End-of-Day report
Timeframe: Mittwoch 02-10-2024 18:00 - Donnerstag 03-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Fake browser updates spread updated WarmCookie malware
A new FakeUpdate campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware.
https://www.bleepingcomputer.com/news/security/fake-browser-updates-spread-updated-warmcookie-malware/
FIN7 hackers launch deepfake nude -generator- sites to spread malware
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware.
https://www.bleepingcomputer.com/news/security/fin7-hackers-launch-deepfake-nude-generator-sites-to-spread-malware/
Weird Zimbra Vulnerability
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It-s critical, but difficult to exploit.In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren-t likely to lead to mass infections that could install ransomware or espionage ..
https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa
INTERPOL has announced the arrest of eight individuals in Côte dIvoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud.Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes ..
https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html
APT and financial attacks on industrial organizations in Q2 2024
This summary provides an overview of the reports of APT and financial attacks on industrial enterprises that were disclosed in Q2 2024, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-q2-2024/
Experts warn of DDoS attacks using linux printing vulnerability
A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.
https://therecord.media/ddos-attacks-cups-linux-print-vulnerability
As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever
Of the 1,253 incidents reported to the Information Commissioner-s Office (ICO) in 2023, only 87 were investigated - fewer than 7%. The numbers so far for 2024 are similar.
https://therecord.media/uk-ico-ransomware-investigations-data
Threat actor believed to be spreading new MedusaLocker variant since 2022
Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat ..
https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you ..
https://blog.aquasec.com/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers
"Alptraum": Daten aller niederländischen Polizisten geklaut - von Drittstaat?
Hacker haben die Kontaktdaten aller Mitarbeiter der Polizei erbeutet. Nun kommt das Justizministerium mit einer weiteren alarmierenden Nachricht.
https://heise.de/-9961529
Thailändische Regierung von neuem APT "CeranaKeeper" angegriffen
Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden.
https://heise.de/-9961562
Vulnerabilities
ZDI-24-1321: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-40841.
http://www.zerodayinitiative.com/advisories/ZDI-24-1321/
Security updates for Thursday
Security updates have been issued by AlmaLinux (cups-filters), Debian (chromium and php8.2), Fedora (firefox), Oracle (cups-filters, flatpak, kernel, krb5, oVirt 4.5 ovirt-engine, and python-urllib3), Red Hat (cups-filters, firefox, go-toolset:rhel8, golang, and thunderbird), SUSE (postgresql16), and Ubuntu (gnome-shell and linux-azure-fde-5.15).
https://lwn.net/Articles/992798/
Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043
https://www.drupal.org/sa-contrib-2024-043
Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr
Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2