[CERT-daily] Tageszusammenfassung - 03.10.2024

Thu Oct 3 18:05:03 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 02-10-2024 18:00 − Donnerstag 03-10-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Fake browser updates spread updated WarmCookie malware ∗∗∗
---------------------------------------------
A new FakeUpdate campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-browser-updates-spread-updated-warmcookie-malware/


∗∗∗ FIN7 hackers launch deepfake nude “generator” sites to spread malware ∗∗∗
---------------------------------------------
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fin7-hackers-launch-deepfake-nude-generator-sites-to-spread-malware/


∗∗∗ Weird Zimbra Vulnerability ∗∗∗
---------------------------------------------
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage ..
---------------------------------------------
https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html


∗∗∗ INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa ∗∗∗
---------------------------------------------
INTERPOL has announced the arrest of eight individuals in Côte dIvoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud.Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes ..
---------------------------------------------
https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html


∗∗∗ APT and financial attacks on industrial organizations in Q2 2024 ∗∗∗
---------------------------------------------
This summary provides an overview of the reports of APT and financial attacks on industrial enterprises that were disclosed in Q2 2024, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
---------------------------------------------
https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-q2-2024/


∗∗∗ Experts warn of DDoS attacks using linux printing vulnerability ∗∗∗
---------------------------------------------
A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.
---------------------------------------------
https://therecord.media/ddos-attacks-cups-linux-print-vulnerability


∗∗∗ As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever ∗∗∗
---------------------------------------------
Of the 1,253 incidents reported to the Information Commissioner’s Office (ICO) in 2023, only 87 were investigated — fewer than 7%. The numbers so far for 2024 are similar.
---------------------------------------------
https://therecord.media/uk-ico-ransomware-investigations-data


∗∗∗ Threat actor believed to be spreading new MedusaLocker variant since 2022 ∗∗∗
---------------------------------------------
Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat ..
---------------------------------------------
https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/


∗∗∗ perfctl: A Stealthy Malware Targeting Millions of Linux Servers ∗∗∗
---------------------------------------------
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you ..
---------------------------------------------
https://blog.aquasec.com/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers


∗∗∗ "Alptraum": Daten aller niederländischen Polizisten geklaut – von Drittstaat? ∗∗∗
---------------------------------------------
Hacker haben die Kontaktdaten aller Mitarbeiter der Polizei erbeutet. Nun kommt das Justizministerium mit einer weiteren alarmierenden Nachricht.
---------------------------------------------
https://heise.de/-9961529


∗∗∗ Thailändische Regierung von neuem APT "CeranaKeeper" angegriffen ∗∗∗
---------------------------------------------
Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden.
---------------------------------------------
https://heise.de/-9961562


=====================
=  Vulnerabilities  =
=====================


∗∗∗ ZDI-24-1321: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-40841.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1321/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (cups-filters), Debian (chromium and php8.2), Fedora (firefox), Oracle (cups-filters, flatpak, kernel, krb5, oVirt 4.5 ovirt-engine, and python-urllib3), Red Hat (cups-filters, firefox, go-toolset:rhel8, golang, and thunderbird), SUSE (postgresql16), and Ubuntu (gnome-shell and linux-azure-fde-5.15).
---------------------------------------------
https://lwn.net/Articles/992798/


∗∗∗ Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2024-043


∗∗∗ Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr


∗∗∗ Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily