.de/news/angriff-auf-schneider-electric-hungrige-hacker-fordern-baguettes-als-loesegeld-2411-190471.html


∗∗∗ Olympia-Kassensysteme: Registrierkassen seit drei Jahren ohne Sicherheitsupdates ∗∗∗
---------------------------------------------
Registrierkassen der Marke Olympia laufen auf Android 11 und bergen Risiken für den Zahlungsverkehr.
---------------------------------------------
https://www.golem.de/news/olympia-kassensysteme-registrierkassen-seit-drei-jahren-ohne-sicherheitsupdates-2411-190487.html


∗∗∗ Python RAT with a Nice Screensharing Feature ∗∗∗
---------------------------------------------
While hunting, I found another interesting Python RAT in the wild. This is not brand new because the script was released two years ago. The script I found is based on the same tool and still ..
---------------------------------------------
https://isc.sans.edu/diary/Python+RAT+with+a+Nice+Screensharing+Feature/31414


∗∗∗ Maritime lawyers assemble! ∗∗∗
---------------------------------------------
Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/maritime-lawyers-assemble/


∗∗∗ In final check-in before Election Day, CISA cites low-level threats, and not much else ∗∗∗
---------------------------------------------
Incidents to date have included “low level” distributed denial-of-service activity, criminal destruction of ballot drop boxes and continued threats targeting election officials, CISA Director Jen Easterly ..
---------------------------------------------
https://therecord.media/cisa-2024-presidential-election-threats


∗∗∗ Smart Cities gegen Cyberattacken resilient machen ∗∗∗
---------------------------------------------
Ob es uns gefällt oder nicht – Städte weltweit wandeln sich in sogenannte "Smart Cities". Die Protagonisten versprechen Innovation, Nachhaltigkeit und digitales Wachstum. Aber diese Infrastruktur bzw. die ..
---------------------------------------------
https://www.borncity.com/blog/2024/11/05/smart-cities-gegen-cyberattacken-resilient-machen/


∗∗∗ SOC Around the Clock: World Tour Survey Findings ∗∗∗
---------------------------------------------
Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of ..
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/k/world-tour-survey-results.html


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (firefox, openexr, and thunderbird), Fedora (llama-cpp and python-quart), Oracle (firefox, openexr, thunderbird, and xorg-x11-server and xorg-x11-server-Xwayland), SUSE (chromium, govulncheck-vulndb, openssl-1_1, python311, and python312), and Ubuntu (linux-azure, linux-bluefield, linux-azure, linux-gcp, linux-ibm, openjpeg2, and ruby3.0, ruby3.2, ruby3.3).
---------------------------------------------
https://lwn.net/Articles/997030/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily