End-of-Day report
Timeframe: Dienstag 06-08-2024 18:00 - Mittwoch 07-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Schweiz: Kuh stirbt nach Cyberangriff auf Melkroboter
Die Angreifer forderten ein Lösegeld. Da der Landwirt nicht zahlen wollte, ist ihm der Zugang zu wichtigen Informationen über seine Kühe verwehrt geblieben.
https://www.golem.de/news/schweiz-kuh-stirbt-nach-cyberangriff-auf-melkroboter-2408-187792.html
New Linux Kernel Exploit Technique SLUBStick Discovered by Researchers
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive."Initially, it exploits ..
https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victims web browser and steal sensitive information from their account under specific ..
https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html
CrowdStrike hires outside security outfits to review troubled Falcon code
And reveals the small mistake that bricked 8.5M Windows boxes CrowdStrike has hired two outside security firms to review its threat-detection suite Falcon that sparked a global IT outage last month - though it may not have an awful lot ..
https://www.theregister.com/2024/08/07/crowdstrike_full_incident_root_cause_analysis/
Police take just 2 days to recover $40M stolen in business email scam
Timor-Leste is a known cybercrime hotspot Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week.
https://www.theregister.com/2024/08/07/police_take_just_two_days/
Small CSS tweaks can help nasty emails slip through Outlooks anti-phishing net
A simple HTML change and the warning is gone! Researchers say cybercriminals can have fun bypassing one of Microsofts anti-phishing measures in Outlook with some simple CSS tweaks.
https://www.theregister.com/2024/08/07/small_css_tweaks_can_help/
BloodHound Operator - Dog Whispering Reloaded
Back in the BloodHound -Legacy- days, I wrote some PowerShell tooling to make my life easy and automate various tasks around BloodHound. When the new BloodHound came out, most of these tools ..
https://posts.specterops.io/bloodhound-operator-dog-whispering-reloaded-156020b7c5e9
CISA Releases Secure by Demand Guidance
Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start.An organization-s acquisition staff often has a general ..
https://www.cisa.gov/news-events/alerts/2024/08/06/cisa-releases-secure-demand-guidance
Achtung: Microsofts UEFI Zertifikat läuft am 19. Okt. 2026 aus - Secure Boot betroffen
[English]Ich stelle mal ein Thema hier im Blog ein, was noch "ein paar Tage Zeit hat", aber arg unangenehme Folgen haben könnte. Im Herbst 2026 läuft ein Zertifikat in Windows aus, welches im UEFI dafür sorgt, dass der ..
https://www.borncity.com/blog/2024/08/07/achtung-microsofts-uefi-zertifikat-luft-am-19-okt-2026-aus-secure-boot-betroffen/
Looking back at the ballot - securing the general election
NCSC CEO Felicity Oswald shares reflections on keeping the 2024 General Election safe.
https://www.ncsc.gov.uk/blog-post/looking-back-at-the-ballot-securing-the-general-election
The Risks of Parked Domains
Many organizations view parked domains as dormant, low-risk, and not worth the investment in robust security measures. This is a misconception. Heres why.
https://www.bitsight.com/blog/risks-parked-domains
Vulnerabilities
DSA-5739-1 wpa - security update
Rory McNamara reported a local privilege escalation in wpasupplicant: A user able to escalate to the netdev group can load arbitrary shared object files in the context of the wpa_supplicant process running as root.
https://lists.debian.org/debian-security-announce/2024/msg00151.html