End-of-Day report
Timeframe: Mittwoch 06-11-2024 18:00 - Donnerstag 07-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps.
https://www.bleepingcomputer.com/news/security/hackers-increasingly-use-winos40-post-exploitation-kit-in-attacks/
A look at the latest post-quantum signature standardization candidates
NIST has standardized four post-quantum signature schemes so far, and they-re not done yet: there are fourteen new candidates in the running for standardization. In this blog post we take ..
https://blog.cloudflare.com/another-look-at-pq-signatures
The Power of Process in Creating a Successful Security Posture
Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.
https://www.darkreading.com/cybersecurity-operations/process-in-creating-successful-security-posture
Microsoft Windows Server 2025 Upgrade Triggers Licensing Conflicts and Operational Fallout
A recent Microsoft update has unexpectedly forced several organizations to upgrade from Windows Server 2022 to Windows Server 2025, resulting in unexpected licensing demands and operational setbacks. First reported on November 5, 2024, this incident has affected organizations ..
https://heimdalsecurity.com/blog/microsoft-windows-server-2025-upgrade/
Steam Account Checker Poisoned with Infostealer
I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" ..
https://isc.sans.edu/forums/diary/Steam+Account+Checker+Poisoned+with+Infostealer/31420/
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait
The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an organization in the region."During this attack, the threat ..
https://thehackernews.com/2024/11/china-aligned-mirrorface-hackers-target.html
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
A threat actor with ties to the Democratic Peoples Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices.Cybersecurity company SentinelOne, ..
https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html
Office unter Windows 11 24H2 mit installiertem Crowdstrike lahmgelegt
Wer Crowdstrike-Sicherheitssoftware einsetzt und auf Windows 11 24H2 aktualisiert hat, hatte womöglich mit nicht funktionierenden Apps zu kämpfen.
https://www.heise.de/news/Crowdstrike-legte-Office-unter-Windows-11-24H2-lahm-10007558.html
Large eBay malvertising campaign leads to scams
Consumers are being swamped by Google ads claiming to be eBays customer service.
https://www.malwarebytes.com/blog/scams/2024/11/large-ebay-malvertising-campaign-leads-to-scams
Vorsicht vor gefälschten Willhaben-Mails
Kriminelle geben sich als Willhaben aus und versenden massenhaft gefälschte E-Mails. In den teilweise echt aussehenden E-Mails wird behauptet, dass Sie Ihre Identität bestätigen müssen oder eine Rückerstattung erhalten. Eine andere gefälschte E-Mail enthält im Anhang angeblich eine Rechnung. Wir raten zur Vorsicht!
https://www.watchlist-internet.at/news/willhaben-phishing/
Silent Skimmer Gets Loud (Again)
We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of ...
https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/
Unwrapping the emerging Interlock ransomware attack
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game ..
https://blog.talosintelligence.com/emerging-interlock-ransomware/
Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities
CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and ..
https://hackread.com/androxgh0st-botnet-integrate-mozi-iot-vulnerabilities/
Malicious Python Package Typosquats Popular fabric SSH Library, Exfiltrates AWS Credentials
The Socket Research Team has discovered a malicious Python package, fabrice, that is typosquatting the popular fabric SSH automation library. The threat of malware delivered through typosquatted libraries remains a significant ..
https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library
Vulnerabilities
Zahlreiche Schwachstellen in HASOMED Elefant and Elefant Software Updater
https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstellen-in-hasomed-elefant-and-elefant-software-updater/