[CERT-daily] Tageszusammenfassung - 09.10.2024

Daily end-of-shift report team at cert.at
Wed Oct 9 18:33:44 CEST 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 08-10-2024 18:00 − Mittwoch 09-10-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


=====================
=       News        =
=====================


∗∗∗ Two never-before-seen tools, from same group, infect air-gapped devices ∗∗∗
---------------------------------------------
Its hard enough creating one air-gap-jumping tool. GoldenJackal did it 2x in 5 years.
---------------------------------------------
https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/


∗∗∗ European govt air-gapped systems breached using custom malware ∗∗∗
---------------------------------------------
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/


∗∗∗ New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks ∗∗∗
---------------------------------------------
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/new-scanner-finds-linux-unix-servers-exposed-to-cups-rce-attacks/


∗∗∗ Sicherheitslücke: RDP-Server von Windows aus der Ferne angreifbar ∗∗∗
---------------------------------------------
Ein erfolgreicher Angriff erfordert zwar eine gewonnene Race Condition, dafür aber keinerlei Authentifizierung oder Nutzer-Interaktion.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-rdp-server-von-windows-aus-der-ferne-angreifbar-2410-189652.html


∗∗∗ Cisco warnt: Kinder erhöhen Cyberrisiko im Homeoffice ∗∗∗
---------------------------------------------
Laut Cisco erlauben rund zwei Drittel aller Eltern im Homeoffice ihren Kindern den Zugriff auf beruflich genutzte Geräte - häufig sogar unbeaufsichtigt.
---------------------------------------------
https://www.golem.de/news/cisco-warnt-kinder-erhoehen-cyberrisiko-im-homeoffice-2410-189661.html


∗∗∗ From Perfctl to InfoStealer ∗∗∗
---------------------------------------------
A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I wont repeat what has been already disclosed. I found a ..
---------------------------------------------
https://isc.sans.edu/diary/From+Perfctl+to+InfoStealer/31334


∗∗∗ Ransomware gang Trinity joins pile of scumbags targeting healthcare ∗∗∗
---------------------------------------------
As if hospitals and clinics didnt have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.
---------------------------------------------
https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/


∗∗∗ Patch Tuesday, October 2024 Edition ∗∗∗
---------------------------------------------
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes ..
---------------------------------------------
https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/


∗∗∗ How to handle vulnerability reports in aviation ∗∗∗
---------------------------------------------
TL;DR Always thank researchers for reporting vulnerabilities. Acknowledging their efforts can set the right tone. Lead all communications with researchers. Don’t let legal or PR teams take over. Provide ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/how-to-handle-vulnerability-reports-in-aviation/


∗∗∗ So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte ∗∗∗
---------------------------------------------
Sie werden per SMS über eine Rückerstattung vom Finanzamt informiert und klicken auf den Link. Sie gelangen auf die Webseite des Finanzamts – zumindest sieht es so aus. Sie wählen Ihre Bank aus, um das Geld zu erhalten. Doch plötzlich kommt eine Fehlermeldung von Ihrer Bank. Sie erhalten eine neue Bankomatkarte und müssen die alte zerschneiden und ..
---------------------------------------------
https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/


∗∗∗ Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware ∗∗∗
---------------------------------------------
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.
---------------------------------------------
https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/


∗∗∗ Schwachstellen in Intels Sicherheitstechnologie TDX entdeckt​ ∗∗∗
---------------------------------------------
Wissenschaftler von der Universität zu Lübeck haben Schwachstellen in Intels Trusted Domain Extensions identifiziert. Intel hat eine Lücke bereits geschlossen.
---------------------------------------------
https://heise.de/-9974224


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Synology-SA-24:12 GitLab ∗∗∗
---------------------------------------------
A vulnerability allows remote attacker to bypass authentication via a susceptible version of GitLab.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_24_12


∗∗∗ DSA-5729-2 apache2 - regression update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00200.html


∗∗∗ Announcement: Drupal core issues with some risk levels may be treated as bugs in the public issue queue, not as private security issues - PSA-2023-07-12 ∗∗∗
---------------------------------------------
https://www.drupal.org/psa-2023-07-12


∗∗∗ Local Privilege Escalation mittels MSI installer in Palo Alto Networks GlobalProtect ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-mittels-msi-installer-in-palo-alto-networks-globalprotect/


∗∗∗ October Security Update ∗∗∗
---------------------------------------------
https://www.ivanti.com/blog/october-2024-security-update

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list