End-of-Day report
Timeframe: Mittwoch 04-12-2024 18:00 - Donnerstag 05-12-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Kostenfalle Gesundheitstest: So schützen Sie sich vor Abzocke
Auf gesundheitskontrolle.com oder gesundheitsbewertung.com werden 2-minütige Gesundheitstests versprochen. Nach Beantwortung einiger Fragen erhalten Sie angeblich eine -maßgenschneiderte und individuelle Gesundheitsanalyse- von Gesundheitsexperten. Wir raten zur Vorsicht: Wenige Tage später flattert eine Rechnung über 79 Euro ins Haus.
https://www.watchlist-internet.at/news/kostenfalle-gesundheitstest/
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur-s Multi-Platform Attacks
Trend Micro-s monitoring of the MOONSHINE exploit kit revealed how it-s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Telecom Giant BT Group Hit by Black Basta Ransomware
BT Group, a major telecommunications firm, has been hit by a ransomware attack from the Black Basta group. The attack targeted the companys Conferencing division, leading to server shutdowns and potential data theft.
https://hackread.com/telecom-giant-bt-group-black-basta-ransomware-attack/
Vorsicht vor Whatsapp-Phishing mit gespoofter Rufnummer
Cyber-Kriminelle nehmen deutschsprachige WhatsApp-Nutzer ins Visier und versuchen mit einem perfiden Trick und einem Chatbot deren Accounts zu kapern.
https://heise.de/-10188150
USA: Acht Telekommunikationsdienste von Cyberangriffen betroffen
Bereits im Wahlkampf wurde bekannt, dass Kriminelle an die Telefondaten hochrangiger US-Politiker gekommen sind. Doch der Angriff war umfangreicher als gedacht.
https://heise.de/-10188807
[Guest Diary] Business Email Compromise, (Thu, Dec 5th)
Business Email Compromise (BEC) is a lucrative attack, which FBI data shows 51 billion dollars in losses between 2013 to 2022 [2]. According to SentinelOne, nearly all cybersecurity attacks (98%) contain a social engineering component [3].The social engineering attacks include phishing, spear phishing, smishing, whaling , etc.
https://isc.sans.edu/diary/rss/31474
Vulnerabilities
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. [..] WatchTowr Labs' analysis further found that the authentication bypass could be chained with an as-yet-unpatched post-authentication arbitrary file read flaw to extract sensitive information.
https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html
Security updates for Thursday
Security updates have been issued by Fedora (thunderbird, tuned, and webkitgtk), Mageia (python-aiohttp and qemu), Oracle (container-tools:ol8, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, kernel:4.18.0, krb5, pam, postgresql:16, python-tornado, python3:3.6.8, thunderbird, tigervnc, tuned, and webkit2gtk3), Red Hat (bzip2, postgresql, postgresql:13, postgresql:15, postgresql:16, python-tornado, and ruby:3.1), Slackware (python3), SUSE (postgresql, postgresql16, postgresql17, postgresql13, postgresql14, postgresql15, python-python-multipart, and python3), and Ubuntu (python-django and recutils).
https://lwn.net/Articles/1000870/
Vier Lücken in HPE Aruba Networking ClearPass Policy Manager geschlossen
In aktuellen Versionen von HPE Aruba Networking ClearPass Policy Manager haben die Entwickler insgesamt vier Sicherheitslücken geschlossen. Im schlimmsten Fall können Angreifer eigenen Code ausführen und Systeme kompromittieren.
https://heise.de/-10188868
Drupal: Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071
https://www.drupal.org/sa-contrib-2024-071
Drupal: Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070
https://www.drupal.org/sa-contrib-2024-070
Drupal: Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069
https://www.drupal.org/sa-contrib-2024-069
Drupal: Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068
https://www.drupal.org/sa-contrib-2024-068
Drupal: OAuth & OpenID Connect Single Sign On - SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067
https://www.drupal.org/sa-contrib-2024-067
Drupal: Print Anything - Critical - Unsupported - SA-CONTRIB-2024-066
https://www.drupal.org/sa-contrib-2024-066
Drupal: Megamenu Framework - Critical - Unsupported - SA-CONTRIB-2024-065
https://www.drupal.org/sa-contrib-2024-065
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024)
https://www.wordfence.com/blog/2024/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-25-2024-to-december-1-2024/
AutomationDirect C-More EA9 Programming Software
https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-01
Planet Technology Planet WGS-804HPT
https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02