[CERT-daily] Tageszusammenfassung - 29.02.2024

Thu Feb 29 18:08:48 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 28-02-2024 18:00 − Donnerstag 29-02-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ LockBit ransomware returns to attacks with new encryptors, servers ∗∗∗
---------------------------------------------
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last weeks law enforcement disruption.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/


∗∗∗ Neue Ransomwaregruppe: Angeblicher Cyberangriff auf Epic Games bleibt zweifelhaft ∗∗∗
---------------------------------------------
Die Hackergruppe Mogilevich bietet im Darknet Daten von Epic Games im Umfang von 189 GByte zum Verkauf an. Zweifel an dem Angebot sind jedoch angebracht.
---------------------------------------------
https://www.golem.de/news/daten-stehen-zum-verkauf-neue-ransomwaregruppe-hat-angeblich-epic-games-gehackt-2402-182672.html


∗∗∗ GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks ∗∗∗
---------------------------------------------
Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX). The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications.
---------------------------------------------
https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html


∗∗∗ New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks.
---------------------------------------------
https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html


∗∗∗ #StopRansomware: Phobos Ransomware ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a


∗∗∗ ALPHV is singling out healthcare sector, say FBI and CISA ∗∗∗
---------------------------------------------
CISA, FBI and HHS are warning about the ALPHV/ Blackcat ransomware group targeting the healthcare industry.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2024/02/alphv-is-singling-out-healthcare-sector-say-fbi-and-cisa


∗∗∗ GUloader Unmasked: Decrypting the Threat of Malicious SVG Files ∗∗∗
---------------------------------------------
This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals.
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/


∗∗∗ Amazon-Vishing: Vorsicht vor Fake-Amazon-Anrufen! ∗∗∗
---------------------------------------------
Am Telefon geben sich Kriminelle als Amazon-Mitarbeiter:innen aus. Unter verschiedenen Vorwänden bringen sie Sie dazu, TeamViewer oder AnyDesk zu installieren und räumen Ihr Konto leer! Sollten Sie so einen Anruf erhalten, legen Sie auf und blockieren Sie die Nummer.
---------------------------------------------
https://www.watchlist-internet.at/news/amazon-vishing-vorsicht-vor-fake-amazon-anrufen/


∗∗∗ ADCS ESC14 Abuse Technique ∗∗∗
---------------------------------------------
In this blog post, we will explore the variations of abuse of explicit certificate mapping in AD, what the requirements are, and how you can protect your environment against it.
---------------------------------------------
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9


∗∗∗ The Art of Domain Deception: Bifrosts New Tactic to Deceive Users ∗∗∗
---------------------------------------------
The RAT Bifrost has a new Linux variant that leverages a deceptive domain in order to compromise systems. We analyze this expanded attack surface.
---------------------------------------------
https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/


∗∗∗ Vulnerabilities in business VPNs under the spotlight ∗∗∗
---------------------------------------------
As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk.
---------------------------------------------
https://www.welivesecurity.com/en/business-security/vulnerabilities-business-vpns-spotlight/


∗∗∗ IT-Sicherheitsprodukte von Sophos verschlucken sich am Schaltjahr ∗∗∗
---------------------------------------------
Aufgrund eines Fehlers können Sophos Endpoint, Home und Server vor dem Besucht legitimer Websites warnen. Erste Lösungen sind bereits verfügbar.
---------------------------------------------
https://heise.de/-9642801


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium), Fedora (moodle), Red Hat (kernel, kernel-rt, and postgresql:15), Slackware (wpa_supplicant), SUSE (Java and rear27a), and Ubuntu (libcpanel-json-xs-perl, libuv1, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.4, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, python-openstackclient, and unbound).
---------------------------------------------
https://lwn.net/Articles/964039/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ 2024-01 Security Bulletin: JSA Series: Multiple vulnerabilities resolved in JSA Applications ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-JSA-Applications


∗∗∗ On Demand: JSA Series: Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP7 IF05 ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP7-IF05


∗∗∗ Delta Electronics CNCSoft-B ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01


∗∗∗ MicroDicom DICOM Viewer ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily