CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.9.FEB.24

PreviousCCTR.10.FEB.24NextCCTR.8.FEB.24

Last updated 11 months ago

Monday morning Cyber coffee read CCTR.9.FEB.24.

Big win for the law enforcement community in significantly disrupting L0ckbit operations last week. The U.K.'s National Crime Agency, the FBI, and Europol successfully seized control of the L0ckBit ransomware group's key infrastructure, marking a significant disruption to their cybercriminal activities. This operation not only brings a halt to L0ckbit’s ongoing operations but also showcases law enforcement's active pursuit of ransomware groups, potentially eroding trust among other cybercrime affiliates. The move is part of a broader trend where authorities prioritize combating cybercrime, particularly ransomware, as a pressing issue. Recent revelations indicate that L0ckBit had nearly 200 "affiliates" in the past two years, other individuals/groups participating in the gang's ransomware-as-a-service model. Additionally, the takedown exposed that the criminals were not deleting data as promised after receiving ransom payments, contrary to their claims (unethical cybercriminals).

Ref https://www.theregister.com/2024/02/21/lockbit_leaks/

ScreenConnect has released a security advisory for version 23.9.8, highlighting two vulnerabilities: CVE-2024-1709 (CVSS 10) and CVE-2024-1708 (CVSS 8.40). ScreenConnect is a popular enterprise remote desktop management tool, widely utilized by managed service providers (MSPs). These vulnerabilities are actively being exploited by adversaries in the wild to compromise organizations. Ref https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708

Progress Kemp has disclosed a vulnerability with CVE-2024-1212 (CVSS 10) in their LoadMaster and ECS Connection Manager (ECS CM) products. This vulnerability allows unauthenticated remote attackers to gain access to the system via the LoadMaster management interface, enabling command execution on affected systems. Like Uncle Roger said, "Haiiya, why do you publish management interfaces on the internet?"

The VMware Enhanced Authentication Plug-in (EAP), a plugin designed for VMware vSphere, contains two vulnerabilities (CVE-2024-22245 (CVSS 9.6) and CVE-2024-22250 (CVSS 7.8). These vulnerabilities could be leveraged by attackers to execute authentication relay and session hijack attacks. Unfortunately, these vulnerabilities have not been addressed and will not be patched. Instead, VMware is advising administrators to uninstall the EAP plugin, which was deprecated as of 2021.

Ref https://www.vmware.com/security/advisories/VMSA-2024-0003.html

SolarWinds (yah! sounds familiar) has addressed five remote code execution (RCE) vulnerabilities in its Access Rights Manager (ARM) solution. Among these, three are deemed critical, enabling unauthenticated exploitation. Trend Micro's Security Research Team disclosed these vulnerabilities through SolarWinds' responsible disclosure program.

Ref https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bugs-in-access-rights-audit-solution/

bleepingcomputer.com