End-of-Day report
Timeframe: Donnerstag 22-08-2024 18:00 - Freitag 23-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser.
https://www.bleepingcomputer.com/news/security/qilin-ransomware-now-steals-credentials-from-chrome-browsers/
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-bug-in-litespeed-cache-plugin/
Warnung vor Ebola-Infektion: Uni löst mit Phishing-Test unnötige Panik aus
Studenten und Mitarbeiter der UCSC haben per E-Mail eine falsche Warnung vor einer Ebola-Infektion auf dem Campus erhalten. Der CISO der Uni entschuldigt sich.
https://www.golem.de/news/warnung-vor-ebola-infektion-phishing-test-an-einer-uni-loest-unnoetige-panik-aus-2408-188318.html
Mäh- und Saugroboter: Ecovacs will Spionagelücken nun doch angehen
Mehrere Mäh- und Saugroboter von Ecovacs lassen sich von Angreifern übernehmen. Erst wollte der Hersteller gar nicht patchen, doch nun kommt die Kehrtwende.
https://www.golem.de/news/hersteller-lenkt-ein-ecovacs-arbeitet-nun-doch-an-patches-gegen-spionageangriffe-2408-188329.html
WordPress Websites Used to Distribute ClearFake Trojan Malware
Unfortunately, scams are all over the place, and anybody who has surfed the web should know this. We-ve all gotten phishing emails, or redirected to questionable websites at some point or another. Being on your guard is an important posture to take online, and part of that is knowing how to identify threats, scams, or places you shouldn-t visit ..
https://blog.sucuri.net/2024/08/wordpress-websites-used-to-distribute-clearfake-trojan-malware.html
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Details have emerged about a China-nexus threat groups exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection.The activity, attributed to Velvet Ant, was ..
https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html
Halliburton probes an issue disrupting business ops
What could the problem be? Reportedly, a cyberattack American oil giant Halliburton is investigating an "issue," reportedly a cyberattack, that has disrupted some business operations and global networks.
https://www.theregister.com/2024/08/22/halliburton_investigates_incident_amid_cyberattack/
Bling Libra-s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware
We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials.
https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
CrowdStrike Outage Timeline and Analysis
Bitsights analysis of the CrowdStrike outage and timeline mysteries.
https://www.bitsight.com/blog/crowdstrike-outage-timeline-and-analysis
A Global Treaty to Fight Cybercrime-Without Combating Mercenary Spyware: Article by Kate Robertson in Lawfare
In an article for Lawfare, the Citizen Labs senior research associate Kate Robertson analyzes how, in its current form, the draft treaty is poised "to become a vehicle for complicity in the global mercenary spy trade."
https://citizenlab.ca/2024/08/a-global-treaty-to-fight-cybercrime-without-combating-mercenary-spyware/
Vulnerabilities
SonicOS Improper Access Control Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015