End-of-Day report
Timeframe: Donnerstag 07-11-2024 18:00 - Freitag 08-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Google To Make MFA Mandatory for Google Cloud in 2025
Google has recently announced that it plans to implement mandatory multi-factor authentication (MFA) on all Cloud accounts by the end of 2025. [..] The implementation will affect both admins and users with access to Google Cloud. General consumer Google accounts will not be affected.
https://heimdalsecurity.com/blog/google-cloud-mfa/
2024 Credit Card Theft Season Arrives
In today-s post we-re going to perform a malware analysis of the most common MageCart injections identified so that eCommerce website owners can better understand the risks, and (hopefully) protect themselves, their websites, and their customers from attackers.
https://blog.sucuri.net/2024/11/2024-credit-card-theft-season-arrives.html
ESET APT Activity Report Q2 2024-Q3 2024
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/
Helldown Ransomware Group - A New Emerging Ransomware Threat
As of November 2024, the online resources available related to the Helldown ransomware group-s Tactics Techniques and Procedures (TTP-s) were effectively none-existent - this blogpost aims to address that and will be updated continuously as more investigations are completed.
https://www.truesec.com/hub/blog/helldown-ransomware-group
TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world.
While the TLPT RTS does come with some additional requirements or nuances compared to the TIBER framework, we can all be certain that adopting TIBER is indeed the way to fulfill DORA-s TLPT requirements. As mentioned in our initial post, we expect many more European countries to publish a TIBER implementation guide and/or a TIBER-EU 2.0 to be published for additional convergence.
https://blog.nviso.eu/2024/11/08/tlpt-me-everything-you-need-to-know-about-threat-led-penetration-testing-tlpt-in-a-tiber-world/
Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations
Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.
https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html
Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks
Last time we took a dive deep into Kerberoasting. Up next, let's unravel the sinister secrets of DCSync attacks - a stealthy technique that can bring your entire Active Directory to its knees.
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/
Nameless and shameless: Ransomware Encryption via BitLocker
This post will delve into a recent incident response engagement handled by NCC Group-s Digital Forensics and Incident Response (DFIR) team, involving an unknown ransomware strain but known TTPs.
https://www.nccgroup.com/us/research-blog/nameless-and-shameless-ransomware-encryption-via-bitlocker/
Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond
Wiz Research looks at phishing tactics, along with how to trace and investigate these campaigns.
https://www.wiz.io/blog/unmasking-phishing-strategies-for-identifying-0ktapus-domains
Vulnerabilities
Max-Critical Cisco Bug Enables Command-Injection Attacks
Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks.
https://www.darkreading.com/vulnerabilities-threats/cisco-bug-command-injection-attacks
Security updates for Friday
Security updates have been issued by AlmaLinux (edk2), Debian (webkit2gtk), Fedora (thunderbird), Oracle (bzip2, container-tools:ol8, edk2, go-toolset:ol8, libtiff, python-idna, python3.11, and python3.12), Slackware (expat), and SUSE (apache2, govulncheck-vulndb, grub2, java-1_8_0-openjdk, python3, python39, qemu, xorg-x11-server, and xwayland).
https://lwn.net/Articles/997480/
Delta Electronics DIAScreen
https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02