End-of-Day report
Timeframe: Dienstag 09-07-2024 18:00 - Mittwoch 10-07-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Ticket Heist network of 700 domains sells fake Olympic Games tickets
A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.
https://www.bleepingcomputer.com/news/security/ticket-heist-network-of-700-domains-sells-fake-olympic-games-tickets/
Im Klartext: Linksys-Router senden wohl WLAN-Passwörter an US-Server
Eine Verbraucherorganisation hat zwei Routermodelle von Linksys getestet. Beide übermitteln wohl sensible Daten an einen Server in den USA. Einen Patch gibt es bisher nicht.
https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html
Cyberangriff trifft IT-Konzern: 49 Systeme von Fujitsu mit Malware infiziert
Cyberkriminellen ist es gelungen, interne Systeme von Fujitsu zu infiltrieren. Potenziell sind auch Kundendaten abgeflossen. Viele Details nennt der Konzern aber nicht.
https://www.golem.de/news/cyberangriff-trifft-it-konzern-49-systeme-von-fujitsu-mit-malware-infiziert-2407-186903.html
Finding Honeypot Data Clusters Using DBSCAN: Part 1
Sometimes data needs to be transformed or different tools need to be used so that it can be compared with other data. Some honeypot data is easy to compare since there is no customized information such as randomly generated file names, IP addresses, etc.
https://isc.sans.edu/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+1/31050
Ransomware crews investing in custom data stealing malware
BlackByte, LockBit among the criminals using bespoke tools As ransomware crews increasingly shift beyond just encrypting victims files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the ..
https://www.theregister.com/2024/07/10/ransomware_data_exfil_malware/
Google Is Adding Passkey Support for Its Most Vulnerable Users
Google is bringing the password-killing -passkey- tech to its Advanced Protection Program users more than a year after rolling them out broadly.
https://www.wired.com/story/google-passkey-advance-protection-program/
Augen auf beim Ticketkauf
Wie Betrüger beliebte Ticketplattformen für ihre finsteren Zwecke missbrauchen
https://www.welivesecurity.com/de/tipps-ratgeber/augen-auf-beim-ticketkauf/
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities.
https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2024/
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
Eldorado Ransomware Targeting Windows and Linux with New Malware
Another day, another threat against Windows and Linux systems!
https://hackread.com/eldorado-ransomware-windows-linux-malware/
CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook
Morphisec researchers have identified a significant vulnerability, CVE-2024-38021 - a zero-click remote code execution (RCE) vulnerability that impacts most Microsoft Outlook applications.
https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, kernel-rt, libreswan, linux-firmware, pki-core, and podman), Fedora (firefox and jpegxl), Gentoo (Buildah, HarfBuzz, and LIVE555 Media Server), Oracle (buildah, gvisor-tap-vsock, kernel, libreswan, and podman), Red Hat (containernetworking-plugins, dotnet6.0, dotnet8.0, fence-agents, kernel, libreswan, libvirt, perl-HTTP-Tiny, python39:3.9, toolbox, and virt:rhel and virt-devel:rhel modules), SUSE (firefox,
https://lwn.net/Articles/981508/
[20240705] - Core - XSS in com_fields default field value
https://developer.joomla.org:443/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html
[20240704] - Core - XSS in Wrapper extensions
https://developer.joomla.org:443/security-centre/938-20240704-core-xss-in-wrapper-extensions.html