End-of-Day report
Timeframe: Freitag 03-05-2024 18:00 - Montag 06-05-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Vorsicht vor gefälschten RTR-Briefen
Kriminelle geben sich in einem Brief als Rundfunk und Telekom Regulierungs-GmbH (RTR) aus. Im Schreiben steht, dass für den Anschluss an Mobilfunknetze und die Wartung von Basisstationen ein Entgelt von - 8,90 zu bezahlen sei.
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-rtr-briefen/
Microsoft: Sicherheit oberste Priorität in Produkten, Diensten und intern
In einem internen Memo und einem Blogpost stellt Microsoft Security bei allen Entwicklungen an erste Stelle. Das gilt für Produkte wie Services. [..] Charlie Bell zufolge will sich sein Unternehmen strikt an die Vorgaben des CSRB halten.
https://heise.de/-9708577
Breaking down Microsoft-s pivot to placing cybersecurity as a top priority
Recently, Microsoft had quite frankly a kicking from the US Department of Homeland Security over their security practices in a Cyber Safety Review Board report. I-ve tried to keep as quiet as possible about this one for various reasons (and I was not involved in the CSRB report, even anonymously) - although long time followers will know I-ve been often critical of Microsoft-s security posture. The CSRB report is well worth a read - they did a great job. [..] As always, the proof is in the pudding, not the vendor blog. I think these changes will take a few years to start to work through, and fully expect a few more clanger breaches in the mean time. And that-s annoying but okay, because hard work is hard.
https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet thats vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the latest version.
https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html
Lockbits seized site comes alive to tease new police announcements
The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday.
https://www.bleepingcomputer.com/news/security/lockbits-seized-site-comes-alive-to-tease-new-police-announcements/
Why Your VPN May Not Be As Secure As It Claims
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a targets traffic off of the protection provided by their VPN without triggering any alerts to the user.
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
Financial cyberthreats in 2023
In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware.
https://securelist.com/financial-threat-report-2023/112526/
HijackLoader Updates
HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution. It uses a modular architecture, a feature that most loaders do not have - which we discussed in a previous HijackLoader blog. ThreatLabz researchers recently analyzed a new HijackLoader sample that has updated evasion techniques.
https://www.zscaler.com/blogs/security-research/hijackloader-updates
New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw
By WaqasA new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_sparkThis is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw
https://www.hackread.com/goldoon-botnet-targeting-d-link-devices/
End-to-end encryption may be the bane of cops, but they cant close that Pandoras Box
Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away.
https://go.theregister.com/feed/www.theregister.com/2024/05/05/e2ee_police/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (glibc, intel-microcode, less, libkf5ksieve, and ruby3.1), Fedora (chromium, gdcm, httpd, and stalld), Gentoo (Apache Commons BCEL, borgmatic, Dalli, firefox, HTMLDOC, ImageMagick, MediaInfo, MediaInfoLib, MIT krb5, MPlayer, mujs, Pillow, Python, PyPy3, QtWebEngine, Setuptools, strongSwan, and systemd), Oracle (grub2 and shim), Red Hat (git-lfs, kpatch-patch, unbound, and varnish), and SUSE (avahi, grafana and mybatis, java-11-openjdk, java-17-openjdk, skopeo, SUSE Manager Client Tools, SUSE Manager Salt Bundle, and SUSE Manager Server 4.3).
https://lwn.net/Articles/972571/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/