Tageszusammenfassung - 17.07.2024

End-of-Day report

Timeframe: Dienstag 16-07-2024 18:00 - Mittwoch 17-07-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its ..

https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html

Ransomware continues to pile on costs for critical infrastructure victims

Millions more spent without any improvement in recovery times Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year.

https://www.theregister.com/2024/07/17/ransomware_continues_to_pile_on/

Anlagebetrug: Vorsicht vor E-Mails mit Entschädigungsversprechen

Sie haben in der Vergangenheit durch Anlagebetrug Geld verloren? Vorsicht: Sie sind noch immer im Visier von Kriminellen. Diese kontaktieren nämlich ehemalige Opfer mit der Behauptung, dass Ihr Geld gefunden wurde. Ignorieren Sie solche Angebote und gehen Sie nicht darauf ein, sonst verlieren Sie erneut Geld!

https://www.watchlist-internet.at/news/anlagebetrug-vorsicht-vor-e-mails-mit-entschaedigungsversprechen/

-GhostEmperor- returns: Mysterious Chinese hacking group spotted for first time in two years

An elusive and highly covert Chinese hacking group tracked as GhostEmperor - notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia - has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection.

https://therecord.media/ghostemperor-spotted-first-time-in-two-years

Reverse-Proxy-Phishing-Angriffe trotz Phishing-Schutz

Weltweit lässt sich eine Zunahme von Phishing und Reverse-Proxy-Phishing-Angriffen konstatieren. Anbieter von Sicherheitslösungen haben damit begonnen, fortschrittlichere Erkennungsmethoden zu implementieren. Aber reicht das aus, um entschlossene und ausgebuffte Angreifer abzuwehren? Kuba Gretzky hat sich auf der ..

https://www.borncity.com/blog/2024/07/17/reverse-proxy-phishing-angriffe-anti-phishing-schutz/

Private HTS Program Continuously Used in Attacks

AhnLab SEcurity intelligence Center (ASEC) has previously covered a case where Quasar RAT was distributed through private home trading systems (HTS) in the blog post -Quasar RAT Being Distributed by Private HTS Program-. The same threat actor has been continuously distributing malware, and attack cases have been confirmed even recently. Similar to the previous ..

https://asec.ahnlab.com/en/67969/

Root-Sicherheitslücke bedroht KI-Gadget Rabbit R1

Angreifer können das KI-Gadget Rabbit R1 über den Android-Exploit Kamakiri komplett kompromittieren. Bislang gibt es keinen Sicherheitspatch.

https://heise.de/-9803666

Vulnerabilities

DSA-5731-1 linux - security update

https://lists.debian.org/debian-security-announce/2024/msg00142.html

Oracle Critical Patch Update Advisory - July 2024

https://www.oracle.com/security-alerts/cpujul2024.html

Security Vulnerabilities fixed in Thunderbird 115.13

https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/

Security Vulnerabilities fixed in Thunderbird 128

https://www.mozilla.org/en-US/security/advisories/mfsa2024-32/