End-of-Day report
Timeframe: Freitag 04-10-2024 18:00 - Montag 07-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Russia arrests US-sanctioned Cryptex founder, 95 other linked suspects
-Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials.
https://www.bleepingcomputer.com/news/security/russia-arrests-us-sanctioned-cryptex-founder-95-other-linked-suspects/
MoneyGram: No evidence ransomware is behind recent cyberattack
MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September.
https://www.bleepingcomputer.com/news/security/moneygram-no-evidence-ransomware-is-behind-recent-cyberattack/
Spielzeugmarke: Hack der Lego-Webseite zielt auf Kryptobetrug ab
Am 4. Oktober 2024 wurde die offizielle Website von Lego Opfer eines Hacks. Unbekannte bewarben eine Kryptowährung namens Lego-Coin.
https://www.golem.de/news/spielzeugmarke-hack-der-lego-webseite-zielt-auf-kryptobetrug-ab-2410-189541.html
Nach US-Bann: Kaspersky fliegt weltweit aus dem Google Play Store
Kaspersky-Software ist seit Tagen nicht mehr im Play Store erhältlich. Ursache ist das US-Verbot des russischen Herstellers - mit globalen Auswirkungen.
https://www.golem.de/news/nach-us-bann-kaspersky-fliegt-weltweit-aus-dem-google-play-store-2410-189562.html
Awaken Likho is awake: new techniques of an APT group
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
HUMINT and its Role within Cybersecurity
This blog explores HUMINTs role in cybersecurity, detailing its implementation, benefits, and potential risks.
https://www.sans.org/blog/humint-and-its-role-within-cybersecurity
Largest Recorded DDoS Attack is 3.8 Tbps
Cloudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.)
https://www.schneier.com/blog/archives/2024/10/largest-recorded-ddos-attack-is-3-8-tbps.html
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.The flaw, tracked as CVE-2024-47561, ..
https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
Chinesische Hacker stehlen sensible Daten von US-Gerichten
Via Internetdienstanbieter verschafft sich die "Salt Typhoon"-Kampagne Zugriff zu heiklen Daten. US-Behörden befürchten weitere Angriffe
https://www.derstandard.at/story/3000000239609/chinesische-hacker-stehlen-sensible-daten-von-us-gerichten
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more.
https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included.
https://www.thezdi.com/blog/2024/10/2/from-pwn2own-automotive-more-autel-maxicharger-vulnerabilities
Russian state media company operation disrupted by -unprecedented- cyberattack
Russian state television and radio broadcasting company VGTRK was hit by a cyberattack on Monday that disrupted its operations, the company confirmed in a statement to local news agencies.
https://therecord.media/russian-state-media-company-disrupted-cyberattack
Engaging with Boards to improve the management of cyber security risk
How to communicate more effectively with board members to improve cyber security decision making.
https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly
Forensic Readiness in Container Environments
One of the most frustrating issues that Digital Forensics and Incident Response (DFIR) consultants encounter is a lack of forensic data available for analysis. This article aims to mitigate such situations by providing key considerations for improving forensic readiness.
https://www.nccgroup.com/us/research-blog/forensic-readiness-in-container-environments/
Vulnerabilities
DSA-5785-1 mediawiki - security update
Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.
https://lists.debian.org/debian-security-announce/2024/msg00198.html
Security updates for Monday
Security updates have been issued by AlmaLinux (go-toolset:rhel8 and linux-firmware), Arch Linux (oath-toolkit), Debian (e2fsprogs, firefox-esr, libgsf, mediawiki, and oath-toolkit), Fedora (aws, chromium, firefox, p7zip, pgadmin4, python-gcsfs, unbound, webkitgtk, znc, znc-clientbuffer, and znc-push), Mageia (ghostscript and rootcerts nss firefox firefox-l10n), ..
https://lwn.net/Articles/993160/