End-of-Day report
Timeframe: Freitag 20-12-2024 18:00 - Montag 23-12-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Middle East Cyberwar Rages On, With No End in Sight
Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.
https://www.darkreading.com/cyberattacks-data-breaches/middle-east-cyberwar-rages-no-end-sight
Cloud Atlas seen using a new tool in its attacks
We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims data with various PowerShell scripts.
https://securelist.com/cloud-atlas-attacks-with-new-backdoor-vbcloud/115103/
Modiloader From Obfuscated Batch File
My last investigation is a file called "Albertsons Payments.gz", received via email. The file looks like an archive but is identified as a picture by ..
https://isc.sans.edu/diary/Modiloader+From+Obfuscated+Batch+File/31540
Vulnerability & Patch Roundup - November 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help ..
https://blog.sucuri.net/2024/12/vulnerability-patch-roundup-november-2024.html
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm."It appears that the [Rockstar2FA] group running the service experienced at least a ..
https://thehackernews.com/2024/12/rockstar2fa-collapse-fuels-expansion-of.html
l+f: Sicherheitsforscher bestellt bei McDonalds für 1 Cent
Der McDonalds-Lieferservice in Indien war kaputt und Bestellungen waren umfangreich manipulierbar.
https://www.heise.de/news/l-f-Sicherheitsforscher-bestellt-bei-McDonald-s-fuer-1-Cent-10219043.html
Webbrowser: Chrome und Edge sollen mittels KI vor Spam-Seiten warnen
Um Nutzer vor betrügerischen Websites zu warnen, haben Chrome und Edge neuerdings einen KI-Schutz an Bord. Noch ist das Feature aber nicht standardmäßig aktiv.
https://www.heise.de/news/Webbrowser-Chrome-und-Edge-sollen-mittels-KI-vor-Spam-Seiten-warnen-10219171.html
Heels on fire. Hacking smart ski socks
TL;DR A silly-season BLE connectivity story Overheat people-s smart ski socks .. but only when in Bluetooth range AND when the owner-s phone is out of range of their feet! Having [-]The post Heels on fire. Hacking smart ski socks first appeared on Pen Test Partners.
https://www.pentestpartners.com/security-blog/heels-on-fire-hacking-smart-ski-socks/
Fast zwei Drittel aller gestohlenen Kryptogelder wanderten 2024 nach Nordkorea
Eine aktuelle Analyse zeigt, dass der Gesamtwert gestohlener Kryptowährungen heuer bisher um 21 Prozent auf 2,2 Milliarden Dollar gestiegen ist
https://www.derstandard.at/story/3000000250591/fast-zwei-drittel-aller-gestohlenen-kryptogelder-wanderten-2024-nach-nordkorea
NSO-Group für WhatsApp-Angriff mit Pegasus-Spyware schuldig gesprochen
Im Jahr 2019 wurden WhatsApp-Nutzer Opfer eines Angriffs durch Spyware, die über eine Schwachstelle auf Android und iOS-Geräte installiert werden konnte. WhatsApp verklagte die NSO Group, die den ..
https://www.borncity.com/blog/2024/12/22/nso-group-fuer-angriff-mit-pegasus-spyware-schuldig-gesprochen/
Jingle Shells: How Virtual Offices Enable a Facade of Legitimacy
Virtual offices have revolutionized the way businesses operate. They provide cost-effective flexibility by eliminating the ..
https://www.team-cymru.com/post/how-virtual-offices-enable-a-facade-of-legitimacy
A Primer on JA4+: Empowering Threat Analysts with Better Traffic Analysis
What is JA4+ and Why Does It Matter? Introduction Threat analysts and researchers are continually seeking tools and methodologies to gain ..
https://www.team-cymru.com/post/a-primer-on-ja4-empowering-threat-analysts-with-better-traffic-analysis
Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.
https://hackread.com/supply-chain-attack-rspack-vant-npm-monero-miner/
Checking It Twice: Profiling Benign Internet Scanners - 2024 Edition
A comprehensive analysis of benign internet scanning activity from November 2024, examining how quickly and thoroughly various legitimate scanning services (like Shodan, Censys, and others) discover and probe new internet-facing assets. The study deployed 24 new sensors across 8 geographies and 5 autonomous systems, revealing that most scanners ..
https://www.greynoise.io/blog/checking-it-twice-profiling-benign-internet-scanners2024-edition
Kritische Sicherheitslücken bedrohen Sophos-Firewalls
Es sind wichtige Sicherheitsupdates für Firewalls von Sophos erschienen. Mit den Standardeinstellungen installieren sie sich automatisch.
https://heise.de/-10218914
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (gst-plugins-base1.0, libxstream-java, php-laravel-framework, python-urllib3, and sqlparse), Fedora (chromium, libcomps, libdnf, mingw-directxmath, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-orc, ofono, prometheus-podman-exporter, ..
https://lwn.net/Articles/1003287/
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008
Date Reported: December 22, 2024 Advisory ID: WSA-2024-0008 CVE identifiers: CVE-2024-54479, CVE-2024-54502, CVE-2024-54505, CVE-2024-54508, CVE-2024-54534 Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2024-54479 Versions affected: WebKitGTK and WPE WebKit before 2.46.5. Credit to Seunghyun Lee. Impact: Processing maliciously ..
https://webkitgtk.org/security/WSA-2024-0008.html
TR-91 - Vulnerability identified as CVE-2024-0012, affecting Palo Alto Networks PAN-OS software
https://www.circl.lu/pub/tr-91