End-of-Day report
Timeframe: Donnerstag 17-10-2024 18:00 - Freitag 18-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc.
https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/
Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)
Introduction In the perpetually evolving field of cybersecurity, new threats materialize daily. Attackers are on the prowl for weaknesses in infrastructure and software like a cat eyeing its helpless prey.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/
U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks."Since October 2023, Iranian ..d
https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html
Intel hits back at Chinas accusations it bakes in NSA backdoors
Chipzilla says it obeys the law wherever it is, which is nice Intel has responded to Chinese claims that its chips include security backdoors at the direction of Americas NSA.
https://www.theregister.com/2024/10/18/intel_china_security_allegations/
Alleged Bitcoin crook faces 5 years after SECs X account pwned
SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commissions X account earlier this year.
https://www.theregister.com/2024/10/18/sec_bitcoin_arrest/
Brazil Arrests -USDoD,- Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBIs InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led ..
https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/
EIW - ESET Israel Wiper - used in active attacks targeting Israeli orgs
One of my Mastodon followers sent me an interesting toot today, which lead to this forum post ..
https://doublepulsar.com/eiw-eset-israel-wiper-used-in-active-attacks-targeting-israeli-orgs-b1210aed7021
What I-ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/
Call stack spoofing explained using APT41 malware
Summary Call stack spoofing isn-t a new technique, but it has become more popular in the last few years. Call stacks are a telemetry source for EDR software that can be used to determine if a process made suspicious actions (requesting a handle to the lsass process, writing suspicious code to a newly allocated area, ..
https://cybergeeks.tech/call-stack-spoofing-explained-using-apt41-malware/
Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom
North Korean hackers are infiltrating Western companies using fraudulent IT workers to steal sensitive data and extort ransom.
https://hackread.com/fake-north-korean-it-workers-west-firms-demand-ransom/
U.S. and UK Warn of Russian Cyber Threats: 9 of 12 GreyNoise-Tracked Vulnerabilities in the Advisory Are Being Probed Right Now
Joint U.S. and UK advisory identifies 24 vulnerabilities exploited by Russian state-sponsored APT 29, with GreyNoise detecting active probing on nine of these critical CVEs. Stay informed with real-time ..
https://www.greynoise.io/blog/u-s-and-uk-warn-of-russian-cyber-threats-9-of-24-vulnerabilities-in-the-advisory-are-being-probed-right-now
Apple Passwörter: So lautet das Rezept für generierte Passwörter
Ein leitender Softwareentwickler Apples erklärt in einem Blogpost, nach welchem Muster Apple Passwörter generiert.
https://heise.de/-9986503
Vulnerabilities
SVD-2024-1013: Third-Party Package Updates in Splunk Add-on for Office 365 - October 2024
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Office 365 versions 4.5.2 and higher.
https://advisory.splunk.com//advisories/SVD-2024-1013
Synology-SA-24:17 Synology Camera
The vulnerabilities allow remote attackers to execute arbitrary code, remote attackers to bypass security constraints and remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Camera BC500 Firmware, Synology Camera TC500 Firmware and Synology Camera CC400W Firmware.
https://www.synology.com/en-global/support/security/Synology_SA_24_17
ZDI-24-1419: Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1419/