[CERT-daily] Tageszusammenfassung - 01.10.2024
Daily end-of-shift report
team at cert.at
Tue Oct 1 18:33:11 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Montag 30-09-2024 18:00 − Dienstag 01-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Microsoft Defender adds detection of unsecure Wi-Fi networks ∗∗∗
---------------------------------------------
Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when theyre connected to unsecured Wi-Fi networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/
∗∗∗ Microsoft overhauls security for publishing Edge extensions ∗∗∗
---------------------------------------------
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/
∗∗∗ What Are Hackers Searching for in SolarWinds Serv-U (CVE-2024-28995)? ∗∗∗
---------------------------------------------
Discover how GreyNoise’s honeypots are monitoring exploit attempts on the SolarWinds Serv-U vulnerability (CVE-2024-28995). Gain insights into the specific files attackers target and how real-time data helps security teams focus on true threats.
---------------------------------------------
https://www.greynoise.io/blog/what-are-hackers-searching-for-in-solarwinds-serv-u-cve-2024-28995
∗∗∗ Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning ∗∗∗
---------------------------------------------
Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model.
---------------------------------------------
https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
∗∗∗ Rackspace internal monitoring web servers hit by zero-day ∗∗∗
---------------------------------------------
Reading between the lines, it appears Rackspace was hosting a ScienceLogic-powered monitoring dashboard for its customers on its own internal web servers, those servers included a program that was bundled with ScienceLogic's software, and that program was exploited, using a zero-day vulnerability, by miscreants to gain access to those web servers. From there, the intruders were able to get hold of some monitoring-related customer information before being caught.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/09/30/rackspace_zero_day_attack/
∗∗∗ Crooked Cops, Stolen Laptops & the Ghost of UGNazi ∗∗∗
---------------------------------------------
A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the mans alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.
---------------------------------------------
https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-of-ugnazi/
∗∗∗ BSI empfiehlt die Nutzung von Passkeys ∗∗∗
---------------------------------------------
Das BSI empfiehlt die Nutzung von Passkeys. Eine Umfrage zeige auf, dass die Bekanntheit und Verbreitung ausbaufähig seien.
---------------------------------------------
https://heise.de/-9959270
∗∗∗ Ransomware: Ermittler melden neue Erfolge im Kampf gegen Lockbit ∗∗∗
---------------------------------------------
Neben Verhaftungen in Frankreich und Großbritannien haben internationale Strafverfolger die Infrastruktur der Erpresser gestört – zudem ergingen Sanktionen.
---------------------------------------------
https://heise.de/-9959100
∗∗∗ WordPress Vulnerability & Patch Roundup September 2024 ∗∗∗
---------------------------------------------
Vulnerability reports and responsible disclosures are essential for website security awareness and education.
---------------------------------------------
https://blog.sucuri.net/2024/09/wordpress-vulnerability-patch-roundup-september-2024.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5).
---------------------------------------------
https://lwn.net/Articles/992444/
∗∗∗ Mozilla Foundation Security Advisories 2024-10-01 (Thunderbird and Firefox) ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/
∗∗∗ Juniper: 2024-09-30 Out of Cycle Security Advisory: Multiple Products: RADIUS protocol susceptible to forgery attacks (Blast-RADIUS) (CVE-2024-3596) ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Security-Advisory-Multiple-Products-RADIUS-protocol-susceptible-to-forgery-attacks-Blast-RADIUS-CVE-2024-3596
∗∗∗ Bosch: Sensitive information disclosure in Bosch Configuration Manager ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-981803-bt.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list