End-of-Day report
Timeframe: Dienstag 30-07-2024 18:00 - Mittwoch 31-07-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Black Basta ransomware switches to more evasive custom malware
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network.
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-switches-to-more-evasive-custom-malware/
Fraud ring pushes 600+ fake web shops via Facebook ads
A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors personal and financial information.
https://www.bleepingcomputer.com/news/security/fraud-ring-pushes-600-plus-fake-web-shops-via-facebook-ads/
Kampf gegen Cyberkriminalität: Spamhaus Project wirft Cloudflare Untätigkeit vor
Laut Spamhaus macht sich Cloudflare "das Leben leicht", indem es Beschwerden über böswillige Aktivitäten weiterreicht, statt selber Maßnahmen einzuleiten.
https://www.golem.de/news/kampf-gegen-cyberkriminalitaet-spamhaus-project-wirft-cloudflare-untaetigkeit-vor-2407-187612.html
Apple Patches Everything. July 2024 Edition
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings ..
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+July+2024+Edition/31128/
SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor
Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sys01-infostealer-and-rilide-malware-likely-developed-by-the-same-threat-actor/
Five months after takedown, LockBit is a shadow of its former self
An unprecedented period for an unparalleled force in cybercrime Feature For roughly two years, LockBits ransomware operation was by far the most prolific of its kind, until the fateful events of February. After claiming thousands of victims, extorting hundreds of millions of dollars, and building a robust army of sophisticated cybercriminals, the lifes ..
https://www.theregister.com/2024/07/31/five_months_after_lockbit/
ThreatLabz Ransomware Report: Unveiling a $75M Ransom Payout Amid Rising Attacks
Ransomware has been a daunting threat to organizations worldwide for decades. Recent trends show that ransomware attacks continue to grow more advanced and persistent. It-s become increasingly clear that no one is spared as cybercriminals carry out attacks that even target the children of corporate executives to force ransom payments. Despite the ..
https://www.zscaler.com/blogs/security-research/threatlabz-ransomware-report-unveiling-75m-ransom-payout-amid-rising
Don-t Let Your Domain Name Become a -Sitting Duck-
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds.
https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/
Deutschland bestellt chinesischen Botschafter wegen Cyberangriff ein
Die Attacke ereignete sich im Jahr 2021 und kann laut Nachrichtendiensten chinesischen staatlichen Akteuren zugeordnet werden
https://www.derstandard.at/story/3000000230669/deutschland-bestellt-chinesischen-botschafter-wegen-cyberangriff-ein
DigiCert Certificate Revocations
DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure ..
https://www.cisa.gov/news-events/alerts/2024/07/30/digicert-certificate-revocations
Cyber-Angriff und Bug Ursache des Microsoft Cloud-Ausfalls vom 30.7.2024
Am 30. Juli 2024 kam es weltweit zu einem partiellen Ausfall der Microsoft Cloud-Dienste (Azure, Microsoft 365 etc.). Ich hatte berichtet - aber nicht alle Nutzer waren betroffen. Nun hat Microsoft einen Post Incident-Report vorgelegt ..
https://www.borncity.com/blog/2024/07/31/cyber-angriff-und-bug-ursache-des-microsoft-cloud-ausfalls-vom-30-7-2024/
Moderne Sklaverei: Mann monatelang festgehalten und zu Online-Betrug gezwungen
Ein IT-Spezialist wurde monatelang unter Folter dazu gezwungen, sich als eine reiche Frau aus Singapur auszugeben. Das berichtet das Wall Street Journal.
https://heise.de/-9818990
Statt "schalke04" und "1234": Passkeys werden immer beliebter
Die passwortlose Authentifizierung etabliert sich, wie aktuelle Zahlen nahelegen. Insbesondere Kunden bei Amazon, eBay und Co. setzen Passkeys inzwischen ein.
https://heise.de/-9819866
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Fedora (xdg-desktop-portal-hyprland), Red Hat (freeradius, freeradius:3.0, git-lfs, httpd, kernel, openssh, and varnish:6), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, ..
https://lwn.net/Articles/984080/