End-of-Day report
Timeframe: Donnerstag 13-06-2024 18:00 - Freitag 14-06-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
2023 Hacked Website & Malware Threat Report
This year, we-ve included new insights to highlight the most prevalent tactics and techniques observed in compromised web environments and remote scanners.
https://blog.sucuri.net/2024/06/2023-hacked-website-malware-threat-report.html
How to Write Good Incident Response Reports
Creating an informative and readable report is among the many challenges of responding to cybersecurity incidents. A good report not only answers its readers questions but also instills confidence in the response and enables the organization to learn from the incident. This blog highlights my advice on writing such incident reports.
https://zeltser.com/good-incident-reports/
Edge Devices: The New Frontier for Mass Exploitation Attacks
The increase in mass exploitation involving edge services and devices is likely to worsen.
https://www.securityweek.com/edge-devices-the-new-frontier-for-mass-exploitation-attacks/
Microsoft president tells lawmakers red lines needed for nation-state attacks
Microsoft president Brad Smith testified before a congressional committee on Thursday, at times accepting responsibility for the company-s recent cybersecurity mistakes while simultaneously deflecting criticism of the tech giant-s practices. He also called on the government to create "consequences" for nation-state hackers who compromise U.S. systems.
https://therecord.media/microsoft-president-brad-smith-lawmakers-cyber
Windows 11 "Copilot+PC" kommt (vorerst) ohne Recall
Was für ein PR-Desaster für Microsoft - nächste Woche sollen Geräte mit dem Konzept "Copilot+PC" auf den Markt kommen. Aber die wichtigste Funktion "Windows Recall", die Microsoft noch vor kurzen als den "Stein der KI-Weisen" in den Himmel gelobt hat, wird fehlen. Es gibt den recall von Recall, was als Meme inzwischen durch das Netz geistert. [..] Denn Sicherheit habe bei Microsoft "oberste Priorität" und dieser Rückruf sei im Sinne der Secure Future Initiative (SFI).
https://www.borncity.com/blog/2024/06/14/windows-11-copilotpc-kommt-vorerst-ohne-recall/
Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
UNC3944 Targets SaaS Applications
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider," and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse.
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications/
Vulnerabilities
Nextcloud Security Advisories 2024-06-14
2x High, 5x Moderate, 5x Low
https://github.com/nextcloud/security-advisories/security/1
Security updates for Friday
Security updates have been issued by CentOS (389-ds-base, bind, bind-dyndb-ldap, and dhcp, firefox, glibc, ipa, less, libreoffice, and thunderbird), Debian (cups), Fedora (chromium and cyrus-imapd), Mageia (golang and poppler), Oracle (bind, bind-dyndb-ldap, and dhcp, gvisor-tap-vsock, python-idna, and ruby), Red Hat (dnsmasq and expat), SUSE (libaom, php8, podman, python-pymongo, python-scikit-learn, and tiff), and Ubuntu (h2database and vte2.91).
https://lwn.net/Articles/978418/
Security Vulnerabilities fixed in Firefox ESR 115.12
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/