Tageszusammenfassung - 18.11.2024
End-of-Day report
Timeframe: Freitag 15-11-2024 18:00 - Montag 18-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/aNews
Honeypot: Forscher veralbert Scriptkiddies mit Fake-Ransomware
Ein Tool namens Jinn sollte Ransomware-Angriffe vereinfachen. Tatsächlich war das ein Honeypot, auf den so einige Akteure reingefallen sind.Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground?
A blog detailing in-depth research into women in Russian-speaking cybercrime.DORA-Kernthemen meistern: Ein Deep Dive in Incident Management
In diesem Blogbeitrag befassen wir uns mit den Anforderungen an DORA Incident Management.Swiss cheesed off as postal service used to spread malware
QR codes arrive via an age-old delivery system Switzerlands National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the countrys postal service.https://www.theregister.com/2024/11/16/swiss_malware_qr/
WTF: Sicherheitsforscher finden beim Nachstellen einer Lücke drei neue
Als die Watchtowr Labs-Forscher die Lücke im FortiManager nachprüfen wollten, fanden sie weitere Fehler und unvollständige Fixes.T-Mobile von chinesischem Cyberangriff betroffen
Laut einem Bericht konnten die Hacker in mehrere Telekommunikationsunternehmen in den USA wie auch international eindringenhttps://www.derstandard.at/story/3000000245232/t-mobile-von-chinesischem-cyberangriff-betroffen
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012
We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations.https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen
Seit heute Früh sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke sind uns zurzeit nicht bekannt, Hinweise für eine hacktivistische Motivation liegen jedoch vor. In Anbetracht der aktuellen Geschehnisse ..https://www.cert.at/de/aktuelles/2024/11/ddos-angriffe-november-2024
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinets Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the ..Inside Water Barghest-s Rapid Exploit-to-Market Strategy for IoT Devices
In this blog entry, we discuss Water Barghests exploitation of IoT devices, transforming them into profitable assets through advanced automation and monetization techniques.https://www.trendmicro.com/en_us/research/24/k/water-barghest.html
What To Use Instead of PGP
It-s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing ..https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
TPM-Backed SSH Keys on Windows 11
On my MacBook, I-ve been using using TPM/security key-based SSH keys for years since it-s where I do the most development and the software support is good. Secretive is a decent app I can vouch for. Before that, I was ..https://cedwards.xyz/tpm-backed-ssh-keys-on-windows-11/
Reverse Engineering iOS 18 Inactivity Reboot
iOS 18 introduced a new inactivity reboot security feature. What does it protect from and how does it work? This blog post covers all the details down to a kernel extension and the Secure Enclave Processor.https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability
On October 7, 2024, information about a serious vulnerability in Redis, identified as CVE-2024-31449, was published. This vulnerability allows an authenticated user to execute remote code using specially ..https://redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/
Vulnerabilities
Security updates for Monday
Security updates have been issued by AlmaLinux (binutils, libsoup, squid:4, tigervnc, and webkit2gtk3), Debian (icinga2, postgresql-13, postgresql-15, smarty3, symfony, thunderbird, and waitress), Fedora (dotnet9.0, ghostscript, microcode_ctl, php-bartlett-PHP-CompatInfo, python-waitress, and webkitgtk), Gentoo (Perl, Pillow, and X.Org X server, XWayland), ..https://lwn.net/Articles/998570/
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) (Severity: CRITICAL)
https://security.paloaltonetworks.com/CVE-2024-0012