End-of-Day report
Timeframe: Donnerstag 19-09-2024 18:00 - Freitag 20-09-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Ever wonder how crooks get the credentials to unlock stolen phones?
iServer provided a simple service for phishing credentials to unlock phones.
https://arstechnica.com/?p=2051165
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-apache-hugegraph-server-bug/
macOS Sequoia change breaks networking for VPN, antivirus software
Users of macOS 15 Sequoia are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers.
https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/
1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage
An anonymous reader quotes a report from The Register: Germanys Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrikes outage in July are dropping their current vendors products. Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to ..
https://it.slashdot.org/story/24/09/19/1721236/1-in-10-orgs-dumping-their-security-vendors-after-crowdstrike-outage
SAP Hash Cracking Techniques
Hashing is a one-way encryption technique employed to ensure data integrity, authenticate information, and secure passwords alongside other sensitive data. Hash functions convert input data into a fixed-size string of characters that are both uniform and deterministic, making them an excellent choice for maintaining data security.
https://redrays.io/blog/sap-hash-cracking-techniques/
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While its unlikely that many programmers fell for this ..
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
https://www.securityweek.com/ivanti-warns-of-second-csa-vulnerability-exploited-in-attacks/
Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China
GreyNoise has observed millions of spoofed IPs flooding internet providers with web traffic primarily focusing on TCP connections.
https://www.securityweek.com/noise-storms-massive-amounts-of-spoofed-web-traffic-linked-to-china/
Vorsicht vor gefälschten Gewinnspielen von ÖAMTC und ADAC
Vorsicht, wenn Sie per E-Mail ein Gewinnspiel für ein Auto-Notfallset erhalten. Kriminelle geben sich als ÖAMTC oder ADAC aus und behaupten, Sie hätten ein Auto-Notfallset gewonnen. Klicken Sie nicht auf den Link, Sie werden in eine Abo-Fall gelockt!
https://www.watchlist-internet.at/news/gefaelschte-gewinnspiele-oeamtc-adac/
Datendiebstahl via Slack, Disney stellt Nutzung des Messenger-Dienstes ein
Die Hackergruppe Nullbulge konnte Computercode und Details über unveröffentlichte Projekte stehlen und veröffentlichen
https://www.derstandard.at/story/3000000237370/datendiebstahl-disney-trennt-sich-von-messenger-dienst-slack
High-risk vulnerabilities in common enterprise technologies
Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.
https://www.rapid7.com/blog/post/2024/09/19/etr-high-risk-vulnerabilities-in-common-enterprise-technologies/
Jugendherbergen offenbar Opfer von Ransomware-Bande Hunters
Ende August kam es zu Störungen bei rund 450 deutschen Jugendherbergen. Die Ursache war unklar. Offenbar ist eine Ransomware-Attacke schuld.
https://heise.de/-9938226
Vulnerabilities
DSA-5773-1 chromium - security update
https://lists.debian.org/debian-security-announce/2024/msg00186.html
OpenSSH 9.9 released
https://lwn.net/Articles/991028/