Tageszusammenfassung - 03.10.2024

End-of-Day report

Timeframe: Mittwoch 02-10-2024 18:00 - Donnerstag 03-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Fake browser updates spread updated WarmCookie malware

A new FakeUpdate campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware.

https://www.bleepingcomputer.com/news/security/fake-browser-updates-spread-updated-warmcookie-malware/


FIN7 hackers launch deepfake nude -generator- sites to spread malware

The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware.

https://www.bleepingcomputer.com/news/security/fin7-hackers-launch-deepfake-nude-generator-sites-to-spread-malware/


Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It-s critical, but difficult to exploit.In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren-t likely to lead to mass infections that could install ransomware or espionage ..

https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html


INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

INTERPOL has announced the arrest of eight individuals in Côte dIvoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud.Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes ..

https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html


APT and financial attacks on industrial organizations in Q2 2024

This summary provides an overview of the reports of APT and financial attacks on industrial enterprises that were disclosed in Q2 2024, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.

https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-q2-2024/


Experts warn of DDoS attacks using linux printing vulnerability

A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.

https://therecord.media/ddos-attacks-cups-linux-print-vulnerability


As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever

Of the 1,253 incidents reported to the Information Commissioner-s Office (ICO) in 2023, only 87 were investigated - fewer than 7%. The numbers so far for 2024 are similar.

https://therecord.media/uk-ico-ransomware-investigations-data


Threat actor believed to be spreading new MedusaLocker variant since 2022

Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat ..

https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/


perfctl: A Stealthy Malware Targeting Millions of Linux Servers

In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you ..

https://blog.aquasec.com/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers


"Alptraum": Daten aller niederländischen Polizisten geklaut - von Drittstaat?

Hacker haben die Kontaktdaten aller Mitarbeiter der Polizei erbeutet. Nun kommt das Justizministerium mit einer weiteren alarmierenden Nachricht.

https://heise.de/-9961529


Thailändische Regierung von neuem APT "CeranaKeeper" angegriffen

Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden.

https://heise.de/-9961562

Vulnerabilities

ZDI-24-1321: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-40841.

http://www.zerodayinitiative.com/advisories/ZDI-24-1321/


Security updates for Thursday

Security updates have been issued by AlmaLinux (cups-filters), Debian (chromium and php8.2), Fedora (firefox), Oracle (cups-filters, flatpak, kernel, krb5, oVirt 4.5 ovirt-engine, and python-urllib3), Red Hat (cups-filters, firefox, go-toolset:rhel8, golang, and thunderbird), SUSE (postgresql16), and Ubuntu (gnome-shell and linux-azure-fde-5.15).

https://lwn.net/Articles/992798/


Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043

https://www.drupal.org/sa-contrib-2024-043


Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr


Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2