End-of-Day report
Timeframe: Dienstag 08-10-2024 18:00 - Mittwoch 09-10-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Two never-before-seen tools, from same group, infect air-gapped devices
Its hard enough creating one air-gap-jumping tool. GoldenJackal did it 2x in 5 years.
https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/
European govt air-gapped systems breached using custom malware
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.
https://www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176.
https://www.bleepingcomputer.com/news/software/new-scanner-finds-linux-unix-servers-exposed-to-cups-rce-attacks/
Sicherheitslücke: RDP-Server von Windows aus der Ferne angreifbar
Ein erfolgreicher Angriff erfordert zwar eine gewonnene Race Condition, dafür aber keinerlei Authentifizierung oder Nutzer-Interaktion.
https://www.golem.de/news/sicherheitsluecke-rdp-server-von-windows-aus-der-ferne-angreifbar-2410-189652.html
Cisco warnt: Kinder erhöhen Cyberrisiko im Homeoffice
Laut Cisco erlauben rund zwei Drittel aller Eltern im Homeoffice ihren Kindern den Zugriff auf beruflich genutzte Geräte - häufig sogar unbeaufsichtigt.
https://www.golem.de/news/cisco-warnt-kinder-erhoehen-cyberrisiko-im-homeoffice-2410-189661.html
From Perfctl to InfoStealer
A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I wont repeat what has been already disclosed. I found a ..
https://isc.sans.edu/diary/From+Perfctl+to+InfoStealer/31334
Ransomware gang Trinity joins pile of scumbags targeting healthcare
As if hospitals and clinics didnt have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.
https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/
Patch Tuesday, October 2024 Edition
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes ..
https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/
How to handle vulnerability reports in aviation
TL;DR Always thank researchers for reporting vulnerabilities. Acknowledging their efforts can set the right tone. Lead all communications with researchers. Don-t let legal or PR teams take over. Provide ..
https://www.pentestpartners.com/security-blog/how-to-handle-vulnerability-reports-in-aviation/
So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte
Sie werden per SMS über eine Rückerstattung vom Finanzamt informiert und klicken auf den Link. Sie gelangen auf die Webseite des Finanzamts - zumindest sieht es so aus. Sie wählen Ihre Bank aus, um das Geld zu erhalten. Doch plötzlich kommt eine Fehlermeldung von Ihrer Bank. Sie erhalten eine neue Bankomatkarte und müssen die alte zerschneiden und ..
https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/
Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.
https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/
Schwachstellen in Intels Sicherheitstechnologie TDX entdeckt-
Wissenschaftler von der Universität zu Lübeck haben Schwachstellen in Intels Trusted Domain Extensions identifiziert. Intel hat eine Lücke bereits geschlossen.
https://heise.de/-9974224
Vulnerabilities
Synology-SA-24:12 GitLab
A vulnerability allows remote attacker to bypass authentication via a susceptible version of GitLab.
https://www.synology.com/en-global/support/security/Synology_SA_24_12
DSA-5729-2 apache2 - regression update
https://lists.debian.org/debian-security-announce/2024/msg00200.html
Announcement: Drupal core issues with some risk levels may be treated as bugs in the public issue queue, not as private security issues - PSA-2023-07-12
https://www.drupal.org/psa-2023-07-12
Local Privilege Escalation mittels MSI installer in Palo Alto Networks GlobalProtect
https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escalation-mittels-msi-installer-in-palo-alto-networks-globalprotect/
October Security Update
https://www.ivanti.com/blog/october-2024-security-update