Tageszusammenfassung - 18.09.2024

End-of-Day report

Timeframe: Dienstag 17-09-2024 18:00 - Mittwoch 18-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Construction firms breached in brute force attacks on accounting software

Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks.

https://www.bleepingcomputer.com/news/security/construction-firms-breached-in-brute-force-attacks-on-accounting-software/


Temu denies breach after hacker claims theft of 87 million data records

Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information.

https://www.bleepingcomputer.com/news/security/temu-denies-breach-after-hacker-claims-theft-of-87-million-data-records/


Sandbox scores are not an antivirus replacement

Automatic sandbox services should not be treated like "antivirus scanners" to determine maliciousness for samples. That-s not their intended use, and they perform poorly in that role. Unfortunately, providing an "overall score" or "verdict" is misleading.

https://www.gdatasoftware.com/blog/2024/09/38031-sandbox-scores-are-not-an-antivirus-replacement


Vanir Locker: Deutsche Polizei übernimmt Tor-Seite einer Hackergruppe

Wer die Datenleckseite der Ransomwaregruppe Vanir Locker aufruft, findet dort nun eine Meldung des LKA vor. Die Seite wurde beschlagnahmt.

https://www.golem.de/news/lka-baden-wuerttemberg-polizei-uebernimmt-leak-seite-einer-ransomwaregruppe-2409-189084.html


Python Infostealer Patching Windows Exodus App, (Wed, Sep 18th)

A few months ago, I wrote a diary about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may handle sensitive information. Cryptocurrency wallets are another category of applications ..

https://isc.sans.edu/forums/diary/Python+Infostealer+Patching+Windows+Exodus+App/31276/


VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation

Bug reports made in China Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.

https://www.theregister.com/2024/09/17/vmware_vcenter_patch/


Australian Police conducted supply chain attack on criminal collaborationware

Sting led to cuffing of alleged operator behind Ghost - an app for drug trafficking, money laundering, and violence-as-a-service Australias Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly "a dedicated encrypted communication platform - built solely for the criminal underworld" and ..

https://www.theregister.com/2024/09/18/afp_operation_kraken_ghost_crimeware_app/


Did a Chinese University Hacking Competition Target a Real Victim?

Participants in a hacking competition with ties to China-s military were, unusually, required to keep their activities secret, but security researchers say the mystery only gets stranger from there.

https://www.wired.com/story/china-hacking-competition-real-victim/


Scam -Funeral Streaming- Groups Thrive on Facebook

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any ..

https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/


Russian Security Firm Doctor Web Hacked

Antimalware company Doctor Web was recently targeted in a cyberattack that prompted it to disconnect all resources from its networks.

https://www.securityweek.com/russian-security-firm-doctor-web-discloses-targeted-hacker-attack/


North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs

A North Korean group tracked as UNC2970 has been spotted trying to deliver new malware to people in the aerospace and energy industries.

https://www.securityweek.com/north-korean-hackers-lure-critical-infrastructure-employees-with-fake-jobs/


Cyber threats to shipping explained

TL;DR Modern vessels are becoming increasingly connected. While it is unlikely that hackers could fully control a container ship remotely, they may be able to disrupt systems such as the [-]The post Cyber threats to shipping explained first appeared on Pen Test Partners.

https://www.pentestpartners.com/security-blog/cyber-threats-to-shipping-explained/


Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these ..

https://www.trendmicro.com/en_us/research/24/i/vulnerabilities-in-cellular-packet-cores-part-iv-authentication.html


RAMBO Attack: Electromagnetic Waves Steal Data from Air-Gapped Systems

Air-gapped systems, once considered immune to attacks, are now vulnerable. Learn about a groundbreaking new method that ..

https://hackread.com/rambo-attack-electromagnetic-waves-data-air-gapped-systems/


CISA KEV performance in the Financial Sector

I-ve had a number of requests to examine the finance sector in more detail including breakdowns of exactly what kind of financial organizations are experiencing greater risk and who is remediating more quickly. Heres some answers.

https://www.bitsight.com/blog/cisa-kev-performance-financial-sector

Vulnerabilities

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities.

https://jvn.jp/en/jp/JVN19766555/


Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following ..

https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products