End-of-Day report
Timeframe: Donnerstag 31-10-2024 18:00 - Montag 04-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Thousands of hacked TP-Link routers used in years-long account takeover attacks
The botnet is being skillfully used to launch "highly evasive" password-spraying attacks.
https://arstechnica.com/information-technology/2024/11/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks/
DDoS site Dstat.cc seized and two suspects arrested in Germany
The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.
https://www.bleepingcomputer.com/news/security/ddos-site-dstatcc-seized-and-two-suspects-arrested-in-germany/
Cisco says DevHub site leak won-t enable future breaches
-Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal dont contain information that could be exploited in future breaches of the companys systems.
https://www.bleepingcomputer.com/news/security/cisco-says-devhub-site-leak-wont-enable-future-breaches/
Ware nicht geliefert: Betrüger hacken Tausende Webshops und kassieren Millionen
Hacker haben seit 2019 im Rahmen einer Betrugskampagne unzählige Onlineshops infiltriert. Käufer bestimmter Produkte erhielten ..
https://www.golem.de/news/ware-nicht-geliefert-betrueger-hacken-tausende-webshops-und-kassieren-millionen-2411-190388.html
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Inside Iran-s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israels participation ..
https://thehackernews.com/2024/11/inside-irans-cyber-playbook-ai-fake.html
Financial institutions told to get their house in order before the next CrowdStrike strikes
Calls for improvements will soon turn into demands when new rules come into force The UKs finance regulator is urging all institutions under its remit to better prepare for IT meltdowns like ..
https://www.theregister.com/2024/11/02/fca_it_resilience/
Booking.com Phishers May Leave You With Reservations
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. Well ..
https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/
Kostenlose Webinare zum Schutz im Internet
Ab 2. Dezember finden in Kooperation mit der AK Oberösterreich und Saferinternet.at spannende Webinare zum sicheren und verantwortungsvollen Umgang mit Handy und Internet statt. Erweitern Sie Ihre digitalen Kompetenzen und ..
https://www.watchlist-internet.at/news/kostenlose-webinare-zum-schutz-im-internet/
TA Phone Home: EDR Evasion Testing Reveals Extortion Actors Toolkit
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor.
https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
FBI wants more info on hackers behind Sophos exploitation after report on China-s intrusions
The FBI is asking the public for help in tracking down the people behind a series of intrusions into edge devices and networks.
https://therecord.media/fbi-hackers-china-wants-info
Kimsuky Group-s Malware Disguised as Lecture Request Form (MSC, HWP)
Recently, malware disguised as a lecture request form targeting specific users was identified. The distributed files include Hangul Word Processor (HWP) documents and files in MSC format, which download additional malicious files. Decoy document files used to disguise as legitimate documents have been found to sometimes contain ..
https://asec.ahnlab.com/en/84181/
Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware
age -jest-fet-mock,- which implements a different approach using Ethereum smart contracts for command-and-control operations. The package masquerades as a popular testing utility while distributing malware across Windows, Linux, and macOS platforms. This discovery represents a notable difference in supply chain attack methodologies, combining ..
https://checkmarx.com/blog/supply-chain-attack-using-ethereum-smart-contracts-to-distribute-multi-platform-malware/
Hackers Claim Access to Nokia Internal Data, Selling for $20,000
Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal
https://hackread.com/hackers-claim-access-nokia-internal-data-selling-20k/
Mallox Ransomware
FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption, damage to daily operations, ..
https://fortiguard.fortinet.com/outbreak-alert/mallox-ransomware
Missing Link: Wie ein Unternehmen bei einem Cyberangriff die Kontrolle verlor
Eigentlich fühlt sich der IT-Chef recht sicher. Bis Hacker mitten am Tag in die Firma marschieren - und unbehelligt wieder raus. Die Beute: volle Kontrolle.
https://heise.de/-9984869
Vulnerabilities
Security updates for Monday
Security updates have been issued by AlmaLinux (firefox, grafana, kernel, and mod_http2), Debian (chromium, openssl, and thunderbird), Fedora (chromium, krb5, mysql8.0, polkit, python-single-version, and webkitgtk), Mageia (bind, buildah, podman, skopeo, kernel, kmod-xtables-addons. kmod-virtualbox, kernel-firmware & kernel-firmware-nonfree radeon-firmware, ..
https://lwn.net/Articles/996908/
WordPress Vulnerability & Patch Roundup October 2024
https://blog.sucuri.net/2024/11/wordpress-vulnerability-patch-roundup-october-2024.html