End-of-Day report
Timeframe: Montag 30-09-2024 18:00 - Dienstag 01-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Microsoft Defender adds detection of unsecure Wi-Fi networks
Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when theyre connected to unsecured Wi-Fi networks.
https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/
Microsoft overhauls security for publishing Edge extensions
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions.
https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/
What Are Hackers Searching for in SolarWinds Serv-U (CVE-2024-28995)?
Discover how GreyNoise-s honeypots are monitoring exploit attempts on the SolarWinds Serv-U vulnerability (CVE-2024-28995). Gain insights into the specific files attackers target and how real-time data helps security teams focus on true threats.
https://www.greynoise.io/blog/what-are-hackers-searching-for-in-solarwinds-serv-u-cve-2024-28995
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model.
https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
Rackspace internal monitoring web servers hit by zero-day
Reading between the lines, it appears Rackspace was hosting a ScienceLogic-powered monitoring dashboard for its customers on its own internal web servers, those servers included a program that was bundled with ScienceLogic's software, and that program was exploited, using a zero-day vulnerability, by miscreants to gain access to those web servers. From there, the intruders were able to get hold of some monitoring-related customer information before being caught.
https://go.theregister.com/feed/www.theregister.com/2024/09/30/rackspace_zero_day_attack/
Crooked Cops, Stolen Laptops & the Ghost of UGNazi
A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the mans alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.
https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-of-ugnazi/
BSI empfiehlt die Nutzung von Passkeys
Das BSI empfiehlt die Nutzung von Passkeys. Eine Umfrage zeige auf, dass die Bekanntheit und Verbreitung ausbaufähig seien.
https://heise.de/-9959270
Ransomware: Ermittler melden neue Erfolge im Kampf gegen Lockbit
Neben Verhaftungen in Frankreich und Großbritannien haben internationale Strafverfolger die Infrastruktur der Erpresser gestört - zudem ergingen Sanktionen.
https://heise.de/-9959100
WordPress Vulnerability & Patch Roundup September 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education.
https://blog.sucuri.net/2024/09/wordpress-vulnerability-patch-roundup-september-2024.html
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5).
https://lwn.net/Articles/992444/
Mozilla Foundation Security Advisories 2024-10-01 (Thunderbird and Firefox)
https://www.mozilla.org/en-US/security/advisories/
Juniper: 2024-09-30 Out of Cycle Security Advisory: Multiple Products: RADIUS protocol susceptible to forgery attacks (Blast-RADIUS) (CVE-2024-3596)
https://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Security-Advisory-Multiple-Products-RADIUS-protocol-susceptible-to-forgery-attacks-Blast-RADIUS-CVE-2024-3596
Bosch: Sensitive information disclosure in Bosch Configuration Manager
https://psirt.bosch.com/security-advisories/bosch-sa-981803-bt.html