[CERT-daily] Tageszusammenfassung - 07.11.2024

Thu Nov 7 18:05:04 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 06-11-2024 18:00 − Donnerstag 07-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Hackers increasingly use Winos4.0 post-exploitation kit in attacks ∗∗∗
---------------------------------------------
Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-increasingly-use-winos40-post-exploitation-kit-in-attacks/


∗∗∗ A look at the latest post-quantum signature standardization candidates ∗∗∗
---------------------------------------------
NIST has standardized four post-quantum signature schemes so far, and they’re not done yet: there are fourteen new candidates in the running for standardization. In this blog post we take ..
---------------------------------------------
https://blog.cloudflare.com/another-look-at-pq-signatures


∗∗∗ The Power of Process in Creating a Successful Security Posture ∗∗∗
---------------------------------------------
Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.
---------------------------------------------
https://www.darkreading.com/cybersecurity-operations/process-in-creating-successful-security-posture


∗∗∗ Microsoft Windows Server 2025 Upgrade Triggers Licensing Conflicts and Operational Fallout ∗∗∗
---------------------------------------------
A recent Microsoft update has unexpectedly forced several organizations to upgrade from Windows Server 2022 to Windows Server 2025, resulting in unexpected licensing demands and operational setbacks. First reported on November 5, 2024, this incident has affected organizations ..
---------------------------------------------
https://heimdalsecurity.com/blog/microsoft-windows-server-2025-upgrade/


∗∗∗ Steam Account Checker Poisoned with Infostealer ∗∗∗
---------------------------------------------
I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" ..
---------------------------------------------
https://isc.sans.edu/forums/diary/Steam+Account+Checker+Poisoned+with+Infostealer/31420/


∗∗∗ China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait ∗∗∗
---------------------------------------------
The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an organization in the region."During this attack, the threat ..
---------------------------------------------
https://thehackernews.com/2024/11/china-aligned-mirrorface-hackers-target.html


∗∗∗ North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS ∗∗∗
---------------------------------------------
A threat actor with ties to the Democratic Peoples Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices.Cybersecurity company SentinelOne, ..
---------------------------------------------
https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html


∗∗∗ Office unter Windows 11 24H2 mit installiertem Crowdstrike lahmgelegt ∗∗∗
---------------------------------------------
Wer Crowdstrike-Sicherheitssoftware einsetzt und auf Windows 11 24H2 aktualisiert hat, hatte womöglich mit nicht funktionierenden Apps zu kämpfen.
---------------------------------------------
https://www.heise.de/news/Crowdstrike-legte-Office-unter-Windows-11-24H2-lahm-10007558.html


∗∗∗ Large eBay malvertising campaign leads to scams ∗∗∗
---------------------------------------------
Consumers are being swamped by Google ads claiming to be eBays customer service.
---------------------------------------------
https://www.malwarebytes.com/blog/scams/2024/11/large-ebay-malvertising-campaign-leads-to-scams


∗∗∗ Vorsicht vor gefälschten Willhaben-Mails ∗∗∗
---------------------------------------------
Kriminelle geben sich als Willhaben aus und versenden massenhaft gefälschte E-Mails. In den teilweise echt aussehenden E-Mails wird behauptet, dass Sie Ihre Identität bestätigen müssen oder eine Rückerstattung erhalten. Eine andere gefälschte E-Mail enthält im Anhang angeblich eine Rechnung. Wir raten zur Vorsicht!
---------------------------------------------
https://www.watchlist-internet.at/news/willhaben-phishing/


∗∗∗ Silent Skimmer Gets Loud (Again) ∗∗∗
---------------------------------------------
We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of ...
---------------------------------------------
https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/


∗∗∗ Unwrapping the emerging Interlock ransomware attack ∗∗∗
---------------------------------------------
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game ..
---------------------------------------------
https://blog.talosintelligence.com/emerging-interlock-ransomware/


∗∗∗ Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities ∗∗∗
---------------------------------------------
CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and ..
---------------------------------------------
https://hackread.com/androxgh0st-botnet-integrate-mozi-iot-vulnerabilities/


∗∗∗ Malicious Python Package Typosquats Popular fabric SSH Library, Exfiltrates AWS Credentials ∗∗∗
---------------------------------------------
The Socket Research Team has discovered a malicious Python package, fabrice, that is typosquatting the popular fabric SSH automation library. The threat of malware delivered through typosquatted libraries remains a significant ..
---------------------------------------------
https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Zahlreiche Schwachstellen in HASOMED Elefant and Elefant Software Updater ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstellen-in-hasomed-elefant-and-elefant-software-updater/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily