[CERT-daily] Tageszusammenfassung - 21.06.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 20-06-2024 18:00 − Freitag 21-06-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Linux version of RansomHub ransomware targets VMware ESXi VMs ∗∗∗
---------------------------------------------
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-version-of-ransomhub-ransomware-targets-vmware-esxi-vms/


∗∗∗ Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals ∗∗∗
---------------------------------------------
The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview.
---------------------------------------------
https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/


∗∗∗ LLMNR – das oft vergessene Einfallstor ins Netzwerk ∗∗∗
---------------------------------------------
LLMNR dient zur Namensauflösung in lokalen Netzwerken, wenn kein Domain Name System (DNS) vorhanden ist – was heutzutage so gut wie nie vorkommt. Da LLMNR keine Si­cher­heits­me­cha­nis­men enthält, lässt es sich sehr leicht für Angriffe missbrauchen.
---------------------------------------------
https://www.syss.de/pentest-blog/llmnr-das-oft-vergessene-einfallstor-ins-netzwerk


∗∗∗ Meine Gesundheitsdaten wurden gestohlen. Was nun? ∗∗∗
---------------------------------------------
Gesundheitsdaten bleiben weiterhin ein begehrtes Ziel für Hacker. Gelangen sie – warum auch immer – in fremde Hände, sollten Sie diese Schritte befolgen, um den Schaden zu minimieren.
---------------------------------------------
https://www.welivesecurity.com/de/privatsphare/meine-gesundheitsdaten-wurden-gestohlen-was-nun/


∗∗∗ SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques ∗∗∗
---------------------------------------------
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.
---------------------------------------------
https://blog.talosintelligence.com/sneakychef-sugarghost-rat/


∗∗∗ Worldwide 2023 Email Phishing Statistics and Examples ∗∗∗
---------------------------------------------
Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.
---------------------------------------------
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html


∗∗∗ CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) ∗∗∗
---------------------------------------------
Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs).
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-single-sign-sso-adoption-small-and-medium-sized-businesses-smbs


∗∗∗ Cybercrime: Datenlecks bei Apple und T-Mobile, Gerüchte über Jira-Exploit ∗∗∗
---------------------------------------------
Ein bekannter Cyberkrimineller versucht interne Daten aus Apples und T-Mobiles Beständen sowie Schadcode für Jira zu Geld zu machen. Ein Unternehmen dementiert.
---------------------------------------------
https://heise.de/-9771149



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (ghostscript and thunderbird), Debian (chromium, composer, libndp, and sendmail), Fedora (composer), Mageia (flatpak and python-scikit-learn), Red Hat (curl, ghostscript, and thunderbird), SUSE (hdf5 and opencc), and Ubuntu (gdb and php7.4, php8.1, php8.2, php8.3).
---------------------------------------------
https://lwn.net/Articles/979153/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (firefox, ghostscript, idm:DL1, and thunderbird), Debian (php8.2 and putty), Mageia (chromium-browser-stable), Oracle (ghostscript and thunderbird), Red Hat (thunderbird), and SUSE (containerd, kernel, php-composer2, podofo, python-cryptography, and rmt-server).
---------------------------------------------
https://lwn.net/Articles/979257/


∗∗∗ 2024-06-21: Cyber Security Advisory -System 800xA SECURITY Advisory - ABB 800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=7PAA013309&LanguageCode=en&DocumentPartId=&Action=Launch

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily