[CERT-daily] Tageszusammenfassung - 20.11.2024
Daily end-of-shift report
team at cert.at
Wed Nov 20 18:07:08 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 19-11-2024 18:00 − Mittwoch 20-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Bigger and badder: how DDoS attack sizes have evolved over the last decade ∗∗∗
---------------------------------------------
If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps).
---------------------------------------------
https://blog.cloudflare.com/bigger-and-badder-how-ddos-attack-sizes-have-evolved-over-the-last-decade
∗∗∗ Kein Angriff auf Idev-Portal: Destatis weist Schuld für Datenleck von sich ∗∗∗
---------------------------------------------
Das Statistische Bundesamt hat sein Idev-Portal untersucht. Von Hackern erbeutete Daten sollen bei den meldenden Unternehmen abgeflossen sein.
---------------------------------------------
https://www.golem.de/news/kein-cyberangriff-auf-meldesystem-destatis-weist-schuld-fuer-datenleck-von-sich-2411-190964.html
∗∗∗ Inside the Threat: Ein Blick hinter die Kulissen zur Abwehr einer aktiven Bedrohung ∗∗∗
---------------------------------------------
Früherkennung und proaktive Untersuchung können einen Ransomware-Angriff im Keim ersticken. Ein aktueller realer Fall, zeigt, wie es funktioniert.
---------------------------------------------
https://sec-consult.com/de/blog/detail/inside-the-threat-ein-blick-hinter-die-kulissen-zur-abwehr-einer-aktiven-bedrohung/
∗∗∗ Decades-Old Security Vulnerabilities Found in Ubuntus Needrestart Package ∗∗∗
---------------------------------------------
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user ..
---------------------------------------------
https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html
∗∗∗ Yubikey-Seitenkanal: Weitere Produkte für Cloning-Attacke anfällig ∗∗∗
---------------------------------------------
Die Seitenkanal-Lücke EUCLEAK wurde auch als "Yubikey-Cloning-Attacke" bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren.
---------------------------------------------
https://www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anfaellig-10078520.html
∗∗∗ Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware ∗∗∗
---------------------------------------------
Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased —affecting critical sectors.
---------------------------------------------
https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-ignoble-scorpius/
∗∗∗ Looking at the Internals of the Kenwood DMX958XR IVI ∗∗∗
---------------------------------------------
For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of ..
---------------------------------------------
https://www.thezdi.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi
∗∗∗ Critical Vulnerabilities in vCenter Server Exploited in the Wild ∗∗∗
---------------------------------------------
CVE CVE-2024-38813CVE-2024-38812 Affected Products VMware vCenter Server VMware Cloud Foundation Exploitation Broadcom has confirmed exploitation of these vulnerabilities[1]. The CVE has not been ..
---------------------------------------------
https://www.truesec.com/hub/blog/critical-vulnerabilities-in-vcenter-server-exploited-in-the-wild
∗∗∗ Malicious QR Codes: How big of a problem is it, really? ∗∗∗
---------------------------------------------
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption.
---------------------------------------------
https://blog.talosintelligence.com/malicious_qr_codes/
∗∗∗ Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming ∗∗∗
---------------------------------------------
Aqua Nautilus’ research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.
---------------------------------------------
https://hackread.com/hackers-exploit-misconfigured-jupyter-servers-sports-streaming/
∗∗∗ Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 ∗∗∗
---------------------------------------------
It'll be no surprise that 2024, 2023, 2022, and every other year of humanities existence has been tough for SSLVPN appliances. Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks ..
---------------------------------------------
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
∗∗∗ Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory ∗∗∗
---------------------------------------------
In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-mitigating-pass-the-hash-attacks-in-active-directory/
∗∗∗ Let’s Encrypt: Ten Years ∗∗∗
---------------------------------------------
Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?
---------------------------------------------
https://letsencrypt.org/2014/11/18/announcing-lets-encrypt/
∗∗∗ Achieving NIST CSF 2.0 Compliance: Best Practices ∗∗∗
---------------------------------------------
Cybersecurity is an ever-growing concern in today’s digital era. With the rise of cyberattacks and data breaches, organizations must adopt best practices to safeguard their sensitive information. One of the leading frameworks guiding organizations in securing their digital assets is the NIST CSF 2.0 by National Institute of Standards and ..
---------------------------------------------
https://fortbridge.co.uk/regulations/achieving-nist-csf-2-0-compliance-with-penetration-testing/
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-5815-1 needrestart - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00229.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list