September 2024 - rwth-security - lists.rwth-aachen.de

Gemeinsamer Sicherheitshinweis zu Cyberaktivitäten der russischen GRU-Einheit 29155

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Gemeinsamer Sicherheitshinweis zu Cyberaktivitäten der russischen GRU-Einheit 29155" --> der gemeinsame Sicherheitshinweis komplett als PDF [1] --> Hinweis der CISA [2] - dort auch mit IoC's VG Bernd [0] https://www.verfassungsschutz.de/SharedDocs/kurzmeldungen/DE/2024/2024-09-0… [1] https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/20… [2] https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

2 Wochen, 3 Tage

1
0
0 0

New RAMBO attack steals data using RAM in air-gapped computers

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New RAMBO attack steals data using RAM in air-gapped computers" --> "... "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers ..." VG Bernd [0] https://www.bleepingcomputer.com/news/security/new-rambo-attack-steals-data… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Wochen, 5 Tage

1
0
0 0

CVE Hunting Made Easy

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE Hunting Made Easy" --> Info des Autoren: "found 14 CVEs by downloading every Wordpress plugin and scanning all of it with Semgrep - full dataset published if you want to do some sifting yourself, there's plenty of output I haven't looked at." VG Bernd [0] https://projectblack.io/blog/cve-hunting-at-scale/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Wochen, 5 Tage

1
0
0 0

deepfakes - faceswap

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "faceswap" --> "... tool that utilizes deep learning to recognize and swap faces in pictures and videos ..." VG Bernd [0] https://github.com/deepfakes/faceswap -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Wochen, 6 Tage

1
0
0 0

SpyAgent Android malware steals your crypto recovery phrases from

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "SpyAgent Android malware steals your crypto recovery phrases from images" --> "... uses optical character recognition (OCR) ..." VG Bernd [0] https://www.bleepingcomputer.com/news/security/spyagent-android-malware-ste… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Wochen, 6 Tage

1
0
0 0

An Engineer’s Guide to Integrating ARI into Existing ACME Clients

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "An Engineer’s Guide to Integrating ARI into Existing ACME Clients" --> ACME Renewal Information (ARI) --> weil es eine deutliche Nutzung von Let's Encrypt gibt ;) VG Bernd [0] https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-a… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Wochen, 6 Tage

1
0
0 0

CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise" --> "... vulnerability within the Linux kernel ..." --> "... local authenticated attackers ..." --> "... versions 6.1.9 and later, 5.15.91 and later, and 5.10.166 and later ..." VG Bernd [0] https://securityonline.info/cve-2024-26581-poc-exploit-released-linux-syste… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2 Wochen, 6 Tage

1
0
0 0

CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published" --> original Report [1] --> "... rooted in the wappd network daemon, a critical component of the MediaTek MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle. These chipsets are widely used in Wifi6 (802.11ax) devices, including popular models from Ubiquiti, Xiaomi, and Netgear. ..." --> PoC [2] VG Bernd [0] https://securityonline.info/cve-2024-20017-cvss-9-8-zero-click-exploit-disc… [1] https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-d… [2] https://github.com/mellow-hype/cve-2024-20017 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

3 Wochen

1
0
0 0

Threat actors using MacroPack to deploy Brute Ratel, Havoc and

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads' VG Bernd [0] https://blog.talosintelligence.com/threat-actors-using-macropack/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen

1
0
0 0

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

von Bernd Kohler

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Revival Hijack supply-chain attack threatens 22,000 PyPI packages" --> "... To mitigate the threat, users and organizations can use package pinning to stay on specified, known to be trustworthy versions, verify package integrity, audit its contents, and look out for changes in package ownership or atypical update activity. ..." VG Bernd [0] https://www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

3 Wochen, 1 Tag

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

rwth-security September 2024