[CERT-daily] Tageszusammenfassung - 13.11.2024

Daily end-of-shift report team at cert.at
Wed Nov 13 18:10:57 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-11-2024 18:00 − Mittwoch 13-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Itsmydata: Hackerin veröffentlicht erneut Bonitätsdaten von Jens Spahn ∗∗∗
---------------------------------------------
Erst über Bonify, nun über Itsmydata: Lilith Wittmann hat sich mal wieder Bonitätsdaten von Jens Spahn beschafft. Immerhin hat sich sein Score verbessert.
---------------------------------------------
https://www.golem.de/news/itsmydata-hackerin-veroeffentlicht-erneut-bonitaetsdaten-von-jens-spahn-2411-190751.html


∗∗∗ Threats in space (or rather, on Earth): internet-exposed GNSS receivers ∗∗∗
---------------------------------------------
Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks.
---------------------------------------------
https://securelist.com/internet-exposed-gnss-receivers-in-2024/114548/


∗∗∗ Chinas Volt Typhoon crew and its botnet surge back with a vengeance ∗∗∗
---------------------------------------------
Ohm, for flux sake Chinas Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.
---------------------------------------------
https://www.theregister.com/2024/11/13/china_volt_typhoon_back/


∗∗∗ Stromanbieter Tibber gehackt, 50.000 deutsche Kunden betroffen ∗∗∗
---------------------------------------------
Tibber bestätigt, dass Hacker eingedrungen sind und Kundendaten an sich gebracht haben. Im Darknet werden diese nun verkauft.
---------------------------------------------
https://www.heise.de/news/Stromanbieter-Tibber-gehackt-50-000-deutsche-Kunden-betroffen-10030864.html


∗∗∗ Sicherheitsupdates: Zoom Room Client & Co. angreifbar ∗∗∗
---------------------------------------------
Die Entwickler rüsten verschiedene Zoom-Apps gegen mögliche Angriffe. Davon sind unter anderem macOS und Windows betroffen.
---------------------------------------------
https://www.heise.de/news/Sicherheitsupdates-Zoom-Room-Client-Co-angreifbar-10031648.html


∗∗∗ Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them ∗∗∗
---------------------------------------------
We discuss North Koreas use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this.
---------------------------------------------
https://unit42.paloaltonetworks.com/north-korean-it-workers/


∗∗∗ The November 2024 Security Update Review ∗∗∗
---------------------------------------------
It’s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts.If you’d rather watch the ..
---------------------------------------------
https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review


∗∗∗ How Italy became an unexpected spyware hub ∗∗∗
---------------------------------------------
Italy is home to six major spyware vendors and one supplier, with many smaller and harder-to-track enterprises emerging all the time, experts say.
---------------------------------------------
https://therecord.media/how-italy-became-an-unexpected-spyware-hub


∗∗∗ Germany warns of potential cyber threats from Russia ahead of snap election ∗∗∗
---------------------------------------------
“We must be especially prepared against threats like hacker attacks, manipulation, and disinformation," German Interior Minister Nancy Faeser said.
---------------------------------------------
https://therecord.media/germany-cyber-threats-russia-elections


∗∗∗ Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions ∗∗∗
---------------------------------------------
Trend Micros Threat Hunting Team has observed EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html


∗∗∗ Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool ∗∗∗
---------------------------------------------
Bitdefender has released a free decryptor for ShrinkLocker ransomware, which exploits Windows BitLocker to encrypt ..
---------------------------------------------
https://hackread.com/bitdefender-shrinklocker-ransomware-decryptor-tool/


∗∗∗ Emerging Threats: Cybersecurity Forecast 2025 ∗∗∗
---------------------------------------------
Every November, we start sharing forward-looking insights on threats and other cybersecurity topics to help organizations and defenders prepare for the year ahead. The Cybersecurity Forecast 2025 report, available today, plays a big role in helping us accomplish this mission.This year’s report draws on insights directly from Google ..
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025/


∗∗∗ Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation ∗∗∗
---------------------------------------------
In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/


∗∗∗ Making Sense of Kubernetes Initial Access Vectors Part 1 – Control Plane ∗∗∗
---------------------------------------------
Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats.
---------------------------------------------
https://www.wiz.io/blog/making-sense-of-kubernetes-initial-access-vectors-part-1-control-plane


∗∗∗ Time Boxed Penetration Testing for Web Applications ∗∗∗
---------------------------------------------
This article defines time boxed penetration testing and explains how it’s approached from a methodological standpoint. By focusing on high-risk areas, client-specific priorities, and sampling, time boxed testing can deliver efficient assessments within a limited timeframe.
---------------------------------------------
https://projectblack.io/blog/time-boxed-penetration-testing/


∗∗∗ Killing Filecoin nodes ∗∗∗
---------------------------------------------
By Simone Monica In January, we identified and reported a vulnerability in the Lotus and Venus clients of the Filecoin network that allowed an attacker to remotely crash a node and trigger a denial of service. This issue is ..
---------------------------------------------
https://blog.trailofbits.com/2024/11/13/killing-filecoin-nodes/


∗∗∗ Fault Injection – Down the Rabbit Hole ∗∗∗
---------------------------------------------
This series of articles describes fault injection attack techniques in order to understand their real potential by testing their limits and applicability with limited hardware (available on the market at an acceptable cost). It explores possible ways of using an attack that, in my opinion, is greatly underestimated.
---------------------------------------------
https://security.humanativaspa.it/fault-injection-down-the-rabbit-hole/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (expat), Fedora (chromium and golang-github-nvidia-container-toolkit), Mageia (curl, expat, mpg123, networkmanager-libreswan, openssl, php-tcpdf, qbittorrent, and x11-server, x11-server-xwayland, and tigervnc), Red Hat (kernel and libsoup), Slackware (mozilla), SUSE (firefox, kernel, python-PyPDF2, and xen), and Ubuntu (dotnet9, ghostscript, linux-aws, linux-oem-6.8, and pydantic).
---------------------------------------------
https://lwn.net/Articles/998044/


∗∗∗ ZDI-24-1472: Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1472/


∗∗∗ ZDI-24-1486: (0Day) G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1486/


∗∗∗ Critical Security Vulnerabilities Discovered in MZ Automation’s MMS Client ∗∗∗
---------------------------------------------
https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-automations-mms-client/


∗∗∗ Online Installer DLL Hijacking ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-24-205


∗∗∗ Fortinet Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list