[CERT-daily] Tageszusammenfassung - 06.06.2024

Thu Jun 6 18:08:11 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 05-06-2024 18:00 − Donnerstag 06-06-2024 18:00
Handler:     Alexander Riepl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Qilin ransomware gang linked to attack on London hospitals ∗∗∗
---------------------------------------------
A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qilin-ransomware-gang-linked-to-attack-on-london-hospitals/


∗∗∗ Linux version of TargetCompany ransomware focuses on VMware ESXi ∗∗∗
---------------------------------------------
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-version-of-targetcompany-ransomware-focuses-on-vmware-esxi/


∗∗∗ Brute Force Attacks Against Watchguard VPN Endpoints, (Wed, Jun 5th) ∗∗∗
---------------------------------------------
If you have a pulse and work in information security (or are a new scraping script without a pulse), you have probably seen reports of attacks against VPN endpoints. Running any VPN without strong authentication has been negligent for years, but in recent times, ransomware gangs, in particular, picked them off pretty quickly.
---------------------------------------------
https://isc.sans.edu/diary/rss/30984


∗∗∗ Malicious Python Script with a "Best Before" Date, (Thu, Jun 6th) ∗∗∗
---------------------------------------------
The script purpose is classic: it will fetch a payload from a remote site, inject it in memory and start a new thread. Such payload are usually related to CobaltStike.
---------------------------------------------
https://isc.sans.edu/diary/rss/30988


∗∗∗ Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository thats designed to deliver an information stealer called Lumma (aka LummaC2).
---------------------------------------------
https://thehackernews.com/2024/06/hackers-target-python-developers-with.html


∗∗∗ Prevent Account Takeover with Better Password Security ∗∗∗
---------------------------------------------
Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web.
---------------------------------------------
https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html


∗∗∗ 7-year-old Oracle WebLogic bug under active exploitation ∗∗∗
---------------------------------------------
Experts say Big Red will probably re-release patch in an upcoming cycle.
---------------------------------------------
https://www.theregister.com/2024/06/06/oracle_weblogic_vulnerability_exploited/


∗∗∗ Exploitation of Recent Check Point VPN Zero-Day Soars ∗∗∗
---------------------------------------------
GreyNoise has observed a rapid increase in the number of exploitation attempts targeting a recent Check Point VPN zero-day.
---------------------------------------------
https://www.securityweek.com/exploitation-of-recent-check-point-vpn-zero-day-soars/


∗∗∗ Ransomware: FBI hat Zugriff auf 7000 LockBit-Schlüssel und macht Opfern Hoffnung ∗∗∗
---------------------------------------------
Der Kampf gegen Lockbit ist nach wie vor im Gange. Dank beschlagnahmter Schlüssel sollen nun weitere Opfer wieder auf ihre Daten zugreifen können.
---------------------------------------------
https://heise.de/-9749844


=====================
=  Vulnerabilities  =
=====================
∗∗∗ 2024-06-04: Cyber Security Advisory -KNX Secure Devices FDSK Leak and replay attack ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Cisco Finesse Web-Based Management Interface Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew


∗∗∗ Vulnerabilities Patched in Kiuwan Code Security Products After Long Disclosure Process ∗∗∗
---------------------------------------------
https://www.securityweek.com/vulnerabilities-patched-in-kiuwan-code-security-products-after-long-disclosure-process/


∗∗∗ Emerson Ovation ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-02


∗∗∗ Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-03


∗∗∗ Emerson PACSystem and Fanuc ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01


∗∗∗ Johnson Controls Software House iStar Pro Door Controller ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04


∗∗∗ K000139901: PyYAML vulnerability CVE-2017-18342 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000139901

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily