End-of-Day report
Timeframe: Mittwoch 16-10-2024 18:00 - Donnerstag 17-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Iranian hackers act as brokers selling critical infrastructure access
Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors.
https://www.bleepingcomputer.com/news/security/iranian-hackers-act-as-brokers-selling-critical-infrastructure-access/
Mit Standard-Zugangsdaten: Kubernetes-Lücke ermöglicht Root-Zugriff per SSH
Betroffen sind Images, die mit dem Kubernetes Image Builder erstellt wurden. Es gibt zwar einen Patch, doch der schützt bestehende Images nicht.
https://www.golem.de/news/mit-standard-zugangsdaten-kubernetes-luecke-ermoeglicht-root-zugriff-per-ssh-2410-189927.html
The 2024 State of ICS/OT Cybersecurity: Our Past and Our Future
The 2024 State of ICS/OT report shows our industry-s growth since 2019 and offers insight into how we may improve going into 2029.
https://www.sans.org/blog/the-2024-state-of-ics-ot-cybersecurity-our-past-and-our-future
DORA-Kernkonzepte verstehen: Fokus auf "Kritische oder wichtige Funktionen"
Mit dem Ziel, ein hohes Maß an digitaler operativer Widerstandsfähigkeit zu erreichen, bietet DORA einen umfassenden Rahmen für das wirksame ..
https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/
Cisco confirms ongoing investigation after crims brag about selling tons of data
Networking giant says no evidence of impact on its systems but will tell customers if their info has been stolen UPDATED Cisco has confirmed it is investigating claims of stealing - and now selling - data belonging ..
https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/
New ThreatLabz Report: Mobile remains a top threat vector with 111% spyware growth while IoT attacks rise 45%
The role of the CISO continues to expand, driven by the rising number of breaches and cyberattacks like ransomware, as well as SEC requirements for public organizations to disclose material breaches. Among the fastest-moving ..
https://www.zscaler.com/blogs/security-research/new-threatlabz-report-mobile-remains-top-threat-vector-111-spyware-growth
Sudanese Brothers Arrested in -AnonSudan- Takedown
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the ..
https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/
Russische Hackergruppe bekennt sich zu Angriff auf das Internet Archive
Eine Gruppe namens "SN_BLACKMETA" hat nach eigenen Angaben DDoS-Attacken auf die Internetbibliothek durchgeführt
https://www.derstandard.at/story/3000000241091/russische-hackergruppe-bekennt-sich-zu-angriff-auf-das-internet-archive
Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
Explore how macOS Gatekeepers security could be compromised by third-party apps not enforcing quarantine attributes effectively.
https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Ransomware: Threat Level Remains High in Third Quarter
Recently established RansomHub group overtakes LockBit to become most prolific ransomware operation.
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-threat-level-remains-high
Cyber Resilience Act beschlossen
Der Cyber Resilience Act (CRA) ist eine EU-Verordnung für die Sicherheit in Hard- und Softwareprodukten mit digitalen Elementen, die am 10.10.2024 im Rat der Europäischen Union verabschiedet wurde. Nach der Veröffentlichung im Amtsblatt der EU wird das ..
https://certitude.consulting/blog/de/cyber-resilience-act-beschlossen/
Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil
Police did not name the suspect, but a threat actor known as USDoD has long boasted of being behind the attacks that were highlighted by Brazilian law enforcement following the arrest.
https://therecord.media/hacker-behind-fbi-npd-airbus-attacks-arrested-brazil
Why Hackers May Be Targeting You
In todays evolving cyber threat landscape, small and mid-sized businesses can reduce their risk by understanding cybercriminals, addressing misconceptions, and enhancing their cybersecurity and incident ..
https://www.emsisoft.com/en/blog/46073/why-hackers-may-be-targeting-you/
Vulnerabilities
Oracle Releases Quarterly Critical Patch Update Advisory for October 2024
Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take ..
https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024
Security updates for Thursday
https://lwn.net/Articles/994630/