[CERT-daily] Tageszusammenfassung - 16.09.2024

Mon Sep 16 18:17:24 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 13-09-2024 18:00 − Montag 16-09-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ 1.3 million Android-based TV boxes backdoored; researchers still don’t know how ∗∗∗
---------------------------------------------
Infection corrals devices running AOSP-based firmware into a botnet.
---------------------------------------------
https://arstechnica.com/?p=2049773


∗∗∗ Malware locks browser in kiosk mode to steal Google credentials ∗∗∗
---------------------------------------------
A malware campaign uses the unusual method of locking users in their browsers kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/


∗∗∗ Nach Cyberangriff: Hacker stellen Daten von Kawasaki ins Darknet ∗∗∗
---------------------------------------------
Kawasaki selbst behauptet, der Cyberangriff sei "nicht erfolgreich" gewesen. Dennoch sind im Darknet fast 500 GBytes an Unternehmensdaten aufgetaucht.
---------------------------------------------
https://www.golem.de/news/nach-cyberangriff-hacker-stellen-daten-von-kawasaki-ins-darknet-2409-188993.html


∗∗∗ Australia Threatens to Force Companies to Break Encryption ∗∗∗
---------------------------------------------
In 2018, Australia passed the Assistance and Access Act, which - among other things - gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance ..
---------------------------------------------
https://www.schneier.com/blog/archives/2024/09/australia-threatens-to-force-companies-to-break-encryption.html


∗∗∗ Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks ∗∗∗
---------------------------------------------
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users credentials."Unlike other phishing webpage ..
---------------------------------------------
https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html


∗∗∗ Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints ∗∗∗
---------------------------------------------
Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance One cybercriminal of the most violent kind will spend his best years behind bars, as will 11 of his thug pals for a string of cryptocurrency robberies in the US.
---------------------------------------------
https://www.theregister.com/2024/09/16/prison_just_got_rougher_as/


∗∗∗ Germany’s CDU still struggling to restore data months after June cyberattack ∗∗∗
---------------------------------------------
Putting a spanner in work for plans of opposition party to launch a comeback during next years elections One of Germanys major political parties is still struggling to restore member data more than three months after a June cyberattack targeting its systems.
---------------------------------------------
https://www.theregister.com/2024/09/16/nein_luck_for_germanys_cdu/


∗∗∗ Acquiring Malicious Browser Extension Samples on a Shoestring Budget ∗∗∗
---------------------------------------------
A friend of mine sent me a link to an article on malicious browser extensions that worked around Google Chrome Manifest V3 and asked if I had or could acquire a sample. In the process of getting a sample, I thought, if I was someone who didn’t have the paid resources that an enterprise might have, how would ..
---------------------------------------------
https://pberba.github.io/crypto/2024/09/14/malicious-browser-extension-genesis-market/


∗∗∗ Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen ∗∗∗
---------------------------------------------
Seit kurzem sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke sind uns zurzeit nicht bekannt, Hinweise für eine hacktivistische Motivation liegen jedoch vor. In Anbetracht der aktuellen Geschehnisse empfehlen wir ..
---------------------------------------------
https://www.cert.at/de/aktuelles/2024/9/ddos-angriffe-september-2024


∗∗∗ German radio station forced to broadcast emergency tape following cyberattack ∗∗∗
---------------------------------------------
Radio Geretsried, a local station in Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident left it broadcasting music from emergency backups. 
---------------------------------------------
https://therecord.media/germany-cyberattack-radio-geretsried


∗∗∗ Small Devices, Big Threats: The Dark Side of Removable Devices ∗∗∗
---------------------------------------------
Our new article highlights the security risks of removable devices like USB drives and SD cards, exploring real-world threats and offering key cybersecurity tips to protect sensitive data.
---------------------------------------------
https://www.emsisoft.com/en/blog/45977/small-devices-big-threats-the-dark-side-of-removable-devices/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).
---------------------------------------------
https://lwn.net/Articles/990455/


∗∗∗ MISP 2.4.198 released with bug and security fixes. ∗∗∗
---------------------------------------------
Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as ..
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.198


∗∗∗ ZDI-24-1226: mySCADA myPRO Hard-Coded Credentials Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1226/


∗∗∗ ZDI-24-1225: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1225/


∗∗∗ ZDI-24-1224: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1224/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily