End-of-Day report
Timeframe: Donnerstag 01-08-2024 18:00 - Freitag 02-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Tech support scam ring leader gets 7 years in prison, $6M fine
The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million.
https://www.bleepingcomputer.com/news/legal/tech-support-scam-ring-leader-gets-7-years-in-prison-6m-fine/
A recent spate of Internet disruptions
Cloudflare Radar is constantly monitoring the Internet for widespread disruptions. Here we examine several recent noteworthy disruptions detected in the first month of Q3, including traffic anomalies observed in Bangladesh, Syria, Pakistan, and Venezuela
https://blog.cloudflare.com/a-recent-spate-of-internet-disruptions-july-2024
Leaked GitHub Python Token
Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).JFrog discussed what could ..
https://www.schneier.com/blog/archives/2024/08/leaked-github-python-token.html
Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal
Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which ..
https://thehackernews.com/2024/08/mirai-botnet-targeting-ofbiz-servers.html
New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication
Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism. The newly identified malware ..
https://thehackernews.com/2024/08/new-windows-backdoor-bitsloth-exploits.html
This Week in Security: Echospoofing, Ransomware Records, and Github Attestations
It-s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the ..
https://hackaday.com/2024/08/02/this-week-in-security-echospoofing-ransomware-records-and-github-attestations/
Russland bekommt zwei schwerkriminelle Hacker zurück
Niemand soll je so viele Menschen finanziell geschädigt haben wie Roman Selesnew. Wladislaw Kljuschin hingegen gilt als Putins Trader und Schrecken der Wall Street
https://www.derstandard.at/story/3000000230914/russland-bekommt-zwei-schwerkriminelle-hacker-zurueck
China dismisses Germany-s accusations over cyberattack as -targeted defamation-
Chinese officials on Thursday responded to accusations from Germany that it was behind an attack on the country-s state cartography agency, calling them -unfounded.-
https://therecord.media/china-germany-cyberattack-unfounded
White House officials meet with allies, industry on connected car risks
Leaders from the White House and State Department met with representatives from several major allied countries, the European Union and industry leaders Wednesday for what has been billed as the -first multinational meeting- to address the national security risks posed by connected cars.
https://therecord.media/white-house-officials-meet-with-nations-industry-connected-cars
From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements
What is this blog post about? This blog post is about why incident responder artifacts not only play a role on the defensive but also offensive side of cyber security. We are gonna look at some of the usually collected evidences and how they can be valuable to us as red team operators. We ..
https://blog.nviso.eu/2024/08/02/from-evidence-to-advantage-leveraging-incident-response-artifacts-for-red-team-engagements/
CISA Releases Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle
Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the release of its -Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain ..
https://www.cisa.gov/news-events/news/cisa-releases-software-acquisition-guide-government-enterprise-consumers-software-assurance-cyber
Panamorfi: A New Discord DDoS Campaign
Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed -Panamorfi-, utilizing the Java written minecraft DDoS package - mineping - the threat actor launches a DDoS. Thus far weve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat actor and how to protect your environments.
https://blog.aquasec.com/panamorfi-a-new-discord-ddos-campaign
Unbefugte Zugriffe auf IT-Managementlösung Aruba ClearPass möglich
Die Entwickler von HPE Aruba Networking haben in ClearPass Policy Manager unter anderem eine kritische Sicherheitslücke geschlossen.
https://heise.de/-9821717
Bericht: Cyberkriminelle nutzen Cloudflare-Tunnel zur Verbreitung von Malware
Bisher unbekannte Cyberkriminelle nutzen "TryCloudflare" zur unbehelligten Verbreitung von Malware. Das berichten Sicherheitsexperten.
https://heise.de/-9821797
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (chromium), SUSE (docker and patch), and Ubuntu (bind9, gross, linux-azure, linux-azure-4.15, linux-lowlatency-hwe-6.5, and tomcat8, tomcat9).
https://lwn.net/Articles/984370/
ZDI-24-1042: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1042/
ZDI-24-1041: Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1041/