Tageszusammenfassung - 27.09.2024

End-of-Day report

Timeframe: Donnerstag 26-09-2024 18:00 - Freitag 27-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The ..

https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/


NIST Recommends Some Common-Sense Password Rules

NIST-s second draft of its -SP 800-63-4- - its digital identify guidelines - finally contains some really good rules about passwords.

https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html


Kaspersky Defends Stealth Swap of Antivirus Software on US Computers

Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software. Kaspersky ..

https://it.slashdot.org/story/24/09/26/1825249/kaspersky-defends-stealth-swap-of-antivirus-software-on-us-computers


Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate."These attacks could be ..

https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html


Victims lose $70K to one single wallet-draining app on Googles Play Store

Attackers got 10k people to download trusted web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign ..

https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/


Patch now: Critical Nvidia bug allows container escape, complete host takeover

33% of cloud environments using the toolkit impacted, were told A critical bug in Nvidias widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.

https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/


Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected

A researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems.

https://www.securityweek.com/highly-anticipated-linux-flaw-allows-remote-code-execution-but-less-serious-than-expected/


US Announces Charges, Sanctions Against Russian Administrator of Carding Website

US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker-s Stash.

https://www.securityweek.com/us-announces-charges-sanctions-against-russian-administrator-of-carding-website/


Spatenstich für Cybersecurity-Campus der TU Graz

Rund 25 Millionen Euro werden in den Komplex für bis zu 160 Forschende in der Sandgasse investiert. Auch IT-Start-ups sollen dort Platz finden

https://www.derstandard.at/story/3000000238456/spatenstich-fuer-cybersecurity-campus-der-tu-graz


Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

ESET Research has conducted a comprehensive technical analysis of Gamaredon-s toolset used to conduct its cyberespionage activities focused in Ukraine

https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023/


Geoblocking als einfache DDoS-Abwehr

Distributed Denial of Service (DDoS) Angriffe gibt es in diversen Varianten, das reicht von reflected UDP mit hoher Bandbreite über Tricksereien auf Layer 4 (etwa TCP-SYN Flooding, oder auch nur Überlastung der State-Tabellen in Firewalls) bis hin zu Layer 7 Angriffen mit vielen teuren http Anfragen. Aktuell sehen wir gerade letztere, dazu wollen wir ein ..

https://www.cert.at/de/blog/2024/9/geoblocking-gegen-ddos


Meta fined $101 million for storing hundreds of millions of passwords in plaintext

European regulators fined Meta for an engineering mistake that the social media giant first reported in 2019.

https://therecord.media/meta-unprotected-passwords-fine-gdpr


Vulnerabilities

ZDI-24-1290: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1290/


ZDI-24-1289: TeamViewer Missing Authentication Local Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-24-1289/