Tageszusammenfassung - 29.02.2024

End-of-Day report

Timeframe: Mittwoch 28-02-2024 18:00 - Donnerstag 29-02-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

LockBit ransomware returns to attacks with new encryptors, servers

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last weeks law enforcement disruption.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/


Neue Ransomwaregruppe: Angeblicher Cyberangriff auf Epic Games bleibt zweifelhaft

Die Hackergruppe Mogilevich bietet im Darknet Daten von Epic Games im Umfang von 189 GByte zum Verkauf an. Zweifel an dem Angebot sind jedoch angebracht.

https://www.golem.de/news/daten-stehen-zum-verkauf-neue-ransomwaregruppe-hat-angeblich-epic-games-gehackt-2402-182672.html


GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

Threat hunters have discovered a new Linux malware called GTPDOOR that-s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX). The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications.

https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html


New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks.

https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html


#StopRansomware: Phobos Ransomware

This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a


ALPHV is singling out healthcare sector, say FBI and CISA

CISA, FBI and HHS are warning about the ALPHV/ Blackcat ransomware group targeting the healthcare industry.

https://www.malwarebytes.com/blog/news/2024/02/alphv-is-singling-out-healthcare-sector-say-fbi-and-cisa


GUloader Unmasked: Decrypting the Threat of Malicious SVG Files

This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals.

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/


Amazon-Vishing: Vorsicht vor Fake-Amazon-Anrufen!

Am Telefon geben sich Kriminelle als Amazon-Mitarbeiter:innen aus. Unter verschiedenen Vorwänden bringen sie Sie dazu, TeamViewer oder AnyDesk zu installieren und räumen Ihr Konto leer! Sollten Sie so einen Anruf erhalten, legen Sie auf und blockieren Sie die Nummer.

https://www.watchlist-internet.at/news/amazon-vishing-vorsicht-vor-fake-amazon-anrufen/


ADCS ESC14 Abuse Technique

In this blog post, we will explore the variations of abuse of explicit certificate mapping in AD, what the requirements are, and how you can protect your environment against it.

https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9


The Art of Domain Deception: Bifrosts New Tactic to Deceive Users

The RAT Bifrost has a new Linux variant that leverages a deceptive domain in order to compromise systems. We analyze this expanded attack surface.

https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/


Vulnerabilities in business VPNs under the spotlight

As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk.

https://www.welivesecurity.com/en/business-security/vulnerabilities-business-vpns-spotlight/


IT-Sicherheitsprodukte von Sophos verschlucken sich am Schaltjahr

Aufgrund eines Fehlers können Sophos Endpoint, Home und Server vor dem Besucht legitimer Websites warnen. Erste Lösungen sind bereits verfügbar.

https://heise.de/-9642801

Vulnerabilities

Security updates for Thursday

Security updates have been issued by Debian (chromium), Fedora (moodle), Red Hat (kernel, kernel-rt, and postgresql:15), Slackware (wpa_supplicant), SUSE (Java and rear27a), and Ubuntu (libcpanel-json-xs-perl, libuv1, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.4, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, python-openstackclient, and unbound).

https://lwn.net/Articles/964039/


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


2024-01 Security Bulletin: JSA Series: Multiple vulnerabilities resolved in JSA Applications

https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-JSA-Applications


On Demand: JSA Series: Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP7 IF05

https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP7-IF05


Delta Electronics CNCSoft-B

https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01


MicroDicom DICOM Viewer

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01