[CERT-daily] Tageszusammenfassung - 28.06.2024

Fri Jun 28 18:12:06 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 27-06-2024 18:00 − Freitag 28-06-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ New Unfurling Hemlock threat actor floods systems with malware ∗∗∗
---------------------------------------------
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-unfurling-hemlock-threat-actor-floods-systems-with-malware/


∗∗∗ BlackSuit ransomware gang claims attack on KADOKAWA corporation ∗∗∗
---------------------------------------------
The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-gang-claims-attack-on-kadokawa-corporation/


∗∗∗ Teamviewer gehackt: Cyberangriff trifft populäre Fernwartungssoftware ∗∗∗
---------------------------------------------
Teamviewer hat bestätigt, dass es einen Sicherheitsvorfall gegeben hat. Erste Hinweise deuten darauf hin, dass die Hackergruppe Midnight Blizzard dahinterstecken könnte.
---------------------------------------------
https://www.golem.de/news/teamviewer-gehackt-cyberangriff-trifft-populaere-fernwartungssoftware-2406-186526.html


∗∗∗ Support of SSL 2.0 on web servers in 2024 ∗∗∗
---------------------------------------------
We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet. We also found that a significant portion of these servers was located in Kazakhstan, Tunisia ..
---------------------------------------------
https://isc.sans.edu/diary/Support+of+SSL+20+on+web+servers+in+2024/31044


∗∗∗ Microsoft Informs Customers that Russian Hackers Spied on Emails ∗∗∗
---------------------------------------------
Russian hackers who broke into Microsofts systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. Reuters: The disclosure underscores the breadth of the breach as Microsoft faces increasing regulatory scrutiny ..
---------------------------------------------
https://yro.slashdot.org/story/24/06/28/1319219/microsoft-informs-customers-that-russian-hackers-spied-on-emails


∗∗∗ Google cuts ties with Entrust in Chrome over trust issues ∗∗∗
---------------------------------------------
Move comes weeks after Mozilla blasted certificate authority for failings Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements.
---------------------------------------------
https://www.theregister.com/2024/06/28/google_axes_entrust_over_six/


∗∗∗ An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack ∗∗∗
---------------------------------------------
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin ..
---------------------------------------------
https://www.wordfence.com/blog/2024/06/an-inside-look-at-the-malware-and-techniques-used-in-the-wordpress-org-supply-chain-attack/


∗∗∗ Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen ∗∗∗
---------------------------------------------
Seit heute Morgen sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke ..
---------------------------------------------
https://www.cert.at/de/aktuelles/2024/6/akute-welle-an-ddos-angriffen-gegen-osterreichische-unternehmen-und-organisationen


∗∗∗ SVR Cyber Actors Adapt Tactics for Initial Cloud Access ∗∗∗
---------------------------------------------
This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear.The UK National Cyber Security Centre (NCSC) and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an ..
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a


∗∗∗ Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz ∗∗∗
---------------------------------------------
On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the suspicious behavior was emanating from the installation of ..
---------------------------------------------
https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/


∗∗∗ Juniper: Kritische Lücke erlaubt Angreifern Übernahme von Session Smart Router ∗∗∗
---------------------------------------------
Juniper Networks liefert außerplanmäßige Updates gegen eine kritische Sicherheitslücke in Session Smart Router, -Conductor und WAN Assurance Router.
---------------------------------------------
https://heise.de/-9781931

=====================
=  Vulnerabilities  =
=====================

∗∗∗ GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others ∗∗∗
---------------------------------------------
https://thehackernews.com/2024/06/gitlab-releases-patch-for-critical-cicd.html


∗∗∗ 2024-06: Out-Of-Cycle Security Bulletin: Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973) ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973


∗∗∗ OMSA-2024-0001 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/OMSA-2024-0001.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily