Tageszusammenfassung - 05.12.2024

End-of-Day report

Timeframe: Mittwoch 04-12-2024 18:00 - Donnerstag 05-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Kostenfalle Gesundheitstest: So schützen Sie sich vor Abzocke

Auf gesundheitskontrolle.com oder gesundheitsbewertung.com werden 2-minütige Gesundheitstests versprochen. Nach Beantwortung einiger Fragen erhalten Sie angeblich eine -maßgenschneiderte und individuelle Gesundheitsanalyse- von Gesundheitsexperten. Wir raten zur Vorsicht: Wenige Tage später flattert eine Rechnung über 79 Euro ins Haus.

https://www.watchlist-internet.at/news/kostenfalle-gesundheitstest/

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur-s Multi-Platform Attacks

Trend Micro-s monitoring of the MOONSHINE exploit kit revealed how it-s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.

https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html

Telecom Giant BT Group Hit by Black Basta Ransomware

BT Group, a major telecommunications firm, has been hit by a ransomware attack from the Black Basta group. The attack targeted the companys Conferencing division, leading to server shutdowns and potential data theft.

https://hackread.com/telecom-giant-bt-group-black-basta-ransomware-attack/

Vorsicht vor Whatsapp-Phishing mit gespoofter Rufnummer

Cyber-Kriminelle nehmen deutschsprachige WhatsApp-Nutzer ins Visier und versuchen mit einem perfiden Trick und einem Chatbot deren Accounts zu kapern.

https://heise.de/-10188150

USA: Acht Telekommunikationsdienste von Cyberangriffen betroffen

Bereits im Wahlkampf wurde bekannt, dass Kriminelle an die Telefondaten hochrangiger US-Politiker gekommen sind. Doch der Angriff war umfangreicher als gedacht.

https://heise.de/-10188807

[Guest Diary] Business Email Compromise, (Thu, Dec 5th)

Business Email Compromise (BEC) is a lucrative attack, which FBI data shows 51 billion dollars in losses between 2013 to 2022 [2]. According to SentinelOne, nearly all cybersecurity attacks (98%) contain a social engineering component [3].The social engineering attacks include phishing, spear phishing, smishing, whaling , etc.

https://isc.sans.edu/diary/rss/31474

Vulnerabilities

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. [..] WatchTowr Labs' analysis further found that the authentication bypass could be chained with an as-yet-unpatched post-authentication arbitrary file read flaw to extract sensitive information.

https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html

Security updates for Thursday

Security updates have been issued by Fedora (thunderbird, tuned, and webkitgtk), Mageia (python-aiohttp and qemu), Oracle (container-tools:ol8, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, kernel:4.18.0, krb5, pam, postgresql:16, python-tornado, python3:3.6.8, thunderbird, tigervnc, tuned, and webkit2gtk3), Red Hat (bzip2, postgresql, postgresql:13, postgresql:15, postgresql:16, python-tornado, and ruby:3.1), Slackware (python3), SUSE (postgresql, postgresql16, postgresql17, postgresql13, postgresql14, postgresql15, python-python-multipart, and python3), and Ubuntu (python-django and recutils).

https://lwn.net/Articles/1000870/

Vier Lücken in HPE Aruba Networking ClearPass Policy Manager geschlossen

In aktuellen Versionen von HPE Aruba Networking ClearPass Policy Manager haben die Entwickler insgesamt vier Sicherheitslücken geschlossen. Im schlimmsten Fall können Angreifer eigenen Code ausführen und Systeme kompromittieren.

https://heise.de/-10188868

Drupal: Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071

https://www.drupal.org/sa-contrib-2024-071

Drupal: Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070

https://www.drupal.org/sa-contrib-2024-070

Drupal: Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069

https://www.drupal.org/sa-contrib-2024-069

Drupal: Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068

https://www.drupal.org/sa-contrib-2024-068

Drupal: OAuth & OpenID Connect Single Sign On - SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067

https://www.drupal.org/sa-contrib-2024-067

Drupal: Print Anything - Critical - Unsupported - SA-CONTRIB-2024-066

https://www.drupal.org/sa-contrib-2024-066

Drupal: Megamenu Framework - Critical - Unsupported - SA-CONTRIB-2024-065

https://www.drupal.org/sa-contrib-2024-065

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024)

https://www.wordfence.com/blog/2024/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-25-2024-to-december-1-2024/

AutomationDirect C-More EA9 Programming Software

https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-01

Planet Technology Planet WGS-804HPT

https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02