Tageszusammenfassung - 10.09.2024

End-of-Day report

Timeframe: Montag 09-09-2024 18:00 - Dienstag 10-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Quad7 botnet targets more SOHO and VPN routers, media servers

The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers.

https://www.bleepingcomputer.com/news/security/quad7-botnet-targets-more-soho-and-vpn-routers-media-servers/


NoName ransomware gang deploying RansomHub malware in recent attacks

The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate.

https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/


Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions

The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-spiderlabs-research-20-of-ransomware-attacks-in-financial-services-target-banking-institutions/


Russias top-secret military unit reportedly plots undersea cable sabotage

US alarmed by heightened Kremlin naval activity worldwide Russias naval activity near undersea cables is reportedly drawing the scrutiny of US officials, further sparking concerns that the Kremlin may be plotting to "sabotage" underwater infrastructure via a secretive, dedicated military unit called the General Staff Main Directorate for Deep Sea Research (GUGI).

https://www.theregister.com/2024/09/09/russia_readies_submarine_cable_sabotage/


Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics

Introduction Following the 2024 ThreatLabz Phishing Report, Zscaler ThreatLabz has been closely tracking domains associated with typosquatting and brand impersonation - common techniques used by threat actors to proliferate phishing campaigns. Typosquatting involves registering domains with misspelled versions of popular websites or ..

https://www.zscaler.com/blogs/security-research/phishing-typosquatting-and-brand-impersonation-trends-and-tactics


Slim CD Data Breach Impacts 1.7 Million Individuals

Slim CD says the personal and credit card information of 1.7 million was compromised in a ten-month-long data breach.

https://www.securityweek.com/slim-cd-data-breach-impacts-1-7-million-individuals/


Study Finds Excessive Use of Remote Access Tools in OT Environments

The excessive use of remote access tools in OT environments can increase the attack surface, complicate identity management, and hinder visibility.

https://www.securityweek.com/study-finds-excessive-use-of-remote-access-tools-in-ot-environments/


Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Introduction This guide covers the security of smart home security products from Ring, Yale, Swann, and SimpliSafe. Whether you-re looking to monitor your property remotely, enhance your home-s security, or ..

https://www.pentestpartners.com/security-blog/smart-home-security-advice-ring-simplisafe-swann-and-yale/


Firmen überschätzen eigene Abwehrbereitschaft gegen Hacker

Laut einer aktuellen Studie zahlten 86 Prozent der befragten Firmen im vergangenen Jahr "Lösegeld", nachdem ihre Systeme infiziert wurden

https://www.derstandard.at/story/3000000235958/firmen-ueberschaetzen-eigene-abwehrbereitschaft-gegen-hacker


Threat Assessment: North Korean Threat Groups

Explore Unit 42s review of North Korean APT groups and their impact, detailing the top 10 malware and tools weve seen from these threat actors.

https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/


Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

Repellent Scorpius distributes Cicada3301 ransomware, using double extortion and targeting global victims since May 2024. We break down their toolset and more.

https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/


August 2024-s Most Wanted Malware: RansomHub Reigns Supreme While Meow Ransomware Surges

Check Point-s latest threat index reveals RansomHub-s continued dominance and Meow ransomware-s rise with novel tactics and significant impact. Check Point-s Global Threat Index for August 2024 revealed ransomware remains a dominant force, with RansomHub sustaining its position as the top ransomware group. This Ransomware-as-a-Service (RaaS) ..

https://blog.checkpoint.com/research/august-2024s-most-wanted-malware-ransomhub-reigns-supreme-while-meow-ransomware-surges/


CISA says SonicWall bug being exploited as experts warn of ransomware gang use

Federal cybersecurity experts are warning that a vulnerability affecting products from SonicWall is being exploited, and ordered all federal civilian agencies to implement a patch for the bug by the end of the month.

https://therecord.media/cisa-orders-patching-of-sonicwall-bug-ransomware


CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released two election security checklists as part of the comprehensive suite of resources available for election officials, the Physical Security Checklist for Election Offices and Election Infrastructure Cybersecurity Readiness and Resilience Checklist. These checklists are tools to quickly review existing practices and take steps to enhance physical and cyber resilience in preparation for election day.

https://www.cisa.gov/news-events/news/cisa-releases-election-security-focused-checklists-both-cybersecurity-and-physical-security


Do We Need Yet Another Vulnerability Scoring System? If it-s SSVC that-s a resounding YASS

Want to know about Yet Another Vulnerability Scoring System (YASS)? Ben Edwards breaks down Stakeholder Specific Vulnerability Categorization and how to make it work.

https://www.bitsight.com/blog/do-we-need-yet-another-vulnerability-scoring-system-if-its-ssvc-thats-resounding-yass


Wegen US-Verbannung: Kaspersky-Kunden erhalten UltraAV von Pango

Nach dem Bann in den USA stellt das Unternehmen Kunden nun auf UltraAV um, bestätigt Kaspersky gegenüber heise online.

https://heise.de/-9862992


Vulnerabilities

Citrix Releases Security Updates for Citrix Workspace App for Windows

https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows


September 2024 Security Update

https://www.ivanti.com/blog/september-2024-security-update