[CERT-daily] Tageszusammenfassung - 27.09.2024

Fri Sep 27 18:12:17 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-09-2024 18:00 − Freitag 27-09-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Storm-0501: Ransomware attacks expanding to hybrid cloud environments ∗∗∗
---------------------------------------------
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The ..
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/


∗∗∗ NIST Recommends Some Common-Sense Password Rules ∗∗∗
---------------------------------------------
NIST’s second draft of its “SP 800-63-4“ - its digital identify guidelines - finally contains some really good rules about passwords.
---------------------------------------------
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html


∗∗∗ Kaspersky Defends Stealth Swap of Antivirus Software on US Computers ∗∗∗
---------------------------------------------
Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software. Kaspersky ..
---------------------------------------------
https://it.slashdot.org/story/24/09/26/1825249/kaspersky-defends-stealth-swap-of-antivirus-software-on-us-computers


∗∗∗ Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate."These attacks could be ..
---------------------------------------------
https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html


∗∗∗ Victims lose $70K to one single wallet-draining app on Googles Play Store ∗∗∗
---------------------------------------------
Attackers got 10k people to download trusted web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign ..
---------------------------------------------
https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/


∗∗∗ Patch now: Critical Nvidia bug allows container escape, complete host takeover ∗∗∗
---------------------------------------------
33% of cloud environments using the toolkit impacted, were told A critical bug in Nvidias widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.
---------------------------------------------
https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/


∗∗∗ Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected ∗∗∗
---------------------------------------------
A researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems.
---------------------------------------------
https://www.securityweek.com/highly-anticipated-linux-flaw-allows-remote-code-execution-but-less-serious-than-expected/


∗∗∗ US Announces Charges, Sanctions Against Russian Administrator of Carding Website ∗∗∗
---------------------------------------------
US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash.
---------------------------------------------
https://www.securityweek.com/us-announces-charges-sanctions-against-russian-administrator-of-carding-website/


∗∗∗ Spatenstich für Cybersecurity-Campus der TU Graz ∗∗∗
---------------------------------------------
Rund 25 Millionen Euro werden in den Komplex für bis zu 160 Forschende in der Sandgasse investiert. Auch IT-Start-ups sollen dort Platz finden
---------------------------------------------
https://www.derstandard.at/story/3000000238456/spatenstich-fuer-cybersecurity-campus-der-tu-graz


∗∗∗ Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 ∗∗∗
---------------------------------------------
ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023/


∗∗∗ Geoblocking als einfache DDoS-Abwehr ∗∗∗
---------------------------------------------
Distributed Denial of Service (DDoS) Angriffe gibt es in diversen Varianten, das reicht von reflected UDP mit hoher Bandbreite über Tricksereien auf Layer 4 (etwa TCP-SYN Flooding, oder auch nur Überlastung der State-Tabellen in Firewalls) bis hin zu Layer 7 Angriffen mit vielen teuren http Anfragen. Aktuell sehen wir gerade letztere, dazu wollen wir ein ..
---------------------------------------------
https://www.cert.at/de/blog/2024/9/geoblocking-gegen-ddos


∗∗∗ Meta fined $101 million for storing hundreds of millions of passwords in plaintext ∗∗∗
---------------------------------------------
European regulators fined Meta for an engineering mistake that the social media giant first reported in 2019.
---------------------------------------------
https://therecord.media/meta-unprotected-passwords-fine-gdpr


=====================
=  Vulnerabilities  =
=====================


∗∗∗ ZDI-24-1290: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1290/


∗∗∗ ZDI-24-1289: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-1289/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily