[CERT-daily] Tageszusammenfassung - 17.10.2024

Thu Oct 17 18:05:29 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 16-10-2024 18:00 − Donnerstag 17-10-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Iranian hackers act as brokers selling critical infrastructure access ∗∗∗
---------------------------------------------
Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/iranian-hackers-act-as-brokers-selling-critical-infrastructure-access/


∗∗∗ Mit Standard-Zugangsdaten: Kubernetes-Lücke ermöglicht Root-Zugriff per SSH ∗∗∗
---------------------------------------------
Betroffen sind Images, die mit dem Kubernetes Image Builder erstellt wurden. Es gibt zwar einen Patch, doch der schützt bestehende Images nicht.
---------------------------------------------
https://www.golem.de/news/mit-standard-zugangsdaten-kubernetes-luecke-ermoeglicht-root-zugriff-per-ssh-2410-189927.html


∗∗∗ The 2024 State of ICS/OT Cybersecurity: Our Past and Our Future ∗∗∗
---------------------------------------------
The 2024 State of ICS/OT report shows our industry’s growth since 2019 and offers insight into how we may improve going into 2029.
---------------------------------------------
https://www.sans.org/blog/the-2024-state-of-ics-ot-cybersecurity-our-past-and-our-future


∗∗∗ DORA-Kernkonzepte verstehen: Fokus auf "Kritische oder wichtige Funktionen" ∗∗∗
---------------------------------------------
Mit dem Ziel, ein hohes Maß an digitaler operativer Widerstandsfähigkeit zu erreichen, bietet DORA einen umfassenden Rahmen für das wirksame ..
---------------------------------------------
https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/


∗∗∗ Cisco confirms ongoing investigation after crims brag about selling tons of data ∗∗∗
---------------------------------------------
Networking giant says no evidence of impact on its systems but will tell customers if their info has been stolen UPDATED Cisco has confirmed it is investigating claims of stealing — and now selling — data belonging ..
---------------------------------------------
https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/


∗∗∗ New ThreatLabz Report: Mobile remains a top threat vector with 111% spyware growth while IoT attacks rise 45% ∗∗∗
---------------------------------------------
The role of the CISO continues to expand, driven by the rising number of breaches and cyberattacks like ransomware, as well as SEC requirements for public organizations to disclose material breaches. Among the fastest-moving ..
---------------------------------------------
https://www.zscaler.com/blogs/security-research/new-threatlabz-report-mobile-remains-top-threat-vector-111-spyware-growth


∗∗∗ Sudanese Brothers Arrested in ‘AnonSudan’ Takedown ∗∗∗
---------------------------------------------
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the ..
---------------------------------------------
https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/


∗∗∗ Russische Hackergruppe bekennt sich zu Angriff auf das Internet Archive ∗∗∗
---------------------------------------------
Eine Gruppe namens "SN_BLACKMETA" hat nach eigenen Angaben DDoS-Attacken auf die Internetbibliothek durchgeführt
---------------------------------------------
https://www.derstandard.at/story/3000000241091/russische-hackergruppe-bekennt-sich-zu-angriff-auf-das-internet-archive


∗∗∗ Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism ∗∗∗
---------------------------------------------
Explore how macOS Gatekeepers security could be compromised by third-party apps not enforcing quarantine attributes effectively.
---------------------------------------------
https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/


∗∗∗ Ransomware: Threat Level Remains High in Third Quarter ∗∗∗
---------------------------------------------
Recently established RansomHub group overtakes LockBit to become most prolific ransomware operation.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-threat-level-remains-high


∗∗∗ Cyber Resilience Act beschlossen ∗∗∗
---------------------------------------------
Der Cyber Resilience Act (CRA) ist eine EU-Verordnung für die Sicherheit in Hard- und Softwareprodukten mit digitalen Elementen, die am 10.10.2024 im Rat der Europäischen Union verabschiedet wurde. Nach der Veröffentlichung im Amtsblatt der EU wird das ..
---------------------------------------------
https://certitude.consulting/blog/de/cyber-resilience-act-beschlossen/


∗∗∗ Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil ∗∗∗
---------------------------------------------
Police did not name the suspect, but a threat actor known as USDoD has long boasted of being behind the attacks that were highlighted by Brazilian law enforcement following the arrest.
---------------------------------------------
https://therecord.media/hacker-behind-fbi-npd-airbus-attacks-arrested-brazil


∗∗∗ Why Hackers May Be Targeting You ∗∗∗
---------------------------------------------
In todays evolving cyber threat landscape, small and mid-sized businesses can reduce their risk by understanding cybercriminals, addressing misconceptions, and enhancing their cybersecurity and incident ..
---------------------------------------------
https://www.emsisoft.com/en/blog/46073/why-hackers-may-be-targeting-you/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Oracle Releases Quarterly Critical Patch Update Advisory for October 2024 ∗∗∗
---------------------------------------------
Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take ..
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
https://lwn.net/Articles/994630/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily