Tageszusammenfassung - 07.11.2024

End-of-Day report

Timeframe: Mittwoch 06-11-2024 18:00 - Donnerstag 07-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps.

https://www.bleepingcomputer.com/news/security/hackers-increasingly-use-winos40-post-exploitation-kit-in-attacks/


A look at the latest post-quantum signature standardization candidates

NIST has standardized four post-quantum signature schemes so far, and they-re not done yet: there are fourteen new candidates in the running for standardization. In this blog post we take ..

https://blog.cloudflare.com/another-look-at-pq-signatures


The Power of Process in Creating a Successful Security Posture

Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.

https://www.darkreading.com/cybersecurity-operations/process-in-creating-successful-security-posture


Microsoft Windows Server 2025 Upgrade Triggers Licensing Conflicts and Operational Fallout

A recent Microsoft update has unexpectedly forced several organizations to upgrade from Windows Server 2022 to Windows Server 2025, resulting in unexpected licensing demands and operational setbacks. First reported on November 5, 2024, this incident has affected organizations ..

https://heimdalsecurity.com/blog/microsoft-windows-server-2025-upgrade/


Steam Account Checker Poisoned with Infostealer

I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" ..

https://isc.sans.edu/forums/diary/Steam+Account+Checker+Poisoned+with+Infostealer/31420/


China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an organization in the region."During this attack, the threat ..

https://thehackernews.com/2024/11/china-aligned-mirrorface-hackers-target.html


North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A threat actor with ties to the Democratic Peoples Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices.Cybersecurity company SentinelOne, ..

https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html


Office unter Windows 11 24H2 mit installiertem Crowdstrike lahmgelegt

Wer Crowdstrike-Sicherheitssoftware einsetzt und auf Windows 11 24H2 aktualisiert hat, hatte womöglich mit nicht funktionierenden Apps zu kämpfen.

https://www.heise.de/news/Crowdstrike-legte-Office-unter-Windows-11-24H2-lahm-10007558.html


Large eBay malvertising campaign leads to scams

Consumers are being swamped by Google ads claiming to be eBays customer service.

https://www.malwarebytes.com/blog/scams/2024/11/large-ebay-malvertising-campaign-leads-to-scams


Vorsicht vor gefälschten Willhaben-Mails

Kriminelle geben sich als Willhaben aus und versenden massenhaft gefälschte E-Mails. In den teilweise echt aussehenden E-Mails wird behauptet, dass Sie Ihre Identität bestätigen müssen oder eine Rückerstattung erhalten. Eine andere gefälschte E-Mail enthält im Anhang angeblich eine Rechnung. Wir raten zur Vorsicht!

https://www.watchlist-internet.at/news/willhaben-phishing/


Silent Skimmer Gets Loud (Again)

We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of ...

https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/


Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game ..

https://blog.talosintelligence.com/emerging-interlock-ransomware/


Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities

CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and ..

https://hackread.com/androxgh0st-botnet-integrate-mozi-iot-vulnerabilities/


Malicious Python Package Typosquats Popular fabric SSH Library, Exfiltrates AWS Credentials

The Socket Research Team has discovered a malicious Python package, fabrice, that is typosquatting the popular fabric SSH automation library. The threat of malware delivered through typosquatted libraries remains a significant ..

https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library


Vulnerabilities

Zahlreiche Schwachstellen in HASOMED Elefant and Elefant Software Updater

https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstellen-in-hasomed-elefant-and-elefant-software-updater/