End-of-Day report
Timeframe: Donnerstag 29-08-2024 18:00 - Freitag 30-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.
https://www.bleepingcomputer.com/news/security/fake-palo-alto-globalprotect-used-as-lure-to-backdoor-enterprises/
FBI: RansomHub ransomware breached 210 victims since February
-Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors.
https://www.bleepingcomputer.com/news/security/fbi-ransomhub-ransomware-breached-210-victims-since-february/
Russische Hacker nutzen die gleichen Lücken wie Staatstrojaner
Immer wieder warnen Experten davor, dass auch Kriminelle jene Schlupflöcher nutzen können, über die auch Regierungen Verdächtige überwachen.
https://futurezone.at/netzpolitik/russische-hacker-staatstrojaner-messenger-ueberwachung-sicherheit-nso-pegasus-predator-apt29/402941959
Studie: 78 Prozent aller Ransomware-Opfer zahlen offenbar Lösegeld
Viele betroffene Unternehmen zahlen wohl sogar mehrfach. Auch vier- oder mehr Lösegeldzahlungen sind keine Seltenheit - vor allem nicht in Deutschland.
https://www.golem.de/news/studie-78-prozent-aller-ransomware-opfer-zahlen-offenbar-loesegeld-2408-188565.html
Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom
Sordid search history evidence in case that could see him spend 35 years for extortion and wire fraud A former infrastructure engineer who allegedly locked IT department colleagues out of their employers systems, then threatened to shut down servers unless paid a ransom, has been arrested and charged after an FBI investigation.
https://www.theregister.com/2024/08/29/vm_engineer_extortion_allegations/
How to enhance the security of your social media accounts
TL;DR Strong passwords: Use a password manager. Multi-factor authentication (MFA): MFA requires multiple forms of identification, adding an extra layer of security. This makes it harder for unauthorised users to ..
https://www.pentestpartners.com/security-blog/how-to-enhance-the-security-of-your-social-media-accounts/
TLD Tracker: Exploring Newly Released Top-Level Domains
Unit 42 researchers use a novel graph-based pipeline to detect misuse of 19 new TLDs for phishing, chatbots and more in several case studies.
https://unit42.paloaltonetworks.com/tracking-newly-released-top-level-domains/
Malicious North Korean packages appear again in open source code repository
North Korean hackers continue to exploit the widely used npm code repository, publishing malicious packages intended to infect software developers- devices with malware, according to recent research.
https://therecord.media/npm-javascript-repository-north-korean-malware
TR-88 - Motivation, procedure and rational for leaked credential notifications
In today-s digital landscape, protecting user data is essential for every organization. When public data leaks expose customer credentials, it is critical to respond promptly to mitigate risks. This document outlines why CIRCL ..
https://www.circl.lu/pub/tr-88
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html
Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches
The stakes continue growing higher for organizations when it comes to cybersecurity incidents, with the fallout of such incidents becoming more costly and complex. According to the Fortinet 2024 Cybersecurity Skills Gap Report, the overwhelming majority (87%) of those surveyed said they experienced one or ..
https://www.fortinet.com/blog/industry-trends/gaps-in-skills-knowledge-technology-pave-way-for-breaches
Ransomware Roundup - Underground
The Underground ransomware has victimized companies in various industries since July 2023. It encrypts files without changing the original file extension.
https://www.fortinet.com/blog/threat-research/ransomware-roundup-underground
Nach Cyberangriff: Solaranbieter "Qcells" informiert Kunden über Datenleck
Wieder gibt es ein Datenleck in der Solarbranche. Kunden von Qcell werden darum informiert.
https://heise.de/-9852641
Vulnerabilities
Security updates for Friday
Security updates have been issued by AlmaLinux (libvpx, postgresql, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Debian (chromium and ghostscript), Fedora (python3.13), and SUSE (chromium and podman).
https://lwn.net/Articles/987836/
DSA-5761-1 chromium - security update
https://lists.debian.org/debian-security-announce/2024/msg00174.html
IPCOM vulnerable to information disclosure
https://jvn.jp/en/jp/JVN29238389/