Tageszusammenfassung - 06.08.2024

End-of-Day report

Timeframe: Montag 05-08-2024 18:00 - Dienstag 06-08-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Mac and Windows users infected by software updates delivered over hacked ISP

DNS poisoning attack worked even when targets used DNS from Google and Cloudflare.

https://arstechnica.com/?p=2041175

Microsoft Bounty Program Year in Review: $16.6M in Rewards

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.

https://msrc.microsoft.com/blog/2024/08/microsoft-bounty-program-year-in-review-16.6m-in-rewards/

A Survey of Scans for GeoServer Vulnerabilities

A little bit over a year ago, I wrote about scans for GeoServer. GeoServer is a platform to process geographic data. It makes it easy to share geospatial data in various common standard formats. Recently, new vulnerabilities were discovered in GeoServer, prompting me to look again at what our honeypots pick up.

https://isc.sans.edu/diary/A+Survey+of+Scans+for+GeoServer+Vulnerabilities/31148

MDM vendor Mobile Guardian attacked, leading to remote wiping of 13,000 devices

Singapore Ministry of Education orders software removed after string of snafus UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by its tools, which are currently unavailable. In Singapore, the incident resulted in ..

https://www.theregister.com/2024/08/06/mobile_guardian_mdm_attack/

Bad apps bypass Windows security alerts for six years using newly unveiled trick

Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows security ..

https://www.theregister.com/2024/08/06/bad_apps_bypass_windows_security/

Olympia: Cyberkriminelle fordern nach Attacke auf Museen in Frankreich Lösegeld

Mehr als 40 Institutionen sind betroffen, darunter der Olympia-Austragungsort Grand Palais. Kriminelle haben das System für die Zentralisierung von Finanzdaten angegriffen

https://www.derstandard.at/story/3000000231309/olympia-cyber-attacke-auf-museen-in-frankreich-l246segeld-gefordert

IoT firmware emulation and device fingerprinting challenges

Gathering information on a device could be tricky if you don-t have direct access to exposed services like SNMP, HTTP, FTP, or any other ports or protocols which could provide relevant information on the asset like the ..

https://medium.com/tenable-techblog/iot-firmware-emulation-and-device-fingerprinting-challenges-09e26b9b7fae

Rapid7-s Ransomware Radar Report Shows Threat Actors are Evolving -Fast.

The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they-ve been operating in the first half of 2024.

https://www.rapid7.com/blog/post/2024/08/06/rapid7s-ransomware-radar-report-shows-threat-actors-are-evolving-fast/

LKA Niedersachsen warnt vor Phishing mit QR-Codes per Briefpost

Per Briefpost suchen Betrüger Opfer, die einen QR-Code scannen und auf den dadurch geöffneten Phishing-Link hereinfallen, warnt das LKA Niedersachsen.

https://heise.de/-9825879

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Debian (libreoffice), Gentoo (containerd and firefox), Red Hat (httpd), SUSE (ca-certificates-mozilla, ksh, openssl-3-livepatches, podman, python-Twisted, and skopeo), and Ubuntu (imagemagick).

https://lwn.net/Articles/984598/