[CERT-daily] Tageszusammenfassung - 18.10.2024
Daily end-of-shift report
team at cert.at
Fri Oct 18 18:08:24 CEST 2024
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 17-10-2024 18:00 − Freitag 18-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia ∗∗∗
---------------------------------------------
A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc.
---------------------------------------------
https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/
∗∗∗ Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack) ∗∗∗
---------------------------------------------
Introduction In the perpetually evolving field of cybersecurity, new threats materialize daily. Attackers are on the prowl for weaknesses in infrastructure and software like a cat eyeing its helpless prey.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/
∗∗∗ U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign ∗∗∗
---------------------------------------------
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks."Since October 2023, Iranian ..d
---------------------------------------------
https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html
∗∗∗ Intel hits back at Chinas accusations it bakes in NSA backdoors ∗∗∗
---------------------------------------------
Chipzilla says it obeys the law wherever it is, which is nice Intel has responded to Chinese claims that its chips include security backdoors at the direction of Americas NSA.
---------------------------------------------
https://www.theregister.com/2024/10/18/intel_china_security_allegations/
∗∗∗ Alleged Bitcoin crook faces 5 years after SECs X account pwned ∗∗∗
---------------------------------------------
SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commissions X account earlier this year.
---------------------------------------------
https://www.theregister.com/2024/10/18/sec_bitcoin_arrest/
∗∗∗ Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach ∗∗∗
---------------------------------------------
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBIs InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led ..
---------------------------------------------
https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/
∗∗∗ EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs ∗∗∗
---------------------------------------------
One of my Mastodon followers sent me an interesting toot today, which lead to this forum post ..
---------------------------------------------
https://doublepulsar.com/eiw-eset-israel-wiper-used-in-active-attacks-targeting-israeli-orgs-b1210aed7021
∗∗∗ What I’ve learned in my first 7-ish years in cybersecurity ∗∗∗
---------------------------------------------
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
---------------------------------------------
https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/
∗∗∗ Call stack spoofing explained using APT41 malware ∗∗∗
---------------------------------------------
Summary Call stack spoofing isn’t a new technique, but it has become more popular in the last few years. Call stacks are a telemetry source for EDR software that can be used to determine if a process made suspicious actions (requesting a handle to the lsass process, writing suspicious code to a newly allocated area, ..
---------------------------------------------
https://cybergeeks.tech/call-stack-spoofing-explained-using-apt41-malware/
∗∗∗ Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom ∗∗∗
---------------------------------------------
North Korean hackers are infiltrating Western companies using fraudulent IT workers to steal sensitive data and extort ransom.
---------------------------------------------
https://hackread.com/fake-north-korean-it-workers-west-firms-demand-ransom/
∗∗∗ U.S. and UK Warn of Russian Cyber Threats: 9 of 12 GreyNoise-Tracked Vulnerabilities in the Advisory Are Being Probed Right Now ∗∗∗
---------------------------------------------
Joint U.S. and UK advisory identifies 24 vulnerabilities exploited by Russian state-sponsored APT 29, with GreyNoise detecting active probing on nine of these critical CVEs. Stay informed with real-time ..
---------------------------------------------
https://www.greynoise.io/blog/u-s-and-uk-warn-of-russian-cyber-threats-9-of-24-vulnerabilities-in-the-advisory-are-being-probed-right-now
∗∗∗ Apple Passwörter: So lautet das Rezept für generierte Passwörter ∗∗∗
---------------------------------------------
Ein leitender Softwareentwickler Apples erklärt in einem Blogpost, nach welchem Muster Apple Passwörter generiert.
---------------------------------------------
https://heise.de/-9986503
=====================
= Vulnerabilities =
=====================
∗∗∗ SVD-2024-1013: Third-Party Package Updates in Splunk Add-on for Office 365 - October 2024 ∗∗∗
---------------------------------------------
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Office 365 versions 4.5.2 and higher.
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-1013
∗∗∗ Synology-SA-24:17 Synology Camera ∗∗∗
---------------------------------------------
The vulnerabilities allow remote attackers to execute arbitrary code, remote attackers to bypass security constraints and remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Camera BC500 Firmware, Synology Camera TC500 Firmware and Synology Camera CC400W Firmware.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_24_17
∗∗∗ ZDI-24-1419: Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1419/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list