[CERT-daily] Tageszusammenfassung - 07.10.2024
Daily end-of-shift report
team at cert.at
Mon Oct 7 18:08:14 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 04-10-2024 18:00 − Montag 07-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Russia arrests US-sanctioned Cryptex founder, 95 other linked suspects ∗∗∗
---------------------------------------------
Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/russia-arrests-us-sanctioned-cryptex-founder-95-other-linked-suspects/
∗∗∗ MoneyGram: No evidence ransomware is behind recent cyberattack ∗∗∗
---------------------------------------------
MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/moneygram-no-evidence-ransomware-is-behind-recent-cyberattack/
∗∗∗ Spielzeugmarke: Hack der Lego-Webseite zielt auf Kryptobetrug ab ∗∗∗
---------------------------------------------
Am 4. Oktober 2024 wurde die offizielle Website von Lego Opfer eines Hacks. Unbekannte bewarben eine Kryptowährung namens Lego-Coin.
---------------------------------------------
https://www.golem.de/news/spielzeugmarke-hack-der-lego-webseite-zielt-auf-kryptobetrug-ab-2410-189541.html
∗∗∗ Nach US-Bann: Kaspersky fliegt weltweit aus dem Google Play Store ∗∗∗
---------------------------------------------
Kaspersky-Software ist seit Tagen nicht mehr im Play Store erhältlich. Ursache ist das US-Verbot des russischen Herstellers - mit globalen Auswirkungen.
---------------------------------------------
https://www.golem.de/news/nach-us-bann-kaspersky-fliegt-weltweit-aus-dem-google-play-store-2410-189562.html
∗∗∗ Awaken Likho is awake: new techniques of an APT group ∗∗∗
---------------------------------------------
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
---------------------------------------------
https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
∗∗∗ HUMINT and its Role within Cybersecurity ∗∗∗
---------------------------------------------
This blog explores HUMINTs role in cybersecurity, detailing its implementation, benefits, and potential risks.
---------------------------------------------
https://www.sans.org/blog/humint-and-its-role-within-cybersecurity
∗∗∗ Largest Recorded DDoS Attack is 3.8 Tbps ∗∗∗
---------------------------------------------
Cloudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.)
---------------------------------------------
https://www.schneier.com/blog/archives/2024/10/largest-recorded-ddos-attack-is-3-8-tbps.html
∗∗∗ Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications ∗∗∗
---------------------------------------------
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.The flaw, tracked as CVE-2024-47561, ..
---------------------------------------------
https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
∗∗∗ Chinesische Hacker stehlen sensible Daten von US-Gerichten ∗∗∗
---------------------------------------------
Via Internetdienstanbieter verschafft sich die "Salt Typhoon"-Kampagne Zugriff zu heiklen Daten. US-Behörden befürchten weitere Angriffe
---------------------------------------------
https://www.derstandard.at/story/3000000239609/chinesische-hacker-stehlen-sensible-daten-von-us-gerichten
∗∗∗ No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection ∗∗∗
---------------------------------------------
Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more.
---------------------------------------------
https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
∗∗∗ From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities ∗∗∗
---------------------------------------------
This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included.
---------------------------------------------
https://www.thezdi.com/blog/2024/10/2/from-pwn2own-automotive-more-autel-maxicharger-vulnerabilities
∗∗∗ Russian state media company operation disrupted by ‘unprecedented’ cyberattack ∗∗∗
---------------------------------------------
Russian state television and radio broadcasting company VGTRK was hit by a cyberattack on Monday that disrupted its operations, the company confirmed in a statement to local news agencies.
---------------------------------------------
https://therecord.media/russian-state-media-company-disrupted-cyberattack
∗∗∗ Engaging with Boards to improve the management of cyber security risk ∗∗∗
---------------------------------------------
How to communicate more effectively with board members to improve cyber security decision making.
---------------------------------------------
https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly
∗∗∗ Forensic Readiness in Container Environments ∗∗∗
---------------------------------------------
One of the most frustrating issues that Digital Forensics and Incident Response (DFIR) consultants encounter is a lack of forensic data available for analysis. This article aims to mitigate such situations by providing key considerations for improving forensic readiness.
---------------------------------------------
https://www.nccgroup.com/us/research-blog/forensic-readiness-in-container-environments/
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-5785-1 mediawiki - security update ∗∗∗
---------------------------------------------
Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00198.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (go-toolset:rhel8 and linux-firmware), Arch Linux (oath-toolkit), Debian (e2fsprogs, firefox-esr, libgsf, mediawiki, and oath-toolkit), Fedora (aws, chromium, firefox, p7zip, pgadmin4, python-gcsfs, unbound, webkitgtk, znc, znc-clientbuffer, and znc-push), Mageia (ghostscript and rootcerts nss firefox firefox-l10n), ..
---------------------------------------------
https://lwn.net/Articles/993160/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list