End-of-Day report
Timeframe: Donnerstag 04-07-2024 18:00 - Freitag 05-07-2024 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms/
Turla: A Master-s Art of Evasion
Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this.
https://www.gdatasoftware.com/blog/2024/07/37977-turla-evasion-lnk-files
New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks
Cybersecurity researchers have uncovered a new botnet called Zergeca thats capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top").
https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html
Latest Ghostscript vulnerability haunts experts as the next big breach enabler
Theres also chatter about whether medium severity scare is actually code red nightmare Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.
https://go.theregister.com/feed/www.theregister.com/2024/07/05/ghostscript_vulnerability_severity/
Binance-Kund:innen aufgepasst: SMS zu Login-Versuch ist Fake
Aktuell erreichen uns Meldungen über eine SMS im Namen der Handelsplattform Binance: Angeblich gibt es einen Login-Versuch aus Malta oder einem anderen Land. Es wird um einen Rückruf gebeten. Ignorieren Sie die SMS. Kriminelle versuchen Ihr Konto zu kapern und an Ihr Geld zu kommen.
https://www.watchlist-internet.at/news/binance-login-fake/
TeamViewer gibt Entwarnung: Keine Kundendaten beim Hack im Juni 2024 abgeflossen
Der Hack des Fernwartungsanbieters TeamViewer scheint wohl glimpflicher abgegangen zu sein, als befürchtet. Ein staatlicher Akteur (APT29) hatte zwar Zugriff auf die interne IT-Umgebung des Unternehmens. Aber weder die Produktivumgebung mit den Quellen und Binärdateien der Fernwartungssoftware noch Kundendaten scheinen betroffen. Das hat der Anbieter in einem nunmehr dritten Statusupdate bekannt gegeben.
https://www.borncity.com/blog/2024/07/05/teamviewer-gibt-entwarnung-keine-kundendaten-beim-hack-im-juni-2024-abgeflossen/
Turning Jenkins Into a Cryptomining Machine From an Attackers Perspective
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).
https://lwn.net/Articles/980855/
ZDI-24-897: Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-897/