[CERT-daily] Tageszusammenfassung - 20.09.2024

Fri Sep 20 18:07:10 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-09-2024 18:00 − Freitag 20-09-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Ever wonder how crooks get the credentials to unlock stolen phones? ∗∗∗
---------------------------------------------
iServer provided a simple service for phishing credentials to unlock phones.
---------------------------------------------
https://arstechnica.com/?p=2051165


∗∗∗ CISA warns of actively exploited Apache HugeGraph-Server bug ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-apache-hugegraph-server-bug/


∗∗∗ macOS Sequoia change breaks networking for VPN, antivirus software ∗∗∗
---------------------------------------------
Users of macOS 15 Sequoia are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers.
---------------------------------------------
https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/


∗∗∗ 1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage ∗∗∗
---------------------------------------------
An anonymous reader quotes a report from The Register: Germanys Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrikes outage in July are dropping their current vendors products. Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to ..
---------------------------------------------
https://it.slashdot.org/story/24/09/19/1721236/1-in-10-orgs-dumping-their-security-vendors-after-crowdstrike-outage


∗∗∗ SAP Hash Cracking Techniques ∗∗∗
---------------------------------------------
Hashing is a one-way encryption technique employed to ensure data integrity, authenticate information, and secure passwords alongside other sensitive data. Hash functions convert input data into a fixed-size string of characters that are both uniform and deterministic, making them an excellent choice for maintaining data security.
---------------------------------------------
https://redrays.io/blog/sap-hash-cracking-techniques/


∗∗∗ This Windows PowerShell Phish Has Scary Potential ∗∗∗
---------------------------------------------
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While its unlikely that many programmers fell for this ..
---------------------------------------------
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/


∗∗∗ Ivanti Warns of Second CSA Vulnerability Exploited in Attacks ∗∗∗
---------------------------------------------
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
---------------------------------------------
https://www.securityweek.com/ivanti-warns-of-second-csa-vulnerability-exploited-in-attacks/


∗∗∗ Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China ∗∗∗
---------------------------------------------
GreyNoise has observed millions of spoofed IPs flooding internet providers with web traffic primarily focusing on TCP connections.
---------------------------------------------
https://www.securityweek.com/noise-storms-massive-amounts-of-spoofed-web-traffic-linked-to-china/


∗∗∗ Vorsicht vor gefälschten Gewinnspielen von ÖAMTC und ADAC ∗∗∗
---------------------------------------------
Vorsicht, wenn Sie per E-Mail ein Gewinnspiel für ein Auto-Notfallset erhalten. Kriminelle geben sich als ÖAMTC oder ADAC aus und behaupten, Sie hätten ein Auto-Notfallset gewonnen. Klicken Sie nicht auf den Link, Sie werden in eine Abo-Fall gelockt!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-gewinnspiele-oeamtc-adac/


∗∗∗ Datendiebstahl via Slack, Disney stellt Nutzung des Messenger-Dienstes ein ∗∗∗
---------------------------------------------
Die Hackergruppe Nullbulge konnte Computercode und Details über unveröffentlichte Projekte stehlen und veröffentlichen
---------------------------------------------
https://www.derstandard.at/story/3000000237370/datendiebstahl-disney-trennt-sich-von-messenger-dienst-slack


∗∗∗ High-risk vulnerabilities in common enterprise technologies ∗∗∗
---------------------------------------------
Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.
---------------------------------------------
https://www.rapid7.com/blog/post/2024/09/19/etr-high-risk-vulnerabilities-in-common-enterprise-technologies/


∗∗∗ Jugendherbergen offenbar Opfer von Ransomware-Bande Hunters ∗∗∗
---------------------------------------------
Ende August kam es zu Störungen bei rund 450 deutschen Jugendherbergen. Die Ursache war unklar. Offenbar ist eine Ransomware-Attacke schuld.
---------------------------------------------
https://heise.de/-9938226


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-5773-1 chromium - security update ∗∗∗
---------------------------------------------
https://lists.debian.org/debian-security-announce/2024/msg00186.html


∗∗∗ OpenSSH 9.9 released ∗∗∗
---------------------------------------------
https://lwn.net/Articles/991028/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily