Tageszusammenfassung - 09.10.2024

End-of-Day report

Timeframe: Dienstag 08-10-2024 18:00 - Mittwoch 09-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Two never-before-seen tools, from same group, infect air-gapped devices

Its hard enough creating one air-gap-jumping tool. GoldenJackal did it 2x in 5 years.

https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/


European govt air-gapped systems breached using custom malware

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.

https://www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/


New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks

An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176.

https://www.bleepingcomputer.com/news/software/new-scanner-finds-linux-unix-servers-exposed-to-cups-rce-attacks/


Sicherheitslücke: RDP-Server von Windows aus der Ferne angreifbar

Ein erfolgreicher Angriff erfordert zwar eine gewonnene Race Condition, dafür aber keinerlei Authentifizierung oder Nutzer-Interaktion.

https://www.golem.de/news/sicherheitsluecke-rdp-server-von-windows-aus-der-ferne-angreifbar-2410-189652.html


Cisco warnt: Kinder erhöhen Cyberrisiko im Homeoffice

Laut Cisco erlauben rund zwei Drittel aller Eltern im Homeoffice ihren Kindern den Zugriff auf beruflich genutzte Geräte - häufig sogar unbeaufsichtigt.

https://www.golem.de/news/cisco-warnt-kinder-erhoehen-cyberrisiko-im-homeoffice-2410-189661.html


From Perfctl to InfoStealer

A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I wont repeat what has been already disclosed. I found a ..

https://isc.sans.edu/diary/From+Perfctl+to+InfoStealer/31334


Ransomware gang Trinity joins pile of scumbags targeting healthcare

As if hospitals and clinics didnt have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.

https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/


Patch Tuesday, October 2024 Edition

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes ..

https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/


How to handle vulnerability reports in aviation

TL;DR Always thank researchers for reporting vulnerabilities. Acknowledging their efforts can set the right tone. Lead all communications with researchers. Don-t let legal or PR teams take over. Provide ..

https://www.pentestpartners.com/security-blog/how-to-handle-vulnerability-reports-in-aviation/


So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte

Sie werden per SMS über eine Rückerstattung vom Finanzamt informiert und klicken auf den Link. Sie gelangen auf die Webseite des Finanzamts - zumindest sieht es so aus. Sie wählen Ihre Bank aus, um das Geld zu erhalten. Doch plötzlich kommt eine Fehlermeldung von Ihrer Bank. Sie erhalten eine neue Bankomatkarte und müssen die alte zerschneiden und ..

https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/


Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.

https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/


Schwachstellen in Intels Sicherheitstechnologie TDX entdeckt-

Wissenschaftler von der Universität zu Lübeck haben Schwachstellen in Intels Trusted Domain Extensions identifiziert. Intel hat eine Lücke bereits geschlossen.

https://heise.de/-9974224


Vulnerabilities

Synology-SA-24:12 GitLab

A vulnerability allows remote attacker to bypass authentication via a susceptible version of GitLab.

https://www.synology.com/en-global/support/security/Synology_SA_24_12


DSA-5729-2 apache2 - regression update

https://lists.debian.org/debian-security-announce/2024/msg00200.html


Announcement: Drupal core issues with some risk levels may be treated as bugs in the public issue queue, not as private security issues - PSA-2023-07-12

https://www.drupal.org/psa-2023-07-12


Local Privilege Escalation mittels MSI installer in Palo Alto Networks GlobalProtect

https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-mittels-msi-installer-in-palo-alto-networks-globalprotect/


October Security Update

https://www.ivanti.com/blog/october-2024-security-update