End-of-Day report
Timeframe: Dienstag 19-11-2024 18:00 - Mittwoch 20-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Bigger and badder: how DDoS attack sizes have evolved over the last decade
If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps).
https://blog.cloudflare.com/bigger-and-badder-how-ddos-attack-sizes-have-evolved-over-the-last-decade
Kein Angriff auf Idev-Portal: Destatis weist Schuld für Datenleck von sich
Das Statistische Bundesamt hat sein Idev-Portal untersucht. Von Hackern erbeutete Daten sollen bei den meldenden Unternehmen abgeflossen sein.
https://www.golem.de/news/kein-cyberangriff-auf-meldesystem-destatis-weist-schuld-fuer-datenleck-von-sich-2411-190964.html
Inside the Threat: Ein Blick hinter die Kulissen zur Abwehr einer aktiven Bedrohung
Früherkennung und proaktive Untersuchung können einen Ransomware-Angriff im Keim ersticken. Ein aktueller realer Fall, zeigt, wie es funktioniert.
https://sec-consult.com/de/blog/detail/inside-the-threat-ein-blick-hinter-die-kulissen-zur-abwehr-einer-aktiven-bedrohung/
Decades-Old Security Vulnerabilities Found in Ubuntus Needrestart Package
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user ..
https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html
Yubikey-Seitenkanal: Weitere Produkte für Cloning-Attacke anfällig
Die Seitenkanal-Lücke EUCLEAK wurde auch als "Yubikey-Cloning-Attacke" bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren.
https://www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anfaellig-10078520.html
Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased -affecting critical sectors.
https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-ignoble-scorpius/
Looking at the Internals of the Kenwood DMX958XR IVI
For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of ..
https://www.thezdi.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi
Critical Vulnerabilities in vCenter Server Exploited in the Wild
CVE CVE-2024-38813CVE-2024-38812 Affected Products VMware vCenter Server VMware Cloud Foundation Exploitation Broadcom has confirmed exploitation of these vulnerabilities[1]. The CVE has not been ..
https://www.truesec.com/hub/blog/critical-vulnerabilities-in-vcenter-server-exploited-in-the-wild
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption.
https://blog.talosintelligence.com/malicious_qr_codes/
Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming
Aqua Nautilus- research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.
https://hackread.com/hackers-exploit-misconfigured-jupyter-servers-sports-streaming/
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
It'll be no surprise that 2024, 2023, 2022, and every other year of humanities existence has been tough for SSLVPN appliances. Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks ..
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory
In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection.
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-mitigating-pass-the-hash-attacks-in-active-directory/
Let-s Encrypt: Ten Years
Vital personal and business information flows over the Internet more frequently than ever, and we don-t always know when it-s happening. It-s clear at this point that encrypting is something all of us should be doing. Then why don-t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don-t we just flip the switch?
https://letsencrypt.org/2014/11/18/announcing-lets-encrypt/
Achieving NIST CSF 2.0 Compliance: Best Practices
Cybersecurity is an ever-growing concern in today-s digital era. With the rise of cyberattacks and data breaches, organizations must adopt best practices to safeguard their sensitive information. One of the leading frameworks guiding organizations in securing their digital assets is the NIST CSF 2.0 by National Institute of Standards and ..
https://fortbridge.co.uk/regulations/achieving-nist-csf-2-0-compliance-with-penetration-testing/
Vulnerabilities
DSA-5815-1 needrestart - security update
https://lists.debian.org/debian-security-announce/2024/msg00229.html