End-of-Day report
Timeframe: Montag 04-11-2024 18:00 - Dienstag 05-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Windows Server 2025 released-here are the new features
-Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st.
https://www.bleepingcomputer.com/news/microsoft/windows-server-2025-released-here-are-the-new-features/
Nokia investigates breach after hacker claims to steal source code
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the companys stolen source code.
https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/
Google fixes two Android zero-days used in targeted attacks
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities.
https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-used-in-targeted-attacks/
Angriff auf Schneider Electric: Hungrige Hacker fordern Baguettes als Lösegeld
Die Angreifer behaupten, über 40 GBytes an Daten von Schneider Electric erbeutet zu haben. Ihre Forderung: 125.000 US-Dollar in Form von Baguettes.
https://www.golem.de/news/angriff-auf-schneider-electric-hungrige-hacker-fordern-baguettes-als-loesegeld-2411-190471.html
Olympia-Kassensysteme: Registrierkassen seit drei Jahren ohne Sicherheitsupdates
Registrierkassen der Marke Olympia laufen auf Android 11 und bergen Risiken für den Zahlungsverkehr.
https://www.golem.de/news/olympia-kassensysteme-registrierkassen-seit-drei-jahren-ohne-sicherheitsupdates-2411-190487.html
Python RAT with a Nice Screensharing Feature
While hunting, I found another interesting Python RAT in the wild. This is not brand new because the script was released two years ago. The script I found is based on the same tool and still ..
https://isc.sans.edu/diary/Python+RAT+with+a+Nice+Screensharing+Feature/31414
Maritime lawyers assemble!
Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships ..
https://www.pentestpartners.com/security-blog/maritime-lawyers-assemble/
In final check-in before Election Day, CISA cites low-level threats, and not much else
Incidents to date have included -low level- distributed denial-of-service activity, criminal destruction of ballot drop boxes and continued threats targeting election officials, CISA Director Jen Easterly ..
https://therecord.media/cisa-2024-presidential-election-threats
Smart Cities gegen Cyberattacken resilient machen
Ob es uns gefällt oder nicht - Städte weltweit wandeln sich in sogenannte "Smart Cities". Die Protagonisten versprechen Innovation, Nachhaltigkeit und digitales Wachstum. Aber diese Infrastruktur bzw. die ..
https://www.borncity.com/blog/2024/11/05/smart-cities-gegen-cyberattacken-resilient-machen/
SOC Around the Clock: World Tour Survey Findings
Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of ..
https://www.trendmicro.com/en_us/research/24/k/world-tour-survey-results.html
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by AlmaLinux (firefox, openexr, and thunderbird), Fedora (llama-cpp and python-quart), Oracle (firefox, openexr, thunderbird, and xorg-x11-server and xorg-x11-server-Xwayland), SUSE (chromium, govulncheck-vulndb, openssl-1_1, python311, and python312), and Ubuntu (linux-azure, linux-bluefield, linux-azure, linux-gcp, linux-ibm, openjpeg2, and ruby3.0, ruby3.2, ruby3.3).
https://lwn.net/Articles/997030/