===================== = End-of-Day report = =====================
Timeframe: Donnerstag 20-06-2024 18:00 − Freitag 21-06-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Linux version of RansomHub ransomware targets VMware ESXi VMs ∗∗∗ --------------------------------------------- The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-version-of-ransomhub-ra...
∗∗∗ Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals ∗∗∗ --------------------------------------------- The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview. --------------------------------------------- https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
∗∗∗ LLMNR – das oft vergessene Einfallstor ins Netzwerk ∗∗∗ --------------------------------------------- LLMNR dient zur Namensauflösung in lokalen Netzwerken, wenn kein Domain Name System (DNS) vorhanden ist – was heutzutage so gut wie nie vorkommt. Da LLMNR keine Sicherheitsmechanismen enthält, lässt es sich sehr leicht für Angriffe missbrauchen. --------------------------------------------- https://www.syss.de/pentest-blog/llmnr-das-oft-vergessene-einfallstor-ins-ne...
∗∗∗ Meine Gesundheitsdaten wurden gestohlen. Was nun? ∗∗∗ --------------------------------------------- Gesundheitsdaten bleiben weiterhin ein begehrtes Ziel für Hacker. Gelangen sie – warum auch immer – in fremde Hände, sollten Sie diese Schritte befolgen, um den Schaden zu minimieren. --------------------------------------------- https://www.welivesecurity.com/de/privatsphare/meine-gesundheitsdaten-wurden...
∗∗∗ SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques ∗∗∗ --------------------------------------------- Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. --------------------------------------------- https://blog.talosintelligence.com/sneakychef-sugarghost-rat/
∗∗∗ Worldwide 2023 Email Phishing Statistics and Examples ∗∗∗ --------------------------------------------- Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023. --------------------------------------------- https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-ex...
∗∗∗ CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) ∗∗∗ --------------------------------------------- Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs). --------------------------------------------- https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-si...
∗∗∗ Cybercrime: Datenlecks bei Apple und T-Mobile, Gerüchte über Jira-Exploit ∗∗∗ --------------------------------------------- Ein bekannter Cyberkrimineller versucht interne Daten aus Apples und T-Mobiles Beständen sowie Schadcode für Jira zu Geld zu machen. Ein Unternehmen dementiert. --------------------------------------------- https://heise.de/-9771149
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (ghostscript and thunderbird), Debian (chromium, composer, libndp, and sendmail), Fedora (composer), Mageia (flatpak and python-scikit-learn), Red Hat (curl, ghostscript, and thunderbird), SUSE (hdf5 and opencc), and Ubuntu (gdb and php7.4, php8.1, php8.2, php8.3). --------------------------------------------- https://lwn.net/Articles/979153/
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox, ghostscript, idm:DL1, and thunderbird), Debian (php8.2 and putty), Mageia (chromium-browser-stable), Oracle (ghostscript and thunderbird), Red Hat (thunderbird), and SUSE (containerd, kernel, php-composer2, podofo, python-cryptography, and rmt-server). --------------------------------------------- https://lwn.net/Articles/979257/
∗∗∗ 2024-06-21: Cyber Security Advisory -System 800xA SECURITY Advisory - ABB 800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=7PAA013309&Langu...