Tageszusammenfassung - 09.09.2024

End-of-Day report

Timeframe: Freitag 06-09-2024 18:00 - Montag 09-09-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Transport for London staff faces systems disruptions after cyberattack

-Transport for London, the citys public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/

Softwarefehler bei Landtagswahl: CCC kritisiert Intransparenz bei Wahlsoftware

Eine "stümperhafte Implementierung" könnte zu dem Berechnungsfehler bei der Landtagswahl in Sachsen geführt haben. Der CCC fordert mehr Transparenz.

https://www.golem.de/news/softwarefehler-bei-landtagswahl-ccc-kritisiert-intransparenz-bei-wahlsoftware-2409-188781.html

Angriff auf Air-Gapped-Systeme: Malware exfiltriert Daten drahtlos durch den RAM

Die Angriffstechnik liefert zwar keine hohe Datenrate, für ein Keylogging in Echtzeit sowie das Ausleiten von Passwörtern und RSA-Keys reicht sie aber aus.

https://www.golem.de/news/angriff-auf-air-gapped-systeme-malware-exfiltriert-daten-drahtlos-durch-den-ram-2409-188805.html

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet, a North Korean threat actor that commonly targets the cryptocurrency ..

https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/

The Underground World of Black-Market AI Chatbots is Thriving

An anonymous reader shares a report: ChatGPTs 200 million weekly active users have helped propel OpenAI, the company behind the chatbot, to a $100 billion valuation. But outside the mainstream theres still plenty of money to be made -- especially if youre catering to the underworld. Illicit large language models (LLMs) can make up to $28,000 in two months ..

https://slashdot.org/story/24/09/06/1648218/the-underground-world-of-black-market-ai-chatbots-is-thriving

Hypervisor Development in Rust for Security Researchers (Part 1)

In the ever-evolving field of information security, curiosity and continuous learning drive innovation.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hypervisor-development-in-rust-for-security-researchers-part-1/

Exploring an Experimental Windows Kernel Rootkit in Rust

Around two years ago, memN0ps took the initiative to create one of the first publicly available rootkit proof of concepts (PoCs) in Rust as an experimental project, while learning a new programming language. It still lacks many features, which are relatively easy to add once the concept is understood, but it was developed within a month, at a part-time capacity.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/exploring-an-experimental-windows-kernel-rootkit-in-rust/

Predator Spyware Resurfaces With Fresh Infrastructure

Recorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions.

https://www.securityweek.com/predator-spyware-resurfaces-with-fresh-infrastructure/

Chinese APT Abuses VSCode to Target Government in Asia

A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims environments for Southeast Asian espionage.

https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/

Sextortion-Betrugsversuch I: Aufzeichnung des Porno-Konsums; und "Rechnungszahlung"

Aktuell laufen wieder sogenannte Sextortion-Kampagnen, bei der Opfer per E-Mail mit angeblich kompromittierendem Material erpresst werden sollen. Ich fasse daher einige Informationen der letzten Tage über laufende Sextortion-Kampagnen in ..

https://www.borncity.com/blog/2024/09/09/sextortion-betrugsversuch-i-aufzeichnung-des-porno-konsums-und-rechnungszahlung/

AI Firm-s Misconfigured Server Exposed 5.3 TB of Mental Health Records

A misconfigured server from a US-based AI healthcare firm Confidant Health exposed 5.3 TB of sensitive mental health-

https://hackread.com/ai-firm-misconfigured-server-exposed-mental-health-data/

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

Eigene Identität im Blick: Google Dark Web Report warnt vor Datenlecks-

Mit dem Dark Web Report von Google lässt sich die eigene Identität auf Datenpannen überwachen. Der Dienst ist nun kostenlos und nicht mehr Abo-Bestandteil.

https://heise.de/-9860797

Polen zerschlägt Ring von Cybersaboteuren

Das EU- und Nato-Land Polen ist zunehmend Ziel von Cyberattacken. Warschau vermutet dahinter die Tätigkeit russischer und belarussischer Geheimdienste.

https://heise.de/-9862555

Vulnerabilities

ZDI-24-1196: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-45107.

http://www.zerodayinitiative.com/advisories/ZDI-24-1196/

DSA-5767-1 thunderbird - security update

https://lists.debian.org/debian-security-announce/2024/msg00180.html

Security Vulnerabilities fixed in Firefox ESR 115.13

https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/