Tageszusammenfassung - 07.10.2024

End-of-Day report

Timeframe: Freitag 04-10-2024 18:00 - Montag 07-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Russia arrests US-sanctioned Cryptex founder, 95 other linked suspects

-Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials.

https://www.bleepingcomputer.com/news/security/russia-arrests-us-sanctioned-cryptex-founder-95-other-linked-suspects/

MoneyGram: No evidence ransomware is behind recent cyberattack

MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September.

https://www.bleepingcomputer.com/news/security/moneygram-no-evidence-ransomware-is-behind-recent-cyberattack/

Spielzeugmarke: Hack der Lego-Webseite zielt auf Kryptobetrug ab

Am 4. Oktober 2024 wurde die offizielle Website von Lego Opfer eines Hacks. Unbekannte bewarben eine Kryptowährung namens Lego-Coin.

https://www.golem.de/news/spielzeugmarke-hack-der-lego-webseite-zielt-auf-kryptobetrug-ab-2410-189541.html

Nach US-Bann: Kaspersky fliegt weltweit aus dem Google Play Store

Kaspersky-Software ist seit Tagen nicht mehr im Play Store erhältlich. Ursache ist das US-Verbot des russischen Herstellers - mit globalen Auswirkungen.

https://www.golem.de/news/nach-us-bann-kaspersky-fliegt-weltweit-aus-dem-google-play-store-2410-189562.html

Awaken Likho is awake: new techniques of an APT group

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.

https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/

HUMINT and its Role within Cybersecurity

This blog explores HUMINTs role in cybersecurity, detailing its implementation, benefits, and potential risks.

https://www.sans.org/blog/humint-and-its-role-within-cybersecurity

Largest Recorded DDoS Attack is 3.8 Tbps

Cloudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.)

https://www.schneier.com/blog/archives/2024/10/largest-recorded-ddos-attack-is-3-8-tbps.html

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.The flaw, tracked as CVE-2024-47561, ..

https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html

Chinesische Hacker stehlen sensible Daten von US-Gerichten

Via Internetdienstanbieter verschafft sich die "Salt Typhoon"-Kampagne Zugriff zu heiklen Daten. US-Behörden befürchten weitere Angriffe

https://www.derstandard.at/story/3000000239609/chinesische-hacker-stehlen-sensible-daten-von-us-gerichten

No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection

Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more.

https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/

From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities

This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included.

https://www.thezdi.com/blog/2024/10/2/from-pwn2own-automotive-more-autel-maxicharger-vulnerabilities

Russian state media company operation disrupted by -unprecedented- cyberattack

Russian state television and radio broadcasting company VGTRK was hit by a cyberattack on Monday that disrupted its operations, the company confirmed in a statement to local news agencies.

https://therecord.media/russian-state-media-company-disrupted-cyberattack

Engaging with Boards to improve the management of cyber security risk

How to communicate more effectively with board members to improve cyber security decision making.

https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly

Forensic Readiness in Container Environments

One of the most frustrating issues that Digital Forensics and Incident Response (DFIR) consultants encounter is a lack of forensic data available for analysis. This article aims to mitigate such situations by providing key considerations for improving forensic readiness.

https://www.nccgroup.com/us/research-blog/forensic-readiness-in-container-environments/

Vulnerabilities

DSA-5785-1 mediawiki - security update

Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.

https://lists.debian.org/debian-security-announce/2024/msg00198.html

Security updates for Monday

Security updates have been issued by AlmaLinux (go-toolset:rhel8 and linux-firmware), Arch Linux (oath-toolkit), Debian (e2fsprogs, firefox-esr, libgsf, mediawiki, and oath-toolkit), Fedora (aws, chromium, firefox, p7zip, pgadmin4, python-gcsfs, unbound, webkitgtk, znc, znc-clientbuffer, and znc-push), Mageia (ghostscript and rootcerts nss firefox firefox-l10n), ..

https://lwn.net/Articles/993160/