End-of-Day report
Timeframe: Donnerstag 20-06-2024 18:00 - Freitag 21-06-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Linux version of RansomHub ransomware targets VMware ESXi VMs
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.
https://www.bleepingcomputer.com/news/security/linux-version-of-ransomhub-ransomware-targets-vmware-esxi-vms/
Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals
The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview.
https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
LLMNR - das oft vergessene Einfallstor ins Netzwerk
LLMNR dient zur Namensauflösung in lokalen Netzwerken, wenn kein Domain Name System (DNS) vorhanden ist - was heutzutage so gut wie nie vorkommt. Da LLMNR keine Sicherheitsmechanismen enthält, lässt es sich sehr leicht für Angriffe missbrauchen.
https://www.syss.de/pentest-blog/llmnr-das-oft-vergessene-einfallstor-ins-netzwerk
Meine Gesundheitsdaten wurden gestohlen. Was nun?
Gesundheitsdaten bleiben weiterhin ein begehrtes Ziel für Hacker. Gelangen sie - warum auch immer - in fremde Hände, sollten Sie diese Schritte befolgen, um den Schaden zu minimieren.
https://www.welivesecurity.com/de/privatsphare/meine-gesundheitsdaten-wurden-gestohlen-was-nun/
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.
https://blog.talosintelligence.com/sneakychef-sugarghost-rat/
Worldwide 2023 Email Phishing Statistics and Examples
Explore the need for going beyond built-in Microsoft 365 and Google Workspace- security based on email threats detected in 2023.
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html
CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs)
Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs).
https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-single-sign-sso-adoption-small-and-medium-sized-businesses-smbs
Cybercrime: Datenlecks bei Apple und T-Mobile, Gerüchte über Jira-Exploit
Ein bekannter Cyberkrimineller versucht interne Daten aus Apples und T-Mobiles Beständen sowie Schadcode für Jira zu Geld zu machen. Ein Unternehmen dementiert.
https://heise.de/-9771149
Vulnerabilities
Security updates for Thursday
Security updates have been issued by AlmaLinux (ghostscript and thunderbird), Debian (chromium, composer, libndp, and sendmail), Fedora (composer), Mageia (flatpak and python-scikit-learn), Red Hat (curl, ghostscript, and thunderbird), SUSE (hdf5 and opencc), and Ubuntu (gdb and php7.4, php8.1, php8.2, php8.3).
https://lwn.net/Articles/979153/
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox, ghostscript, idm:DL1, and thunderbird), Debian (php8.2 and putty), Mageia (chromium-browser-stable), Oracle (ghostscript and thunderbird), Red Hat (thunderbird), and SUSE (containerd, kernel, php-composer2, podofo, python-cryptography, and rmt-server).
https://lwn.net/Articles/979257/
2024-06-21: Cyber Security Advisory -System 800xA SECURITY Advisory - ABB 800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability
https://search.abb.com/library/Download.aspx?DocumentID=7PAA013309&LanguageCode=en&DocumentPartId=&Action=Launch