End-of-Day report
Timeframe: Montag 19-08-2024 18:00 - Dienstag 20-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems.
https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/
Solaranlagen und die Cloud: Entwickler befürchtet Kollaps europäischer Stromnetze
Moderne Solaranlagen sind häufig mit Clouddiensten der Hersteller verbunden. Ein Entwickler sieht darin eine große Gefahr für unsere Energieversorgung.
https://www.golem.de/news/solaranlagen-und-die-cloud-entwickler-befuerchtet-kollaps-europaeischer-stromnetze-2408-188177.html
Approach to mainframe penetration testing on z/OS
We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.
https://securelist.com/zos-mainframe-pentesting/113427/
Hacking Wireless Bicycle Shifters
This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually ..
https://www.schneier.com/blog/archives/2024/08/hacking-wireless-bicycle-shifters.html
Ransomware Victims Paid $460 Million in First Half of 2024
Ransomware payments in H1 2024 totaled nearly $460 million and $1.58 billion have been stolen in cryptocurrency heists.
https://www.securityweek.com/ransomware-victims-paid-460-million-in-first-half-of-2024/
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover
A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion.
https://www.securityweek.com/critical-flaw-in-donation-plugin-exposed-100000-wordpress-sites-to-takeover/
Navigating the Uncharted: A Framework for Attack Path Discovery
This is the second post in a series on Identity-Driven Offensive Tradecraft, which is also the focus of the new course we will launch in October. In the previous post, I asked, -How does one discover and abuse new attack paths?- To start answering ..
https://posts.specterops.io/navigating-the-uncharted-a-framework-for-attack-path-discovery-c5a0a020a144
Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks.
https://www.rapid7.com/blog/post/2024/08/20/selling-ransomware-breaches-4-trends-spotted-on-the-ramp-forum/
Challenges in Automating and Scaling Remote Vulnerability Detection
We cover investments that Bitsight is making to greatly scale out our vulnerability coverage in record time through automation.
https://www.bitsight.com/blog/challenges-automating-and-scaling-remote-vulnerability-detection
Österreichs Innenminister will Messenger ausspionieren
Österreichs Geheimdienste sollen mehr Befugnisse erhalten, Malware einschleusen und WLAN-Catcher nutzen dürfen. Das beantragt die Regierungspartei ÖVP.-
https://heise.de/-9840256
Softwareentwicklung: Schadcode-Attacken auf Jenkins-Server beobachtet
Derzeit nutzen Angreifer eine kritische Lücke im Software-System Jenkins aus. Davon sind auch Instanzen in Deutschland bedroht.
https://heise.de/-9840463
Vulnerabilities
SolarWinds Product Security Update Advisory (CVE-2024-28986)
https://asec.ahnlab.com/en/82529/
Intel Family Security Update Advisory
https://asec.ahnlab.com/en/82531/