Tageszusammenfassung - 18.10.2024

End-of-Day report

Timeframe: Donnerstag 17-10-2024 18:00 - Freitag 18-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc.

https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/


Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)

Introduction In the perpetually evolving field of cybersecurity, new threats materialize daily. Attackers are on the prowl for weaknesses in infrastructure and software like a cat eyeing its helpless prey.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/


U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks."Since October 2023, Iranian ..d

https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html


Intel hits back at Chinas accusations it bakes in NSA backdoors

Chipzilla says it obeys the law wherever it is, which is nice Intel has responded to Chinese claims that its chips include security backdoors at the direction of Americas NSA.

https://www.theregister.com/2024/10/18/intel_china_security_allegations/


Alleged Bitcoin crook faces 5 years after SECs X account pwned

SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commissions X account earlier this year.

https://www.theregister.com/2024/10/18/sec_bitcoin_arrest/


Brazil Arrests -USDoD,- Hacker in FBI Infragard Breach

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBIs InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led ..

https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/


EIW - ESET Israel Wiper - used in active attacks targeting Israeli orgs

One of my Mastodon followers sent me an interesting toot today, which lead to this forum post ..

https://doublepulsar.com/eiw-eset-israel-wiper-used-in-active-attacks-targeting-israeli-orgs-b1210aed7021


What I-ve learned in my first 7-ish years in cybersecurity

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.

https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/


Call stack spoofing explained using APT41 malware

Summary Call stack spoofing isn-t a new technique, but it has become more popular in the last few years. Call stacks are a telemetry source for EDR software that can be used to determine if a process made suspicious actions (requesting a handle to the lsass process, writing suspicious code to a newly allocated area, ..

https://cybergeeks.tech/call-stack-spoofing-explained-using-apt41-malware/


Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom

North Korean hackers are infiltrating Western companies using fraudulent IT workers to steal sensitive data and extort ransom.

https://hackread.com/fake-north-korean-it-workers-west-firms-demand-ransom/


U.S. and UK Warn of Russian Cyber Threats: 9 of 12 GreyNoise-Tracked Vulnerabilities in the Advisory Are Being Probed Right Now

Joint U.S. and UK advisory identifies 24 vulnerabilities exploited by Russian state-sponsored APT 29, with GreyNoise detecting active probing on nine of these critical CVEs. Stay informed with real-time ..

https://www.greynoise.io/blog/u-s-and-uk-warn-of-russian-cyber-threats-9-of-24-vulnerabilities-in-the-advisory-are-being-probed-right-now


Apple Passwörter: So lautet das Rezept für generierte Passwörter

Ein leitender Softwareentwickler Apples erklärt in einem Blogpost, nach welchem Muster Apple Passwörter generiert.

https://heise.de/-9986503


Vulnerabilities

SVD-2024-1013: Third-Party Package Updates in Splunk Add-on for Office 365 - October 2024

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Office 365 versions 4.5.2 and higher.

https://advisory.splunk.com//advisories/SVD-2024-1013


Synology-SA-24:17 Synology Camera

The vulnerabilities allow remote attackers to execute arbitrary code, remote attackers to bypass security constraints and remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Camera BC500 Firmware, Synology Camera TC500 Firmware and Synology Camera CC400W Firmware.

https://www.synology.com/en-global/support/security/Synology_SA_24_17


ZDI-24-1419: Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1419/