(CERT daily) Day-to-day approval – 29.08.2024

============================

= End of Day Report =

============================

Timetable: Mittwoch 28-08-2024 18:00 − Donnerstag 29-08-2024 18:00

Handler: Alexander Riepl

Co-therapist: n/a

============================

= News =

============================

∗∗∗ Unpatchable 0-day in security camera is abused to install Mirai ∗∗∗

—————————————–

Vulnerabilities are easy to exploit and allow attackers to execute commands remotely.

—————————————–

https://arstechnica.com/?p=2046043

∗∗∗ Iranian hackers team up with ransomware gangs to extort money from hacked organizations ∗∗∗

—————————————–

An Iranian hacking group known as Pioneer Kitten is hacking defense, education, financial, and healthcare institutions in the United States. The group is working with partners from various ransomware operations to extort money from victims.

—————————————–

https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/

∗∗∗ Endlich: Maßnahme gegen Anrufe mit gefälschten Nummern tritt in Kraft ∗∗∗

—————————————–

The very own handy number for spam was released on September 1st.

—————————————–

https://futurezone.at/netzpolitik/rtr-veordnung-massnahme-nummer-gefaelscht-spoofing-sim-oesterreich/402941615

∗∗∗ Peach Sandstorm Deploys New, Custom Tickler Malware in Long-Running Intelligence Gathering Operations ∗∗∗

—————————————–

Between April and July 2024, Microsoft observed the Iranian state-sponsored threat actor Peach Sandstorm deploy a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as the federal and state government sectors in the United States and the..

—————————————–

https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/

∗∗∗ Cybercrime and sabotage cost German companies $300 billion last year ∗∗∗

—————————————–

Cybercrime and other acts of sabotage cost German companies about $298 billion last year, a 29% increase from the previous year, according to a new study from Bitkom. Reuters reports: Bitkom surveyed about 1,000 companies across all sectors and found that 90% expect cyberattacks to increase in the next 12 months, while the remaining 10% expect the same level.

—————————————–

https://it.slashdot.org/story/24/08/28/211228/cybercrime-and-sabotage-cost-german-firms-300-billion-in-past-year

∗∗∗ 12 Best Practices to Secure Your WordPress Login Page ∗∗∗

—————————————–

WordPress powers a significant portion of the websites on the Internet. With this popularity comes the need for strict security measures, especially for the login page. These entry points are prime targets for hackers and malicious actors. By implementing the proper security practices outlined in this guide, you can maintain a secure WordPress login and ..

—————————————–

https://blog.sucuri.net/2024/08/12-best-practices-to-secure-your-wordpress-login-page.html

∗∗∗ Microsoft hosts security summit, but no press or public allowed ∗∗∗

—————————————–

CrowdStrike, other vendors, friendly government officials… but no one will tell you what happened. Opinion piece Microsoft is hosting a security summit next month that will feature CrowdStrike and other “major” endpoint security partners. The CrowdStrike outage that shut down millions of Windows machines will undoubtedly be a top item on the agenda.

—————————————–

https://www.theregister.com/2024/08/28/microsoft_closed_security_summit/

∗∗∗ Censys Finds Hundreds of Exposed Servers as Volt Typhoon Attacks APT Service Providers ∗∗∗

—————————————–

During the Volt Typhoon zero-day exploit, Censys discovers hundreds of exposed servers that provide an easy attack surface for attackers.

—————————————–

https://www.securityweek.com/censys-finds-hundreds-of-exposed-servers-as-volt-typhoon-apt-targets-isps-msps/

∗∗∗ Telegram as Betrugsfalle ∗∗∗

—————————————–

The Kurznachrichtendienst Telegram is a message about the discoveries of Pawel Durow in Paris in the whole world. Telegram provides us with the Watchlist Internet but much longer. Kaum woanders is criminally better, sacrifice in their cases to lock. Investment involvement, snowball systems and trustworthy jobs provide for horrendous damages. It is possible to post a message on Telegram for the critical criticism.

—————————————–

https://www.watchlist-internet.at/news/telegram-als-betrugsfalle/

∗∗∗ $2.5M Reward Offered for Hacker Linked to Infamous Angler Exploit Kit ∗∗∗

—————————————–

Who wouldn’t want to make $2.5 million? That’s the reward U.S. authorities are offering for information leading to the arrest and/or conviction of the man believed to be a key figure in the development and distribution of the infamous Angler Exploit Kit. Read more in my article on the Tripwire State of Security blog.

—————————————–

https://www.tripwire.com/state-of-security/25-million-reward-offered-cyber-criminal-linked-notorious-angler-exploit-kit

∗∗∗ Cisco: BlackByte ransomware gang only responsible for 20% to 30% of successful attacks ∗∗∗

—————————————–

According to Cisco researchers, the BlackByte ransomware gang is publishing only a fraction of its successful attacks on its leak site this year.

—————————————–

https://therecord.media/blackbyte-ransomware-group-posting-fraction-of-leaks

∗∗∗ State-sponsored attackers and commercial surveillance vendors repeatedly use the same exploits ∗∗∗

—————————————–

We share an update on the suspected state-sponsored attacker APT29 and its use of exploits identical to those used by Intellexa and NSO.

—————————————–

https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

∗∗∗ The Great TIBER Encyclopedia ∗∗∗

—————————————–

An Analysis of Current TIBER Implementations Ahead of DORA’s TLPT Requirements Introduction TIBER (Threat Intelligence-Based Ethical Red Teaming) is a framework introduced by the European Central Bank (ECB) in 2018 in response to the increasing number of cyber threats facing financial institutions. The framework provides a ..

—————————————–

https://blog.nviso.eu/2024/08/29/the-big-tiber-encyclopedia/

∗∗∗ The vulnerabilities we discovered by fuzzing µC/OS protocol stacks ∗∗∗

—————————————–

Fuzzing has long been one of our favorite ways to look for security issues or vulnerabilities in software. But when it comes to fuzzing popular systems used in ICS environments, traditionally a custom hardware setup was required to fuzz the code in the native environment.

—————————————–

https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/

============================

= Vulnerabilities =

============================

∗∗∗ Cisco Family August 2024 First Round Security Update Advisory ∗∗∗

—————————————–

https://asec.ahnlab.com/en/82727/

—

CERT.at Daily Mailing List

List info: https://lists.cert.at/cgi-bin/mailman/listinfo/daily