End-of-Day report
Timeframe: Mittwoch 27-12-2023 18:00 - Donnerstag 28-12-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Lockbit ransomware disrupts emergency care at German hospitals
German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions were caused by a Lockbit ransomware attack where the threat actors gained access to IT systems and encrypted devices on the network.
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/
Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary], (Wed, Dec 27th)
In this post, I dig into my instance of the DShield honeypot to see what attack vectors malicious actors are trying to exploit. What I found were several attempts to upload the Mirai family of malware.
https://isc.sans.edu/diary/rss/30514
Operation Triangulation: "Raffiniertester Exploit aller Zeiten" auf iPhones
Im Sommer wurde bekannt, dass iPhones der russischen Sicherheitsfirma Kaspersky per hoch entwickeltem Exploit übernommen wurden. Auf dem 37C3 gab es Details.
https://www.heise.de/-9583427
Neuer iPhone-Diebstahlschutz: "Wichtige Orte" als Sicherheitsloch
Apple will bald die Account-Ausplünderung nach iPhone-Diebstählen erschweren. Ein Sicherheitsfeature bietet allerdings eine Umgehungsmöglichkeit.
https://www.heise.de/-9582753
Jahresrückblick: Diese Themen beschäftigten uns 2023!
2023 geht für die Watchlist Internet erfolgreich zu Ende: Mit rund 3,2 Millionen Besucher:innen konnten wir auch heuer wieder zahlreiche Menschen vor Internetbetrug warnen. Monatlich erreichten uns dabei rund 1.000 Meldungen, die wir 2023 in rund 200 Warnartikel und durch die Veröffentlichung von über 12.000 Domains auf unseren Warnlisten verarbeitet haben. Danke an unsere Leser:innen, die diesen Erfolg ermöglichen.
https://www.watchlist-internet.at/news/jahresrueckblick-diese-themen-beschaeftigten-uns-2023/
How to report Gmail messages as spam to improve your life and make you a hero
The act of marking and reporting an email as spam in Gmail has an important side effect that makes it totally worth a few seconds of your day.
https://www.zdnet.com/article/how-to-report-gmail-messages-as-spam-to-improve-your-life-and-make-you-a-hero/
Trend Analysis on Kimsuky Group-s Attacks Using AppleSeed
While the Kimsuky group typically uses spear phishing attacks for initial access, most of their recent attacks involve the use of shortcut-type malware in LNK file format. Although LNK malware comprise a large part of recent attacks, cases using JavaScripts or malicious documents are continuing to be detected.
https://asec.ahnlab.com/en/60054/
Cyber Toufan goes Oprah mode, with free Linux system wipes of over 100 organisations
For the past 6 or so weeks, I-ve been tracking Cyber Toufan on Telegram. They appeared in November, and they-ve been very busy and very naughty boys. They actually set up their infrastructure around October, and started owning things apparently undetected. They-re not a lame DDoS pretend hacktivist group like NoName016 - instead, they claim to be Palestinian state cyber warriors.
https://doublepulsar.com/cyber-toufan-goes-oprah-mode-with-free-linux-system-wipes-of-over-100-organisations-eaf249b042dc
Vulnerabilities
Juniper: 2023-12 Security Bulletin: JSA Series: Multiple vulnerabilities resolved
Multiple vulnerabilities have been resolved in Juniper Secure Analytics in 7.5.0 UP7 IF03. Severity Assessment (CVSS) Score 9.8
https://supportportal.juniper.net/s/article/2023-12-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved
Security updates for Thursday
Security updates have been issued by Debian (haproxy, libssh, and nodejs), Fedora (filezilla and minizip-ng), Gentoo (Git, libssh, and OpenSSH), and SUSE (gstreamer, postfix, webkit2gtk3, and zabbix).
https://lwn.net/Articles/956257/