End-of-Day report
Timeframe: Dienstag 01-10-2024 18:00 - Mittwoch 02-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Crook made millions by breaking into execs- Office365 inboxes, feds say
Email accounts inside 5 US companies unlawfully breached through password resets.
https://arstechnica.com/?p=2053721
Evil Corp hit with new sanctions, BitPaymer ransomware charges
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks.
https://www.bleepingcomputer.com/news/security/evil-corp-hit-with-new-sanctions-bitpaymer-ransomware-charges/
Arc browser launches bug bounty program after fixing RCE bug
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards.
https://www.bleepingcomputer.com/news/security/arc-browser-launches-bug-bounty-program-after-fixing-rce-bug/
CISA: Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure.
https://www.bleepingcomputer.com/news/security/cisa-network-switch-rce-flaw-impacts-critical-infrastructure/
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft ..
https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices."These vulnerabilities could enable attackers to take control ..
https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html
NISTs security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam hurting infosec processes world over one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process - though its not quite on target as hoped.
https://www.theregister.com/2024/10/02/cve_pileup_nvd_missed_deadline/
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai.
https://www.securityweek.com/after-code-execution-researchers-show-how-cups-can-be-abused-for-ddos-attacks/
Dotnet Source Generators in 2024 Part 1: Getting Started
In this blog post, we will cover the basics of a source generator, the major types involved, some common issues you might encounter, how to properly log those issues, and how to fix them.
https://posts.specterops.io/dotnet-source-generators-in-2024-part-1-getting-started-76d619b633f5
Aktive Ausnutzung einer Sicherheitslücke in Zimbra Mail Server (CVE-2024-45519)
Der Hersteller des Zimbra Mail-Servers, Synacor, hat ein Advisory zu einer Sicherheitslücke in Zimbra Collaboration veröffentlicht. Die veröffentlichte Schwachstelle, CVE-2024-45519, erlaubt es nicht-authentifizierten Benutzern aus der Ferne Code auszuführen. Für die betroffenen Versionen (9.0.0, 10.0.9, 10.1.1 und 8.8.15) stehen jeweils Updates bereit, welche eine ..
https://www.cert.at/de/aktuelles/2024/10/zimbra-rce-cve-2024-45519
Sicherheit: Datenabflüsse bei Cyberangriffen
Nach einem Cyberangriff auf eine Klinik in Bad Wildungen im August 2024 sind nun Daten im Darknet aufgetaucht. Auch bei der niederländischen Polizei gab es einen Datenabfluss nach einem Cyberangriff. Hier einige Informationen ..
https://www.borncity.com/blog/2024/10/02/sicherheit-datenabfluesse-bei-cyberangriffen/
All that JavaScript for- spear phishing?
NVISO employs several hunting rules in multiple Threat Intelligence Platforms and other sources, such as VirusTotal. As you can imagine, there is no lack of APT (Advanced Persistent Threat) campaigns, cybercriminals and their associated malware families and campaigns, phishing, and so on. But now and then, something slightly different and perhaps novel ..
https://blog.nviso.eu/2024/10/02/all-that-javascript-for-spear-phishing/
ASD-s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations
Today, the Australian Signals Directorate-s Australian Cyber Security Centre (ASD-s ACSC) - in partnership with CISA, U.S. government and international partners - released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational ..
https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-and-international-partners-release-guidance-principles-ot-cybersecurity
LKA Niedersachsen warnt vor andauernder Masche mit Erpresser-Mails
Die Betrüger lassen nicht nach, warnt das LKA Niedersachsen. Erpresser-Mails etwa mit angeblichen Videoaufnahmen kursieren weiter.
https://heise.de/-9960503
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by AlmaLinux (grafana), Fedora (cjson and php), Oracle (389-ds-base, freeradius, grafana, kernel, and krb5), Slackware (cryfs, cups, and mozilla), SUSE (OpenIPMI, openssl-3, openvpn, thunderbird, and tomcat), and Ubuntu (cups, cups-filters, knot-resolver, linux-raspi, linux-raspi-5.4, orc, php7.4, php8.1, php8.3, python-asyncssh, ruby-devise-two-factor, and vim).
https://lwn.net/Articles/992650/