End-of-Day report
Timeframe: Donnerstag 14-11-2024 18:00 - Freitag 15-11-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Diese dummen Passwörter werden am häufigsten verwendet
Sind eure Accounts gut geschützt? Werft zur Sicherheit einen Blick auf diese Liste - hoffentlich fühlt ihr euch nicht ertappt.
https://futurezone.at/digital-life/dumme-passwoerter-oesterreich-international-2024/402975640
Cyberangriff auf Destatis: Hacker erbeuten Firmendaten des Statistischen Bundesamtes
Der 3,8 GBytes große Datensatz bietet Zugriff auf von Unternehmen gemeldete Informationen. Das attackierte System wurde erst kürzlich modernisiert.
https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html
MacOS 15.1: Apple patcht Drittanbieter-Firewalls kaputt
Wer unter MacOS 15.1 Drittanbieter-Firewalls wie Little Snitch verwendet, könnte auf Probleme stoßen. Filterregeln bleiben je nach Konfiguration wirkungslos.
https://www.golem.de/news/macos-15-1-apple-patcht-drittanbieter-firewalls-kaputt-2411-190821.html
New Glove Stealer Malware Bypasses Google Chrome-s App-Bound to Steal Data
The New Glove Stealer malware has the ability to bypass Google Chrome-s Application-Bound (App-Bound) encryption to steal browser cookies. The threat actors- attacks employed social engineering techniques akin to ..
https://heimdalsecurity.com/blog/glove-stealer-malware/
Gegen Enkeltrickbetrug: KI-Omi soll Kriminelle in endlose Gespräche verwickeln
Eine KI-generierte Omi soll für O2 Kriminelle beschäftigen, die echten Menschen per Telefon das Geld aus Tasche ziehen wollen. Dazu soll sie reden und reden.
https://www.heise.de/news/Gegen-Enkeltrickbetrug-KI-Omi-soll-Kriminelle-in-endlose-Gespraeche-verwickeln-10036234.html
Wordpress-Plug-in Really Simple Security gefährdet 4 Millionen Websites
Rund vier Millionen Wordpress-Seiten nutzen das Plug-in Really Simple Security. Angreifer aus dem Netz können sie kompromittieren.
https://www.heise.de/news/Wordpress-Plug-in-Really-Simple-Security-gefaehrdet-4-Millionen-Websites-10038111.html
An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and ..
https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities.
https://unit42.paloaltonetworks.com/fake-north-korean-it-worker-activity-cluster/
Kritische Sicherheitslücke in Laravel Framework - Updates verfügbar
Im Laravel Framework wurde eine kritische Sicherheitslücke entdeckt. Die Schwachstelle ermöglicht es Angreifern, durch manipulierte URLs unbefugten Zugriff auf Anwendungen zu erlangen und Umgebungsvariablen zu manipulieren.
https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar
Safeguarding Healthcare Organizations from IoMT Risks
The healthcare industry has undergone significant transformation with the emergence of the Internet of Medical Things (IoMT) devices. These devices ranging from wearable monitors to network imaging systems collect and process vast ..
https://levelblue.com/blogs/security-essentials/safeguarding-healthcare-organizations-from-iomt-risks
Zero-day exploitation targeting Palo Alto Networks firewall management interfaces
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.
https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/
Microsoft Power Pages Misconfigurations Expose Millions of Records Globally
SaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches.
https://hackread.com/microsoft-power-pages-misconfigurations-data-leak/
Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation
Written by: Matthijs Gielen, Jay ChristiansenBackgroundNew solutions, old problems. Artificial intelligence (AI) and large language models (LLMs) are here to signal a new day in the cybersecurity world, but what does that mean for us-the attackers and defenders-and our battle to improve security through all the noise?Data is everywhere. For most ..
https://cloud.google.com/blog/topics/threat-intelligence/ai-enhancing-your-adversarial-emulation/
Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats
In our latest technical blog series, our DFIR team are highlighting the most prominent Active Directory (AD) threats, describing the tell-tale signs that your AD might be at risk, and give experienced insight into the best prevention and mitigation strategies to shore up your AD security and bolster your digital identity protection.
https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-against-ldap-injection-threats/
Kubernetes Audit Log -Gotchas-
How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection.
https://www.wiz.io/blog/overcoming-kubernetes-audit-log-challenges
Massive npm Malware Campaign Leverages Ethereum Smart Contracts To Evade Detection and Maintain Control
Supply chain attacks are evolving. The Socket research team has uncovered a massive malware campaign that uses Ethereum smart contracts to control its operations - making it nearly impossible to shut down through traditional means. Instead of using conventional command and control servers that can be blocked or taken offline, these attackers ..
https://socket.dev/blog/massive-npm-malware-campaign-leverages-ethereum-smart-contracts
PyPI Introduces Digital Attestations to Strengthen Python Package Security
The Python Package Index (PyPI) has announced support for digital attestations. This new feature allows package maintainers to publish signed digital attestations when uploading their projects, providing an additional layer of trust and verification for users.What Are Digital Attestations?Digital attestations are cryptographic statements or ..
https://socket.dev/blog/pypi-introduces-digital-attestations
60 Hours of Cyber Defense: Hong Kong-s Innovative Cybersecurity Drill Begins
Hong Kong has initiated its first-ever cybersecurity drill, set to run for a total of 60 hours. The Hong Kong cybersecurity drill commenced on Friday, with plans to establish it as an annual event moving forward. Innovation minister Sun Dong emphasized the importance of this initiative, stating that maintaining cybersecurity is essential for ..
https://thecyberexpress.com/hong-kong-cybersecurity-drill/
Vulnerabilities
Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack
https://securityonline.info/critical-laravel-flaw-cve-2024-52301-exposes-millions-of-web-applications-to-attack/
[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/52082