Tageszusammenfassung - 16.09.2024

End-of-Day report

Timeframe: Freitag 13-09-2024 18:00 - Montag 16-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

1.3 million Android-based TV boxes backdoored; researchers still don-t know how

Infection corrals devices running AOSP-based firmware into a botnet.

https://arstechnica.com/?p=2049773


Malware locks browser in kiosk mode to steal Google credentials

A malware campaign uses the unusual method of locking users in their browsers kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/


Nach Cyberangriff: Hacker stellen Daten von Kawasaki ins Darknet

Kawasaki selbst behauptet, der Cyberangriff sei "nicht erfolgreich" gewesen. Dennoch sind im Darknet fast 500 GBytes an Unternehmensdaten aufgetaucht.

https://www.golem.de/news/nach-cyberangriff-hacker-stellen-daten-von-kawasaki-ins-darknet-2409-188993.html


Australia Threatens to Force Companies to Break Encryption

In 2018, Australia passed the Assistance and Access Act, which - among other things - gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance ..

https://www.schneier.com/blog/archives/2024/09/australia-threatens-to-force-companies-to-break-encryption.html


Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users credentials."Unlike other phishing webpage ..

https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html


Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints

Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance One cybercriminal of the most violent kind will spend his best years behind bars, as will 11 of his thug pals for a string of cryptocurrency robberies in the US.

https://www.theregister.com/2024/09/16/prison_just_got_rougher_as/


Germany-s CDU still struggling to restore data months after June cyberattack

Putting a spanner in work for plans of opposition party to launch a comeback during next years elections One of Germanys major political parties is still struggling to restore member data more than three months after a June cyberattack targeting its systems.

https://www.theregister.com/2024/09/16/nein_luck_for_germanys_cdu/


Acquiring Malicious Browser Extension Samples on a Shoestring Budget

A friend of mine sent me a link to an article on malicious browser extensions that worked around Google Chrome Manifest V3 and asked if I had or could acquire a sample. In the process of getting a sample, I thought, if I was someone who didn-t have the paid resources that an enterprise might have, how would ..

https://pberba.github.io/crypto/2024/09/14/malicious-browser-extension-genesis-market/


Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen

Seit kurzem sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke sind uns zurzeit nicht bekannt, Hinweise für eine hacktivistische Motivation liegen jedoch vor. In Anbetracht der aktuellen Geschehnisse empfehlen wir ..

https://www.cert.at/de/aktuelles/2024/9/ddos-angriffe-september-2024


German radio station forced to broadcast emergency tape following cyberattack

Radio Geretsried, a local station in Germany, has blamed -unknown attackers from Russia- after an apparent ransomware incident left it broadcasting music from emergency backups.

https://therecord.media/germany-cyberattack-radio-geretsried


Small Devices, Big Threats: The Dark Side of Removable Devices

Our new article highlights the security risks of removable devices like USB drives and SD cards, exploring real-world threats and offering key cybersecurity tips to protect sensitive data.

https://www.emsisoft.com/en/blog/45977/small-devices-big-threats-the-dark-side-of-removable-devices/

Vulnerabilities

Security updates for Monday

Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).

https://lwn.net/Articles/990455/


MISP 2.4.198 released with bug and security fixes.

Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as ..

https://github.com/MISP/MISP/releases/tag/v2.4.198


ZDI-24-1226: mySCADA myPRO Hard-Coded Credentials Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1226/


ZDI-24-1225: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1225/


ZDI-24-1224: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1224/