Tageszusammenfassung - 06.12.2024
End-of-Day report
Timeframe: Donnerstag 05-12-2024 18:00 - Freitag 06-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/aNews
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn. https://www.darkreading.com/threat-intelligence/trojan-service-hits-euro-banks-crypto-exchangesFrequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
In this first of a two-part blog series, we discuss how Secret Blizzard has used the infrastructure of the Pakistan-based threat activity cluster we call Storm-0156 - which overlaps with the threat actor known as SideCopy, Transparent Tribe, and APT36 - to install backdoors and collect intelligence on targets of interest in South Asia. https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/Malicious Script Injection on WordPress Sites
Recently, our team discovered a JavaScript-based malware affecting WordPress sites, primarily targeting those using the Hello Elementor theme. This type of malware is commonly embedded within legitimate-looking website files to load scripts from an external source. The malware injects a malicious external script into the theme-s header.php file, leading to harmful consequences for site owners and visitors. https://blog.sucuri.net/2024/12/malicious-script-injection-on-wordpress-sites.htmlHackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 thats designed to drop the Visual Basic Script malware, Recorded Futures Insikt Group said in a new analysis. https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.htmlResearchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. https://thehackernews.com/2024/12/researchers-uncover-flaws-in-popular.htmlAnnouncing the launch of Vanir: Open-source Security Patch Validation
Today, we are announcing the availability of Vanir, a new open-source security patch validation tool. Introduced at Android Bootcamp in April, Vanir gives Android platform developers the power to quickly and efficiently scan their custom platform code for missing security patches and identify applicable available patches. http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.htmlTagesgeldkonten: Vorsicht vor betrügerischen Angeboten im Namen von CHECK24
In den letzten Tagen wurden vermehrt SMS versendet, in denen im Namen von CHECK24 mit verlockenden Tagesgeldkonten zu einem Zinssatz von bis zu 5,25% geworben wird. Möchte man das Angebot wahrnehmen, wird man auf eine täuschend echt aussehende Phishing-Seite weitergeleitet. Wird dort Geld eingezahlt, landet es auf den Konten von Kriminellen. https://www.watchlist-internet.at/news/tagesgeldkonten-betruegerischen-angebote-im-namen-von-check24/Windows 11 24H2 auf mehr Geräten verfügbar; TPM 2.0-Pflicht; Installation auf unsupported CPUs
Microsoft hat damit begonnen, dass im Oktober 2024 allgemein freigegebene Windows 11 24H2 (als Windows 11 2024 Update bezeichnet), auf mehr Geräte zu verteilen. Weiterhin hat Microsoft bekräftigt, dass TPM 2.0 für Windows 11 Pflicht ist. Andererseits gibt es Leute, die die Erfahrung machen, dass Windows 11 24H2 auf Hardware, die nicht kompatibel ist, ohne Tricks installiert werden kann. https://www.borncity.com/blog/2024/12/06/windows-11-24h2-auf-mehr-geraeten-verfuegbar-tpm-2-0-pflicht-installation-auf-unsupported-cpus/Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages
Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages. https://securitylabs.datadoghq.com/articles/introducing-supply-chain-firewall/New Malware Campaign Exposes Gaps in Manufacturing Cybersecurity Defenses
In a recent analysis by Cyble Research and Intelligence Labs (CRIL), a multi-stage cyberattack campaign has been identified, targeting the manufacturing industry. The attack, which heavily relies on process injection techniques, aims to deliver dangerous payloads, including Lumma Stealer and Amadey Bot. https://thecyberexpress.com/lumma-stealer-amadey-bot-target-manufacturing/Vulnerabilities
SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities
CVE: CVE-2024-38475, CVE-2024-40763, CVE-2024-45318, CVE-2024-45319, CVE-2024-53702, CVE-2024-53703 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018Security updates for Friday
Security updates have been issued by AlmaLinux (firefox, postgresql, postgresql:12, postgresql:13, postgresql:15, postgresql:16, python3:3.6.8, and thunderbird), Debian (clamav), Fedora (pam), Red Hat (firefox, postgresql:13, postgresql:15, python-tornado, redis:7, ruby, ruby:2.5, and ruby:3.1), SUSE (avahi, docker-stable, java-1_8_0-openjdk, libmozjs-128-0, obs-scm-bridge, php8, and teleport), and Ubuntu (ghostscript, needrestart, and shiro). https://lwn.net/Articles/1001164/Windows: 0patch für 0-day URL File NTLM Hash Disclosure-Schwachstelle
ACROS Security ist auf eine bisher nicht per Update geschlossene Schwachstelle in Windows gestoßen, die per URL die Offenlegung von NTLM Hash-Werten ermöglicht. ACROS Security hat einen opatch Micropatch veröffentlicht, um diese Schwachstelle zu beseitigen. Bis zum Bereitstellen eines Updates durch Microsoft ist der opatch-Micropatch kostenlos verfügbar. https://www.borncity.com/blog/2024/12/06/windows-0patch-fuer-0-day-url-file-ntlm-hash-disclosure-schwachstelle/Sicherheitsupdate: Backupsoftware Dell NetWorker kann Daten leaken
Dell hat wichtige Sicherheitspatches für seine Backup- und Recovery-Software NetWorker und das SDK BSAFE veröffentlicht. Noch sind aber nicht alle Updates da. https://heise.de/-10190285QNAP: Vulnerability in Qsync Central
https://www.qnap.com/en-us/security-advisory/QSA-24-48QNAP: Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2024)
https://www.qnap.com/en-us/security-advisory/QSA-24-49***QNAP: Vulnerability in License Center https://www.qnap.com/en-us/security-advisory/QSA-24-50