Tageszusammenfassung - 20.09.2024

End-of-Day report

Timeframe: Donnerstag 19-09-2024 18:00 - Freitag 20-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Ever wonder how crooks get the credentials to unlock stolen phones?

iServer provided a simple service for phishing credentials to unlock phones.

https://arstechnica.com/?p=2051165


CISA warns of actively exploited Apache HugeGraph-Server bug

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-apache-hugegraph-server-bug/


macOS Sequoia change breaks networking for VPN, antivirus software

Users of macOS 15 Sequoia are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers.

https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/


1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage

An anonymous reader quotes a report from The Register: Germanys Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrikes outage in July are dropping their current vendors products. Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to ..

https://it.slashdot.org/story/24/09/19/1721236/1-in-10-orgs-dumping-their-security-vendors-after-crowdstrike-outage


SAP Hash Cracking Techniques

Hashing is a one-way encryption technique employed to ensure data integrity, authenticate information, and secure passwords alongside other sensitive data. Hash functions convert input data into a fixed-size string of characters that are both uniform and deterministic, making them an excellent choice for maintaining data security.

https://redrays.io/blog/sap-hash-cracking-techniques/


This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While its unlikely that many programmers fell for this ..

https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/


Ivanti Warns of Second CSA Vulnerability Exploited in Attacks

In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.

https://www.securityweek.com/ivanti-warns-of-second-csa-vulnerability-exploited-in-attacks/


Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China

GreyNoise has observed millions of spoofed IPs flooding internet providers with web traffic primarily focusing on TCP connections.

https://www.securityweek.com/noise-storms-massive-amounts-of-spoofed-web-traffic-linked-to-china/


Vorsicht vor gefälschten Gewinnspielen von ÖAMTC und ADAC

Vorsicht, wenn Sie per E-Mail ein Gewinnspiel für ein Auto-Notfallset erhalten. Kriminelle geben sich als ÖAMTC oder ADAC aus und behaupten, Sie hätten ein Auto-Notfallset gewonnen. Klicken Sie nicht auf den Link, Sie werden in eine Abo-Fall gelockt!

https://www.watchlist-internet.at/news/gefaelschte-gewinnspiele-oeamtc-adac/


Datendiebstahl via Slack, Disney stellt Nutzung des Messenger-Dienstes ein

Die Hackergruppe Nullbulge konnte Computercode und Details über unveröffentlichte Projekte stehlen und veröffentlichen

https://www.derstandard.at/story/3000000237370/datendiebstahl-disney-trennt-sich-von-messenger-dienst-slack


High-risk vulnerabilities in common enterprise technologies

Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.

https://www.rapid7.com/blog/post/2024/09/19/etr-high-risk-vulnerabilities-in-common-enterprise-technologies/


Jugendherbergen offenbar Opfer von Ransomware-Bande Hunters

Ende August kam es zu Störungen bei rund 450 deutschen Jugendherbergen. Die Ursache war unklar. Offenbar ist eine Ransomware-Attacke schuld.

https://heise.de/-9938226

Vulnerabilities

DSA-5773-1 chromium - security update

https://lists.debian.org/debian-security-announce/2024/msg00186.html


OpenSSH 9.9 released

https://lwn.net/Articles/991028/