[CERT-daily] Tageszusammenfassung - 15.11.2024

Fri Nov 15 18:29:31 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-11-2024 18:00 − Freitag 15-11-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================


∗∗∗ Diese dummen Passwörter werden am häufigsten verwendet ∗∗∗
---------------------------------------------
Sind eure Accounts gut geschützt? Werft zur Sicherheit einen Blick auf diese Liste - hoffentlich fühlt ihr euch nicht ertappt.
---------------------------------------------
https://futurezone.at/digital-life/dumme-passwoerter-oesterreich-international-2024/402975640


∗∗∗ Cyberangriff auf Destatis: Hacker erbeuten Firmendaten des Statistischen Bundesamtes ∗∗∗
---------------------------------------------
Der 3,8 GBytes große Datensatz bietet Zugriff auf von Unternehmen gemeldete Informationen. Das attackierte System wurde erst kürzlich modernisiert.
---------------------------------------------
https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html


∗∗∗ MacOS 15.1: Apple patcht Drittanbieter-Firewalls kaputt ∗∗∗
---------------------------------------------
Wer unter MacOS 15.1 Drittanbieter-Firewalls wie Little Snitch verwendet, könnte auf Probleme stoßen. Filterregeln bleiben je nach Konfiguration wirkungslos.
---------------------------------------------
https://www.golem.de/news/macos-15-1-apple-patcht-drittanbieter-firewalls-kaputt-2411-190821.html


∗∗∗ New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data ∗∗∗
---------------------------------------------
The New Glove Stealer malware has the ability to bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. The threat actors’ attacks employed social engineering techniques akin to ..
---------------------------------------------
https://heimdalsecurity.com/blog/glove-stealer-malware/


∗∗∗ Gegen Enkeltrickbetrug: KI-Omi soll Kriminelle in endlose Gespräche verwickeln ∗∗∗
---------------------------------------------
Eine KI-generierte Omi soll für O2 Kriminelle beschäftigen, die echten Menschen per Telefon das Geld aus Tasche ziehen wollen. Dazu soll sie reden und reden.
---------------------------------------------
https://www.heise.de/news/Gegen-Enkeltrickbetrug-KI-Omi-soll-Kriminelle-in-endlose-Gespraeche-verwickeln-10036234.html


∗∗∗ Wordpress-Plug-in Really Simple Security gefährdet 4 Millionen Websites ∗∗∗
---------------------------------------------
Rund vier Millionen Wordpress-Seiten nutzen das Plug-in Really Simple Security. Angreifer aus dem Netz können sie kompromittieren.
---------------------------------------------
https://www.heise.de/news/Wordpress-Plug-in-Really-Simple-Security-gefaehrdet-4-Millionen-Websites-10038111.html


∗∗∗ An Interview With the Target & Home Depot Hacker ∗∗∗
---------------------------------------------
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and ..
---------------------------------------------
https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/


∗∗∗ Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack ∗∗∗
---------------------------------------------
North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities.
---------------------------------------------
https://unit42.paloaltonetworks.com/fake-north-korean-it-worker-activity-cluster/


∗∗∗ Kritische Sicherheitslücke in Laravel Framework - Updates verfügbar ∗∗∗
---------------------------------------------
Im Laravel Framework wurde eine kritische Sicherheitslücke entdeckt. Die Schwachstelle ermöglicht es Angreifern, durch manipulierte URLs unbefugten Zugriff auf Anwendungen zu erlangen und Umgebungsvariablen zu manipulieren.
---------------------------------------------
https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar


∗∗∗ Safeguarding Healthcare Organizations from IoMT Risks ∗∗∗
---------------------------------------------
The healthcare industry has undergone significant transformation with the emergence of the Internet of Medical Things (IoMT) devices. These devices ranging from wearable monitors to network imaging systems collect and process vast ..
---------------------------------------------
https://levelblue.com/blogs/security-essentials/safeguarding-healthcare-organizations-from-iomt-risks


∗∗∗ Zero-day exploitation targeting Palo Alto Networks firewall management interfaces ∗∗∗
---------------------------------------------
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/


∗∗∗ Microsoft Power Pages Misconfigurations Expose Millions of Records Globally ∗∗∗
---------------------------------------------
SaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches.
---------------------------------------------
https://hackread.com/microsoft-power-pages-misconfigurations-data-leak/


∗∗∗ Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation ∗∗∗
---------------------------------------------
Written by: Matthijs Gielen, Jay ChristiansenBackgroundNew solutions, old problems. Artificial intelligence (AI) and large language models (LLMs) are here to signal a new day in the cybersecurity world, but what does that mean for us—the attackers and defenders—and our battle to improve security through all the noise?Data is everywhere. For most ..
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/ai-enhancing-your-adversarial-emulation/


∗∗∗ Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats ∗∗∗
---------------------------------------------
In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-against-ldap-injection-threats/


∗∗∗ Kubernetes Audit Log “Gotchas” ∗∗∗
---------------------------------------------
How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection.
---------------------------------------------
https://www.wiz.io/blog/overcoming-kubernetes-audit-log-challenges


∗∗∗ Massive npm Malware Campaign Leverages Ethereum Smart Contracts To Evade Detection and Maintain Control ∗∗∗
---------------------------------------------
Supply chain attacks are evolving. The Socket research team has uncovered a massive malware campaign that uses Ethereum smart contracts to control its operations - making it nearly impossible to shut down through traditional means. Instead of using conventional command and control servers that can be blocked or taken offline, these attackers ..
---------------------------------------------
https://socket.dev/blog/massive-npm-malware-campaign-leverages-ethereum-smart-contracts


∗∗∗ PyPI Introduces Digital Attestations to Strengthen Python Package Security ∗∗∗
---------------------------------------------
The Python Package Index (PyPI) has announced support for digital attestations. This new feature allows package maintainers to publish signed digital attestations when uploading their projects, providing an additional layer of trust and verification for users.What Are Digital Attestations?Digital attestations are cryptographic statements or ..
---------------------------------------------
https://socket.dev/blog/pypi-introduces-digital-attestations


∗∗∗ 60 Hours of Cyber Defense: Hong Kong’s Innovative Cybersecurity Drill Begins ∗∗∗
---------------------------------------------
Hong Kong has initiated its first-ever cybersecurity drill, set to run for a total of 60 hours. The Hong Kong cybersecurity drill commenced on Friday, with plans to establish it as an annual event moving forward. Innovation minister Sun Dong emphasized the importance of this initiative, stating that maintaining cybersecurity is essential for ..
---------------------------------------------
https://thecyberexpress.com/hong-kong-cybersecurity-drill/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack ∗∗∗
---------------------------------------------
https://securityonline.info/critical-laravel-flaw-cve-2024-52301-exposes-millions-of-web-applications-to-attack/


∗∗∗ [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/52082

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily