Tag Archives: BlackBasta

Trending vulnerabilities for June according to Positive Technologies

Leave a reply

Trending vulnerabilities for June according to Positive Technologies. Traditionally, in 3 formats (in Russian):

📹 The section “Trending VM” in the SecLab news video (starts at 15:03)
🗞 Post on the Habr website, in fact this is a slightly expanded scenario for the “Trending VM” section
🗒 Compact digest with technical details on the official PT website

List of vulnerabilities:

🔻 EoP in Microsoft Windows CSC (CVE-2024-26229)
🔻 EoP in Microsoft Windows Error Reporting (CVE-2024-26169)
🔻 EoP in Microsoft Windows Kernel (CVE-2024-30088)
🔻 RCE in PHP (CVE-2024-4577)
🔻 EoP in Linux Kernel (CVE-2024-1086)
🔻 InfDisclosure in Check Point Security Gateways (CVE-2024-24919)
🔻 RCE in VMware vCenter (CVE-2024-37079, CVE-2024-37080)
🔻 AuthBypass in Veeam Backup & Replication (CVE-2024-29849)

На русском

The criticality of the Elevation of Privilege – Windows Error Reporting Service (CVE-2024-26169) vulnerability has increased

Leave a reply

The criticality of the Elevation of Privilege - Windows Error Reporting Service (CVE-2024-26169) vulnerability has increased

The criticality of the Elevation of Privilege – Windows Error Reporting Service (CVE-2024-26169) vulnerability has increased. If exploited successfully, the attacker gains SYSTEM privileges. The vulnerability was fixed in Microsoft’s March Patch Tuesday. As often happens, no one highlighted this vulnerability back then. 🤷‍♂️

However, 3 months later, on June 12, Symantec researchers reported attacks related to the famous Black Basta ransomware, in which exploits for this vulnerability were used. If we believe the compilation timestamps, these exploits were created long before the release of Microsoft’s patches, in February 2024 or even December 2023. Of course, attackers could fake them, but why would they do that? 🤔

On June 13, the vulnerability was added to CISA KEV. The exploit is not yet publicly available.

The moral is the same: vulnerability prioritization is good, but regular unconditional patching is better.

На русском

The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware

Leave a reply

The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware

The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware. It is alleged that as of May 2024, more than 500 organizations worldwide have been affected by Black Basta, including businesses and critical infrastructure in North America, Australia and Europe. 12 of 16 critical infrastructure sectors are affected.

The ransomware was first spotted in April 2022. Initial Access is obtained through phishing or exploitation of the February vulnerability AuthBypass in ConnectWise ScreenConnect (CVE-2024-1709).

Privilege Escalation and Lateral Movement Toolkit: Mimikatz and Vulnerability Exploitation ZeroLogon (CVE-2020-1472), NoPac (CVE-2021-42278, CVE-2021-42287), PrintNightmare (CVE-2021-34527). Patches have been available for years, but organizations have not installed them. 🤷‍♂️ Perhaps they hoped that the perimeter would never be breached. 😏

На русском