[CERT-daily] Tageszusammenfassung - 10.09.2024

Tue Sep 10 18:09:35 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-09-2024 18:00 − Dienstag 10-09-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Quad7 botnet targets more SOHO and VPN routers, media servers ∗∗∗
---------------------------------------------
The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/quad7-botnet-targets-more-soho-and-vpn-routers-media-servers/


∗∗∗ NoName ransomware gang deploying RansomHub malware in recent attacks ∗∗∗
---------------------------------------------
The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/


∗∗∗ Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions ∗∗∗
---------------------------------------------
The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-spiderlabs-research-20-of-ransomware-attacks-in-financial-services-target-banking-institutions/


∗∗∗ Russias top-secret military unit reportedly plots undersea cable sabotage ∗∗∗
---------------------------------------------
US alarmed by heightened Kremlin naval activity worldwide Russias naval activity near undersea cables is reportedly drawing the scrutiny of US officials, further sparking concerns that the Kremlin may be plotting to "sabotage" underwater infrastructure via a secretive, dedicated military unit called the General Staff Main Directorate for Deep Sea Research (GUGI).
---------------------------------------------
https://www.theregister.com/2024/09/09/russia_readies_submarine_cable_sabotage/


∗∗∗ Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics ∗∗∗
---------------------------------------------
Introduction Following the 2024 ThreatLabz Phishing Report, Zscaler ThreatLabz has been closely tracking domains associated with typosquatting and brand impersonation - common techniques used by threat actors to proliferate phishing campaigns. Typosquatting involves registering domains with misspelled versions of popular websites or ..
---------------------------------------------
https://www.zscaler.com/blogs/security-research/phishing-typosquatting-and-brand-impersonation-trends-and-tactics


∗∗∗ Slim CD Data Breach Impacts 1.7 Million Individuals ∗∗∗
---------------------------------------------
Slim CD says the personal and credit card information of 1.7 million was compromised in a ten-month-long data breach.
---------------------------------------------
https://www.securityweek.com/slim-cd-data-breach-impacts-1-7-million-individuals/


∗∗∗ Study Finds Excessive Use of Remote Access Tools in OT Environments ∗∗∗
---------------------------------------------
The excessive use of remote access tools in OT environments can increase the attack surface, complicate identity management, and hinder visibility.
---------------------------------------------
https://www.securityweek.com/study-finds-excessive-use-of-remote-access-tools-in-ot-environments/


∗∗∗ Smart home security advice. Ring, SimpliSafe, Swann, and Yale ∗∗∗
---------------------------------------------
Introduction This guide covers the security of smart home security products from Ring, Yale, Swann, and SimpliSafe. Whether you’re looking to monitor your property remotely, enhance your home’s security, or ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/smart-home-security-advice-ring-simplisafe-swann-and-yale/


∗∗∗ Firmen überschätzen eigene Abwehrbereitschaft gegen Hacker ∗∗∗
---------------------------------------------
Laut einer aktuellen Studie zahlten 86 Prozent der befragten Firmen im vergangenen Jahr "Lösegeld", nachdem ihre Systeme infiziert wurden
---------------------------------------------
https://www.derstandard.at/story/3000000235958/firmen-ueberschaetzen-eigene-abwehrbereitschaft-gegen-hacker


∗∗∗ Threat Assessment: North Korean Threat Groups ∗∗∗
---------------------------------------------
Explore Unit 42s review of North Korean APT groups and their impact, detailing the top 10 malware and tools weve seen from these threat actors.
---------------------------------------------
https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/


∗∗∗ Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware ∗∗∗
---------------------------------------------
Repellent Scorpius distributes Cicada3301 ransomware, using double extortion and targeting global victims since May 2024. We break down their toolset and more.
---------------------------------------------
https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/


∗∗∗ August 2024’s Most Wanted Malware: RansomHub Reigns Supreme While Meow Ransomware Surges ∗∗∗
---------------------------------------------
Check Point’s latest threat index reveals RansomHub’s continued dominance and Meow ransomware’s rise with novel tactics and significant impact. Check Point’s Global Threat Index for August 2024 revealed ransomware remains a dominant force, with RansomHub sustaining its position as the top ransomware group. This Ransomware-as-a-Service (RaaS) ..
---------------------------------------------
https://blog.checkpoint.com/research/august-2024s-most-wanted-malware-ransomhub-reigns-supreme-while-meow-ransomware-surges/


∗∗∗ CISA says SonicWall bug being exploited as experts warn of ransomware gang use ∗∗∗
---------------------------------------------
Federal cybersecurity experts are warning that a vulnerability affecting products from SonicWall is being exploited, and ordered all federal civilian agencies to implement a patch for the bug by the end of the month. 
---------------------------------------------
https://therecord.media/cisa-orders-patching-of-sonicwall-bug-ransomware


∗∗∗ CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security ∗∗∗
---------------------------------------------
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released two election security checklists as part of the comprehensive suite of resources available for election officials, the Physical Security Checklist for Election Offices and Election Infrastructure Cybersecurity Readiness and Resilience Checklist. These checklists are tools to quickly review existing practices and take steps to enhance physical and cyber resilience in preparation for election day.
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-releases-election-security-focused-checklists-both-cybersecurity-and-physical-security


∗∗∗ Do We Need Yet Another Vulnerability Scoring System? If it’s SSVC that’s a resounding YASS ∗∗∗
---------------------------------------------
Want to know about Yet Another Vulnerability Scoring System (YASS)? Ben Edwards breaks down Stakeholder Specific Vulnerability Categorization and how to make it work.
---------------------------------------------
https://www.bitsight.com/blog/do-we-need-yet-another-vulnerability-scoring-system-if-its-ssvc-thats-resounding-yass


∗∗∗ Wegen US-Verbannung: Kaspersky-Kunden erhalten UltraAV von Pango ∗∗∗
---------------------------------------------
Nach dem Bann in den USA stellt das Unternehmen Kunden nun auf UltraAV um, bestätigt Kaspersky gegenüber heise online.
---------------------------------------------
https://heise.de/-9862992


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Citrix Releases Security Updates for Citrix Workspace App for Windows ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows


∗∗∗ September 2024 Security Update ∗∗∗
---------------------------------------------
https://www.ivanti.com/blog/september-2024-security-update

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily