End-of-Day report
Timeframe: Donnerstag 27-06-2024 18:00 - Freitag 28-06-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Alexander Riepl
News
New Unfurling Hemlock threat actor floods systems with malware
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files ..
https://www.bleepingcomputer.com/news/security/new-unfurling-hemlock-threat-actor-floods-systems-with-malware/
BlackSuit ransomware gang claims attack on KADOKAWA corporation
The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid.
https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-gang-claims-attack-on-kadokawa-corporation/
Teamviewer gehackt: Cyberangriff trifft populäre Fernwartungssoftware
Teamviewer hat bestätigt, dass es einen Sicherheitsvorfall gegeben hat. Erste Hinweise deuten darauf hin, dass die Hackergruppe Midnight Blizzard dahinterstecken könnte.
https://www.golem.de/news/teamviewer-gehackt-cyberangriff-trifft-populaere-fernwartungssoftware-2406-186526.html
Support of SSL 2.0 on web servers in 2024
We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet. We also found that a significant portion of these servers was located in Kazakhstan, Tunisia ..
https://isc.sans.edu/diary/Support+of+SSL+20+on+web+servers+in+2024/31044
Microsoft Informs Customers that Russian Hackers Spied on Emails
Russian hackers who broke into Microsofts systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. Reuters: The disclosure underscores the breadth of the breach as Microsoft faces increasing regulatory scrutiny ..
https://yro.slashdot.org/story/24/06/28/1319219/microsoft-informs-customers-that-russian-hackers-spied-on-emails
Google cuts ties with Entrust in Chrome over trust issues
Move comes weeks after Mozilla blasted certificate authority for failings Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements.
https://www.theregister.com/2024/06/28/google_axes_entrust_over_six/
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin ..
https://www.wordfence.com/blog/2024/06/an-inside-look-at-the-malware-and-techniques-used-in-the-wordpress-org-supply-chain-attack/
Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen
Seit heute Morgen sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke ..
https://www.cert.at/de/aktuelles/2024/6/akute-welle-an-ddos-angriffen-gegen-osterreichische-unternehmen-und-organisationen
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear.The UK National Cyber Security Centre (NCSC) and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an ..
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the suspicious behavior was emanating from the installation of ..
https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/
Juniper: Kritische Lücke erlaubt Angreifern Übernahme von Session Smart Router
Juniper Networks liefert außerplanmäßige Updates gegen eine kritische Sicherheitslücke in Session Smart Router, -Conductor und WAN Assurance Router.
https://heise.de/-9781931
Vulnerabilities
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
https://thehackernews.com/2024/06/gitlab-releases-patch-for-critical-cicd.html
2024-06: Out-Of-Cycle Security Bulletin: Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973)
https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973
OMSA-2024-0001
https://www.vmware.com/security/advisories/OMSA-2024-0001.html