Tageszusammenfassung - 13.09.2024

End-of-Day report

Timeframe: Donnerstag 12-09-2024 18:00 - Freitag 13-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media

With the US election on the horizon, it-s a good time to explore the concept of social media weaponization and its use in asymmetrically manipulating public opinion through bots, automation, AI, and shady new tools in what Trustwave SpiderLabs has dubbed the Distributed Denial of Truth (DDoT).

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/distributed-denial-of-truth-ddot-the-mechanics-of-influence-operations-and-the-weaponization-of-social-media/

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed -Fortileak,- was revealed on a forum with access credentials shared online. [..] Fortinet has now published a blog post addressing the incident, which only affected less than 0.3% of its customers.

https://hackread.com/fortinet-confirms-data-breach-hacker-data-leak/

Nach CrowdStrike: Microsoft plant Security-Lösungen aus dem Windows-Kernel zu entfernen

Microsoft hat erste Pläne skizziert, wie sich Windows-Systeme so absichern lassen, dass ein kaputtes Update einer Endpunkt-Sicherheitslösung nicht das ganze Betriebssystem in den Abgrund reißt.

https://www.borncity.com/blog/2024/09/13/nach-crowdstrike-microsoft-plant-security-lsungen-aus-dem-windows-kernel-zu-entfernen/

I stole 20 GB of data from Capgemini - and now Im leaking it, says cybercrook

A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant - including source code, credentials, and T-Mobile's virtual machine logs.

https://go.theregister.com/feed/www.theregister.com/2024/09/12/capgemini_breach_data_dump/

1.3 Million Android TV Boxes Infected by Vo1d Malware

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

https://www.securityweek.com/1-3-million-android-tv-boxes-infected-by-vo1d-malware/

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability

Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution with a CVSS score of 9.8. In this post we detail the internal workings of this vulnerability.

https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/

The Dark Nexus Between Harm Groups and -The Com-

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023. It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

https://krebsonsecurity.com/2024/09/the-dark-nexus-between-harm-groups-and-the-com/

Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details

This post starts the same way many others do on this blog, and it will be familiar to those who keep up with website security: A client came to us having been notified by their payment processor that credit cards were being stolen from the checkout page of their eCommerce website. The question of course was how? During this investigation we uncovered a very interesting (and in fact, creative) way that threat actors were pilfering credit card details from this compromised website.

https://blog.sucuri.net/2024/09/woo-skimmer-uses-style-tags-and-image-extension-to-steal-card-details.html

We can try to bridge the cybersecurity skills gap, but that doesn-t necessarily mean more jobs for defenders

I have written about the dreaded -cybersecurity skills gap- more times than I can remember in this newsletter, but I feel like it-s time to revisit this topic again.

https://blog.talosintelligence.com/threat-source-newsletter-sept-12-2024/

FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

As observed through multiple election cycles, foreign actors and cybercriminals continue to spread false information through various platforms to manipulate public opinion, discredit the electoral process, and undermine confidence in U.S. democratic institutions. The FBI and CISA continue to work closely with federal, state, local, and territorial election partners and provide services and information to safeguard U.S. voting processes and maintain the resilience of the U.S. elections.

https://www.cisa.gov/news-events/news/fbi-and-cisa-release-joint-psa-just-so-you-know-false-claims-hacked-voter-information-likely

Vulnerabilities

NTR