Tageszusammenfassung - 01.10.2024

End-of-Day report

Timeframe: Montag 30-09-2024 18:00 - Dienstag 01-10-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Microsoft Defender adds detection of unsecure Wi-Fi networks

Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when theyre connected to unsecured Wi-Fi networks.

https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions.

https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/

What Are Hackers Searching for in SolarWinds Serv-U (CVE-2024-28995)?

Discover how GreyNoise-s honeypots are monitoring exploit attempts on the SolarWinds Serv-U vulnerability (CVE-2024-28995). Gain insights into the specific files attackers target and how real-time data helps security teams focus on true threats.

https://www.greynoise.io/blog/what-are-hackers-searching-for-in-solarwinds-serv-u-cve-2024-28995

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model.

https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/

Rackspace internal monitoring web servers hit by zero-day

Reading between the lines, it appears Rackspace was hosting a ScienceLogic-powered monitoring dashboard for its customers on its own internal web servers, those servers included a program that was bundled with ScienceLogic's software, and that program was exploited, using a zero-day vulnerability, by miscreants to gain access to those web servers. From there, the intruders were able to get hold of some monitoring-related customer information before being caught.

https://go.theregister.com/feed/www.theregister.com/2024/09/30/rackspace_zero_day_attack/

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the mans alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.

https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-of-ugnazi/

BSI empfiehlt die Nutzung von Passkeys

Das BSI empfiehlt die Nutzung von Passkeys. Eine Umfrage zeige auf, dass die Bekanntheit und Verbreitung ausbaufähig seien.

https://heise.de/-9959270

Ransomware: Ermittler melden neue Erfolge im Kampf gegen Lockbit

Neben Verhaftungen in Frankreich und Großbritannien haben internationale Strafverfolger die Infrastruktur der Erpresser gestört - zudem ergingen Sanktionen.

https://heise.de/-9959100

WordPress Vulnerability & Patch Roundup September 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education.

https://blog.sucuri.net/2024/09/wordpress-vulnerability-patch-roundup-september-2024.html

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5).

https://lwn.net/Articles/992444/

Mozilla Foundation Security Advisories 2024-10-01 (Thunderbird and Firefox)

https://www.mozilla.org/en-US/security/advisories/

Juniper: 2024-09-30 Out of Cycle Security Advisory: Multiple Products: RADIUS protocol susceptible to forgery attacks (Blast-RADIUS) (CVE-2024-3596)

https://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Security-Advisory-Multiple-Products-RADIUS-protocol-susceptible-to-forgery-attacks-Blast-RADIUS-CVE-2024-3596

Bosch: Sensitive information disclosure in Bosch Configuration Manager

https://psirt.bosch.com/security-advisories/bosch-sa-981803-bt.html