[CERT-daily] Tageszusammenfassung - 08.11.2024

Fri Nov 8 18:35:50 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 07-11-2024 18:00 − Freitag 08-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Google To Make MFA Mandatory for Google Cloud in 2025 ∗∗∗
---------------------------------------------
Google has recently announced that it plans to implement mandatory multi-factor authentication (MFA) on all Cloud accounts by the end of 2025. [..] The implementation will affect both admins and users with access to Google Cloud. General consumer Google accounts will not be affected.
---------------------------------------------
https://heimdalsecurity.com/blog/google-cloud-mfa/


∗∗∗ 2024 Credit Card Theft Season Arrives ∗∗∗
---------------------------------------------
In today’s post we’re going to perform a malware analysis of the most common MageCart injections identified so that eCommerce website owners can better understand the risks, and (hopefully) protect themselves, their websites, and their customers from attackers.
---------------------------------------------
https://blog.sucuri.net/2024/11/2024-credit-card-theft-season-arrives.html


∗∗∗ ESET APT Activity Report Q2 2024–Q3 2024 ∗∗∗
---------------------------------------------
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/


∗∗∗ Helldown Ransomware Group – A New Emerging Ransomware Threat ∗∗∗
---------------------------------------------
As of November 2024, the online resources available related to the Helldown ransomware group’s Tactics Techniques and Procedures (TTP’s) were effectively none-existent – this blogpost aims to address that and will be updated continuously as more investigations are completed.
---------------------------------------------
https://www.truesec.com/hub/blog/helldown-ransomware-group


∗∗∗ TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world. ∗∗∗
---------------------------------------------
While the TLPT RTS does come with some additional requirements or nuances compared to the TIBER framework, we can all be certain that adopting TIBER is indeed  the way to fulfill DORA’s TLPT requirements. As mentioned in our initial post, we expect many more European countries to publish a TIBER implementation guide and/or a TIBER-EU 2.0 to be published for additional convergence.
---------------------------------------------
https://blog.nviso.eu/2024/11/08/tlpt-me-everything-you-need-to-know-about-threat-led-penetration-testing-tlpt-in-a-tiber-world/


∗∗∗ Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations ∗∗∗
---------------------------------------------
Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html


∗∗∗ Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks ∗∗∗
---------------------------------------------
Last time we took a dive deep into Kerberoasting. Up next, let's unravel the sinister secrets of DCSync attacks - a stealthy technique that can bring your entire Active Directory to its knees.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/


∗∗∗ Nameless and shameless: Ransomware Encryption via BitLocker ∗∗∗
---------------------------------------------
This post will delve into a recent incident response engagement handled by NCC Group’s Digital Forensics and Incident Response (DFIR) team, involving an unknown ransomware strain but known TTPs.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/nameless-and-shameless-ransomware-encryption-via-bitlocker/


∗∗∗ Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond ∗∗∗
---------------------------------------------
Wiz Research looks at phishing tactics, along with how to trace and investigate these campaigns.
---------------------------------------------
https://www.wiz.io/blog/unmasking-phishing-strategies-for-identifying-0ktapus-domains


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Max-Critical Cisco Bug Enables Command-Injection Attacks ∗∗∗
---------------------------------------------
Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks.
---------------------------------------------
https://www.darkreading.com/vulnerabilities-threats/cisco-bug-command-injection-attacks


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (edk2), Debian (webkit2gtk), Fedora (thunderbird), Oracle (bzip2, container-tools:ol8, edk2, go-toolset:ol8, libtiff, python-idna, python3.11, and python3.12), Slackware (expat), and SUSE (apache2, govulncheck-vulndb, grub2, java-1_8_0-openjdk, python3, python39, qemu, xorg-x11-server, and xwayland).
---------------------------------------------
https://lwn.net/Articles/997480/


∗∗∗ Delta Electronics DIAScreen ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily