Tageszusammenfassung - 13.11.2024

End-of-Day report

Timeframe: Dienstag 12-11-2024 18:00 - Mittwoch 13-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Itsmydata: Hackerin veröffentlicht erneut Bonitätsdaten von Jens Spahn

Erst über Bonify, nun über Itsmydata: Lilith Wittmann hat sich mal wieder Bonitätsdaten von Jens Spahn beschafft. Immerhin hat sich sein Score verbessert.

https://www.golem.de/news/itsmydata-hackerin-veroeffentlicht-erneut-bonitaetsdaten-von-jens-spahn-2411-190751.html

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks.

https://securelist.com/internet-exposed-gnss-receivers-in-2024/114548/

Chinas Volt Typhoon crew and its botnet surge back with a vengeance

Ohm, for flux sake Chinas Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.

https://www.theregister.com/2024/11/13/china_volt_typhoon_back/

Stromanbieter Tibber gehackt, 50.000 deutsche Kunden betroffen

Tibber bestätigt, dass Hacker eingedrungen sind und Kundendaten an sich gebracht haben. Im Darknet werden diese nun verkauft.

https://www.heise.de/news/Stromanbieter-Tibber-gehackt-50-000-deutsche-Kunden-betroffen-10030864.html

Sicherheitsupdates: Zoom Room Client & Co. angreifbar

Die Entwickler rüsten verschiedene Zoom-Apps gegen mögliche Angriffe. Davon sind unter anderem macOS und Windows betroffen.

https://www.heise.de/news/Sicherheitsupdates-Zoom-Room-Client-Co-angreifbar-10031648.html

Global Companies Are Unknowingly Paying North Koreans: Here-s How to Catch Them

We discuss North Koreas use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this.

https://unit42.paloaltonetworks.com/north-korean-it-workers/

The November 2024 Security Update Review

It-s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts.If you-d rather watch the ..

https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review

How Italy became an unexpected spyware hub

Italy is home to six major spyware vendors and one supplier, with many smaller and harder-to-track enterprises emerging all the time, experts say.

https://therecord.media/how-italy-became-an-unexpected-spyware-hub

Germany warns of potential cyber threats from Russia ahead of snap election

-We must be especially prepared against threats like hacker attacks, manipulation, and disinformation," German Interior Minister Nancy Faeser said.

https://therecord.media/germany-cyber-threats-russia-elections

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Trend Micros Threat Hunting Team has observed EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.

https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html

Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool

Bitdefender has released a free decryptor for ShrinkLocker ransomware, which exploits Windows BitLocker to encrypt ..

https://hackread.com/bitdefender-shrinklocker-ransomware-decryptor-tool/

Emerging Threats: Cybersecurity Forecast 2025

Every November, we start sharing forward-looking insights on threats and other cybersecurity topics to help organizations and defenders prepare for the year ahead. The Cybersecurity Forecast 2025 report, available today, plays a big role in helping us accomplish this mission.This year-s report draws on insights directly from Google ..

https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025/

Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation

In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection.

https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/

Making Sense of Kubernetes Initial Access Vectors Part 1 - Control Plane

Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats.

https://www.wiz.io/blog/making-sense-of-kubernetes-initial-access-vectors-part-1-control-plane

Time Boxed Penetration Testing for Web Applications

This article defines time boxed penetration testing and explains how it-s approached from a methodological standpoint. By focusing on high-risk areas, client-specific priorities, and sampling, time boxed testing can deliver efficient assessments within a limited timeframe.

https://projectblack.io/blog/time-boxed-penetration-testing/

Killing Filecoin nodes

By Simone Monica In January, we identified and reported a vulnerability in the Lotus and Venus clients of the Filecoin network that allowed an attacker to remotely crash a node and trigger a denial of service. This issue is ..

https://blog.trailofbits.com/2024/11/13/killing-filecoin-nodes/

Fault Injection - Down the Rabbit Hole

This series of articles describes fault injection attack techniques in order to understand their real potential by testing their limits and applicability with limited hardware (available on the market at an acceptable cost). It explores possible ways of using an attack that, in my opinion, is greatly underestimated.

https://security.humanativaspa.it/fault-injection-down-the-rabbit-hole/

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by AlmaLinux (expat), Fedora (chromium and golang-github-nvidia-container-toolkit), Mageia (curl, expat, mpg123, networkmanager-libreswan, openssl, php-tcpdf, qbittorrent, and x11-server, x11-server-xwayland, and tigervnc), Red Hat (kernel and libsoup), Slackware (mozilla), SUSE (firefox, kernel, python-PyPDF2, and xen), and Ubuntu (dotnet9, ghostscript, linux-aws, linux-oem-6.8, and pydantic).

https://lwn.net/Articles/998044/

ZDI-24-1472: Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1472/

ZDI-24-1486: (0Day) G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1486/