End-of-Day report
Timeframe: Donnerstag 26-09-2024 18:00 - Freitag 27-09-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The ..
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
NIST Recommends Some Common-Sense Password Rules
NIST-s second draft of its -SP 800-63-4- - its digital identify guidelines - finally contains some really good rules about passwords.
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html
Kaspersky Defends Stealth Swap of Antivirus Software on US Computers
Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software. Kaspersky ..
https://it.slashdot.org/story/24/09/26/1825249/kaspersky-defends-stealth-swap-of-antivirus-software-on-us-computers
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate."These attacks could be ..
https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html
Victims lose $70K to one single wallet-draining app on Googles Play Store
Attackers got 10k people to download trusted web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign ..
https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/
Patch now: Critical Nvidia bug allows container escape, complete host takeover
33% of cloud environments using the toolkit impacted, were told A critical bug in Nvidias widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.
https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/
Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected
A researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems.
https://www.securityweek.com/highly-anticipated-linux-flaw-allows-remote-code-execution-but-less-serious-than-expected/
US Announces Charges, Sanctions Against Russian Administrator of Carding Website
US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker-s Stash.
https://www.securityweek.com/us-announces-charges-sanctions-against-russian-administrator-of-carding-website/
Spatenstich für Cybersecurity-Campus der TU Graz
Rund 25 Millionen Euro werden in den Komplex für bis zu 160 Forschende in der Sandgasse investiert. Auch IT-Start-ups sollen dort Platz finden
https://www.derstandard.at/story/3000000238456/spatenstich-fuer-cybersecurity-campus-der-tu-graz
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
ESET Research has conducted a comprehensive technical analysis of Gamaredon-s toolset used to conduct its cyberespionage activities focused in Ukraine
https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023/
Geoblocking als einfache DDoS-Abwehr
Distributed Denial of Service (DDoS) Angriffe gibt es in diversen Varianten, das reicht von reflected UDP mit hoher Bandbreite über Tricksereien auf Layer 4 (etwa TCP-SYN Flooding, oder auch nur Überlastung der State-Tabellen in Firewalls) bis hin zu Layer 7 Angriffen mit vielen teuren http Anfragen. Aktuell sehen wir gerade letztere, dazu wollen wir ein ..
https://www.cert.at/de/blog/2024/9/geoblocking-gegen-ddos
Meta fined $101 million for storing hundreds of millions of passwords in plaintext
European regulators fined Meta for an engineering mistake that the social media giant first reported in 2019.
https://therecord.media/meta-unprotected-passwords-fine-gdpr
Vulnerabilities
ZDI-24-1290: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1290/
ZDI-24-1289: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1289/