Tageszusammenfassung - 28.06.2024

End-of-Day report

Timeframe: Donnerstag 27-06-2024 18:00 - Freitag 28-06-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Alexander Riepl

News

New Unfurling Hemlock threat actor floods systems with malware

A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files ..

https://www.bleepingcomputer.com/news/security/new-unfurling-hemlock-threat-actor-floods-systems-with-malware/


BlackSuit ransomware gang claims attack on KADOKAWA corporation

The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid.

https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-gang-claims-attack-on-kadokawa-corporation/


Teamviewer gehackt: Cyberangriff trifft populäre Fernwartungssoftware

Teamviewer hat bestätigt, dass es einen Sicherheitsvorfall gegeben hat. Erste Hinweise deuten darauf hin, dass die Hackergruppe Midnight Blizzard dahinterstecken könnte.

https://www.golem.de/news/teamviewer-gehackt-cyberangriff-trifft-populaere-fernwartungssoftware-2406-186526.html


Support of SSL 2.0 on web servers in 2024

We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet. We also found that a significant portion of these servers was located in Kazakhstan, Tunisia ..

https://isc.sans.edu/diary/Support+of+SSL+20+on+web+servers+in+2024/31044


Microsoft Informs Customers that Russian Hackers Spied on Emails

Russian hackers who broke into Microsofts systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. Reuters: The disclosure underscores the breadth of the breach as Microsoft faces increasing regulatory scrutiny ..

https://yro.slashdot.org/story/24/06/28/1319219/microsoft-informs-customers-that-russian-hackers-spied-on-emails


Google cuts ties with Entrust in Chrome over trust issues

Move comes weeks after Mozilla blasted certificate authority for failings Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements.

https://www.theregister.com/2024/06/28/google_axes_entrust_over_six/


An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin ..

https://www.wordfence.com/blog/2024/06/an-inside-look-at-the-malware-and-techniques-used-in-the-wordpress-org-supply-chain-attack/


Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen

Seit heute Morgen sind verschiedene österreichische Unternehmen und Organisationen aus unterschiedlichen Branchen und Sektoren mit DDoS-Angriffen konfrontiert. Die genauen Hintergründe der Attacke ..

https://www.cert.at/de/aktuelles/2024/6/akute-welle-an-ddos-angriffen-gegen-osterreichische-unternehmen-und-organisationen


SVR Cyber Actors Adapt Tactics for Initial Cloud Access

This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear.The UK National Cyber Security Centre (NCSC) and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an ..

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a


Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz

On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the suspicious behavior was emanating from the installation of ..

https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/


Juniper: Kritische Lücke erlaubt Angreifern Übernahme von Session Smart Router

Juniper Networks liefert außerplanmäßige Updates gegen eine kritische Sicherheitslücke in Session Smart Router, -Conductor und WAN Assurance Router.

https://heise.de/-9781931


Vulnerabilities

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

https://thehackernews.com/2024/06/gitlab-releases-patch-for-critical-cicd.html


2024-06: Out-Of-Cycle Security Bulletin: Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973)

https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973


OMSA-2024-0001

https://www.vmware.com/security/advisories/OMSA-2024-0001.html