Daily June 2025

daily@lists.cert.at

1 participants
15 discussions

Tageszusammenfassung - 06.06.2025
by Daily end-of-shift report 06 Jun '25

06 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-06-2025 18:00 − Freitag 06-06-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Hacker selling critical Roundcube webmail exploit as tech info disclosed ∗∗∗ --------------------------------------------- Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roun… ∗∗∗ FBI: BADBOX 2.0 Android malware infects millions of consumer devices ∗∗∗ --------------------------------------------- The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-badbox-20-android-malwar… ∗∗∗ Critical Fortinet flaws now exploited in Qilin ransomware attacks ∗∗∗ --------------------------------------------- The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-… ∗∗∗ Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 ∗∗∗ --------------------------------------------- Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721. --------------------------------------------- https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-20… ∗∗∗ Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks."Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantecs Security Technology and .. --------------------------------------------- https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.h… ∗∗∗ AT&T not sure if new customer data dump is déjà vu ∗∗∗ --------------------------------------------- Re-selling info from an earlier breach? Probably. But which one? AT&T is investigating claims that millions of its customers data are listed for sale on a cybercrime forum in what appears to be a re-release from an earlier hack. --------------------------------------------- https://www.theregister.com/2025/06/05/att_investigates_data_dump/ ∗∗∗ Turning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs ∗∗∗ --------------------------------------------- In October 2024, Censys researchers discovered nearly 400 web-based HMIs for U.S. water facilities exposed online. These were identified via TLS certificate analysis and confirmed through screenshot .. --------------------------------------------- https://censys.com/blog/turning-off-the-information-flow-working-with-the-e… ∗∗∗ Blitz Malware: A Tale of Game Cheats and Code Repositories ∗∗∗ --------------------------------------------- Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2. --------------------------------------------- https://unit42.paloaltonetworks.com/blitz-malware-2025/ ∗∗∗ DDoS-Angriffe auf österreichische Unternehmen und Organisationen ∗∗∗ --------------------------------------------- Uns erreichen aktuell vermehrt Berichte von österreichischen Unternehmen und Organisationen über DDoS-Angriffe gegen ihre Systeme und Netzwerke. Betroffen sind Ziele in den verschiedensten Bereichen und Sektoren, ein besonderer Schwerpunkt der Kriminellen lässt sich bisher nicht festmachen. Bei manchen Angriffen liegen deutliche Hinweise .. --------------------------------------------- https://www.cert.at/de/aktuelles/2025/6/ddos-angriffe-auf-osterreichische-u… ∗∗∗ Nigeria jails 9 Chinese nationals for being part of international cyberfraud syndicate ∗∗∗ --------------------------------------------- The group was arrested in December as part of a raid that included 599 Nigerians and 193 other foreign nationals, many of them Chinese, on suspicion of being involved in a range of online crimes. --------------------------------------------- https://therecord.media/nigeria-jails-9-chinese-nationals-cyber-fraud ∗∗∗ Unsecured Database Exposes Data of 3.6 Million Passion.io Creators ∗∗∗ --------------------------------------------- A massive data leak has put the personal information of over 3.6 million app creators, influencers, and .. --------------------------------------------- https://hackread.com/unsecured-database-exposes-passion-io-creators-data/ ∗∗∗ NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU ∗∗∗ --------------------------------------------- iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU .. --------------------------------------------- https://hackread.com/nickname-zero-click-imessage-exploit-figures-us-eu/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (go-toolset:rhel8, golang, nodejs:20, nodejs:22, openssh, and python36:3.6), Debian (edk2, libfile-find-rule-perl, and webkit2gtk), Fedora (emacs, libvpx, perl-FCGI, and seamonkey), Mageia (cifs-utils), Red Hat (containernetworking-plugins, go-toolset:rhel8, golang, gvisor-tap-vsock, krb5, mod_auth_openidc:2.3, protobuf, and thunderbird), Slackware (seamonkey), SUSE (gimp, gnutls, haproxy, opensaml, openssh, openvpn, python-cryptography, .. --------------------------------------------- https://lwn.net/Articles/1024317/ ∗∗∗ CISA Releases Seven Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-155-01 CyberData 011209 SIP Emergency IntercomICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product ICSA-21-049-02 Mitsubishi Electric FA .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-releases-seven-indu… ∗∗∗ ZDI-25-325: Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-325/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2025
by Daily end-of-shift report 05 Jun '25

05 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-06-2025 18:00 − Donnerstag 05-06-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ BidenCash carding market domains seized in international operation ∗∗∗ --------------------------------------------- Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bidencash-carding-market-dom… ∗∗∗ Cisco warns of ISE and CCP flaws with public exploit code ∗∗∗ --------------------------------------------- Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-f… ∗∗∗ Researchers Bypass Deepfake Detection With Replay Attacks ∗∗∗ --------------------------------------------- An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate. --------------------------------------------- https://www.darkreading.com/cybersecurity-analytics/researchers-bypass-deep… ∗∗∗ Für Datenklau: Hacker kapern reihenweise Salesforce-Zugänge ∗∗∗ --------------------------------------------- Sicherheitsforscher der Google Threat Intelligence Group (GTIG) warnen vor laufenden Vishing-Angriffen (Voice Phishing), die darauf abzielen, Zugang zu Salesforce-Instanzen zu erlangen und daraus massenhaft vertrauliche Unternehmensdaten abzugreifen. --------------------------------------------- https://www.golem.de/news/fuer-datenklau-hacker-kapern-reihenweise-salesfor… ∗∗∗ Be Careful With Fake Zoom Client Downloads ∗∗∗ --------------------------------------------- Collaborative tools are really popular these days. Since the COVID-19 pandemic, many people switched to remote work positions and we need to collaborate with our colleagues or customers every day. Tools like Microsoft Teams, Zoom, WebEx, (name your best solution), became popular and must be regularly updated. Yesterday, I received an interesting email with a fake Zoom meeting invitation. --------------------------------------------- https://isc.sans.edu/diary/rss/32014 ∗∗∗ AI kept 15-year-old zombie vuln alive, but its time is drawing near ∗∗∗ --------------------------------------------- Despite multiple developer warnings about the 2010 GitHub Gist containing the path traversal vulnerability in 2012, 2014, and 2018, the flaw appeared in MDN Web Docs documentation and a Stack Overflow snippet. From there, it took up residence in large language models (LLMs) trained on the flawed examples. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/06/05/llm_kept_per… ∗∗∗ Musikhaus Thomann: Kriminelle locken in Fake-Shops ∗∗∗ --------------------------------------------- Der Erfolg des Musik-Versandhändlers ruft zunehmend Betrüger:innen auf den Plan. Diese bauen den Original-Onlineshop detailgetreu nach und bieten Produkte zu unrealistischen Schleuderpreisen. Wer dort bestellt, bekommt allerdings nichts, sondern verliert Geld. Wir verraten, wie Sie die Fakes am einfachsten erkennen. --------------------------------------------- https://www.watchlist-internet.at/news/musikhaus-thomann-fake-shops/ ∗∗∗ Newly identified wiper malware "PathWiper" targets critical infrastructure in Ukraine ∗∗∗ --------------------------------------------- Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling "PathWiper". --------------------------------------------- https://blog.talosintelligence.com/pathwiper-targets-ukraine/ ∗∗∗ Updated Guidance on Play Ransomware ∗∗∗ --------------------------------------------- CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection. Since June 2022, Playcrypt has targeted diverse businesses and critical infrastructure across North America, South America, and Europe, becoming one of the most active ransomware groups in 2024. The FBI has identified approximately 900 entities allegedly exploited by these ransomware actors as of May 2025. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ra… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Integrated Management Controller Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Sicherheitsupdates: Dell repariert PowerScale OneFS und Bluetooth-Treiber ∗∗∗ --------------------------------------------- Angreifer können an einer Schwachstelle in Dells NAS-Betriebssystem PowerScale OneFS ansetzen und Dateien löschen. Außerdem macht eine Lücke im Bluetooth-Treiber unzählige Dell-PCs angreifbar. Sicherheitsupdates stehen zum Download. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Dell-repariert-PowerScale-OneF… ∗∗∗ VMware NSX: Hochriskante Sicherheitslücke gestopft ∗∗∗ --------------------------------------------- Broadcom warnt vor teils hochriskanten Sicherheitslücken in der Netzwerkvirtualisierungs- und Sicherheitsplattform VMware NSX. Angreifer können unter anderem Schadcode einschleusen und ausführen. IT-Verantwortliche sollten zügig auf die fehlerbereinigten Versionen aktualisieren. --------------------------------------------- https://www.heise.de/news/VMware-NSX-Hochriskante-Sicherheitsluecke-gestopf… ∗∗∗ Acronis Cyber Protect: Mehrere teils kritische Sicherheitslücken ∗∗∗ --------------------------------------------- In der umfangreichen Virenschutz- und Backup-Software Acronis Cyber Protect hat der Hersteller mehrere, teils höchst kritische Sicherheitslücken entdeckt. Diese stopfen die Entwickler mit aktualisierter Software. --------------------------------------------- https://www.heise.de/news/Acronis-Cyber-Protect-Mehrere-teils-kritische-Sic… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and mariadb-10.5), Oracle (firefox, ghostscript, git, go-toolset:ol8, golang, kernel, krb5, mingw-freetype and spice-client-win, nodejs:20, nodejs:22, perl-CPAN, python36:3.6, rsync, varnish, and varnish:6), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (curl and python3), SUSE (apache-commons-beanutils, apache2-mod_security2, avahi, buildkit, ca-certificates-mozilla, cloud-regionsrv-client, cloud-regionsrv-client, python-toml, containerd, containerized-data-importer, cups, curl, dnsmasq, docker, elemental-operator, elemental-toolkit, expat, firefox, freetype2, gdk-pixbuf, git, glib2, glibc, gnuplot, gnutls, gpg2, gstreamer, gstreamer-plugins-base, gtk3, haproxy, helm, java-17-openjdk, java-1_8_0-openjdk, keepalived, kernel, kernel-firmware, krb5, kubevirt, less, libarchive, libcryptopp, libdb-4_8, libndp, libpcap, libsoup, libtasn1, libvirt, libX11, libxml2, libxslt, Mesa, mozilla-nss, nghttp2, nvidia-open-driver-G06-signed, opensc, openssh, openssl-3, openssl-3, libpulp, ulp-macros, orc, pam, pam_pkcs11, pam_u2f, patch, pcp, pcr-oracle, shim, perl-Crypt-OpenSSL-RSA, podman, postgresql16, procps, protobuf, python-dnspython, python-Jinja2, python-requests, python-setuptools, python-tornado6, python-urllib3, python311, python311, python-rpm-macros, qemu, rsync, runc, rust-keylime, selinux-policy, sevctl, skopeo, sssd, SUSE Manager Client Tools, systemd, thunderbird, tiff, tpm2.0-tools, tpm2-0-tss, u-boot, ucode-intel, unbound, util-linux, vim, wget, and wpa_supplicant), and Ubuntu (linux-nvidia, python-django, twitter-bootstrap3, twitter-bootstrap4, and wireshark). --------------------------------------------- https://lwn.net/Articles/1024158/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2025
by Daily end-of-shift report 04 Jun '25

04 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-06-2025 18:00 − Mittwoch 04-06-2025 18:00 Handler: Felician Fuchs Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Coinbase breach tied to bribed TaskUs support agents in India ∗∗∗ --------------------------------------------- A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-brib… ∗∗∗ Umgehung des Sandboxings: Meta und Yandex de-anonymisieren Android-Nutzer ∗∗∗ --------------------------------------------- Sicherheitsforscher decken eine Methode auf, mit der Meta und Yandex flüchtige Web-Identifikatoren in dauerhafte Nutzeridentitäten umgewandelt haben. --------------------------------------------- https://www.golem.de/news/umgehung-des-sandboxings-meta-und-yandex-de-anony… ∗∗∗ The strange tale of ischhfd83: When cybercriminals eat their own ∗∗∗ --------------------------------------------- This investigation is a good example of how threats can be much more complex than they first appear. From an initial customer query about a new RAT, we uncovered a significant amount of backdoored GitHub repositories, containing multiple kinds of backdoors. --------------------------------------------- https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when… ∗∗∗ Acreed infostealer poised to replace Lumma after global crackdown ∗∗∗ --------------------------------------------- The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said. --------------------------------------------- https://therecord.media/acreed-infostealer-arises-after-lumma-takedown ∗∗∗ Angriffe laufen: Connectwise, Craft CMS und Asus-Router im Visier ∗∗∗ --------------------------------------------- Die CISA warnt vor Angriffen auf Sicherheitslecks in Connectwise ScreenConnect, Craft CMS und Asus-Router. Updates stehen bereit. --------------------------------------------- https://heise.de/-10424978 ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday Android: Angreifer können sich höhere Rechte verschaffen ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates schließen mehrere Lücken in Android 13, 14 und 15. Angreifer attackieren Geräte mit Qualcomm-Prozessor. --------------------------------------------- https://www.heise.de/news/Patchday-Android-Angreifer-koennen-sich-hoehere-R… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarchive, libsoup, libsoup2, libtasn1, libX11, libxml2, libxslt, orc, podman, python-Jinja2, python-requests, python3-setuptools, python310, python311, python39, rubygem-rack, sslh, SUSE Manager Client Tools, SUSE Manager Client Tools and Salt Bundle, ucode-intel, util-linux, and wget), and Ubuntu (libvpx, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-nvidia-tegra, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-aws-fips, linux-gcp-fips, linux-azure-fde, linux-fips, and linux-intel-iot-realtime, linux-realtime). --------------------------------------------- https://lwn.net/Articles/1023793/ ∗∗∗ ZDI-25-324: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-324/ ∗∗∗ ZDI-25-323: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-323/ ∗∗∗ ZDI-25-321: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-321/ ∗∗∗ Critical Vulnerability in multiple Mitsubishi Electric MELSEC iQ-F Series Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03 ∗∗∗ Critical Vulnerability in Schneider Electric Wiser Home Automation ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2025
by Daily end-of-shift report 03 Jun '25

03 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Montag 02-06-2025 18:00 − Dienstag 03-06-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Malicious RubyGems pose as Fastlane to steal Telegram API data ∗∗∗ --------------------------------------------- Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-f… ∗∗∗ Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets ∗∗∗ --------------------------------------------- A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victims contacts list. --------------------------------------------- https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.h… ∗∗∗ How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms ∗∗∗ --------------------------------------------- We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems. [..] A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms appeared first on Unit 42. --------------------------------------------- https://unit42.paloaltonetworks.com/comparing-llm-guardrails-across-genai-p… ∗∗∗ Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims ∗∗∗ --------------------------------------------- North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer data. Explore the methods used by attackers and the wider impact on retail security. --------------------------------------------- https://hackread.com/cyberattacks-retailers-cartier-north-face-victims/ ∗∗∗ Inside RansomHub: Tactics, Targets, and What It Means for You ∗∗∗ --------------------------------------------- What is RansomHub ransomware? We dive into the groups TTPs, latest attacks and news, & mitigation strategies you should know in 2025. --------------------------------------------- https://www.bitsight.com/blog/guide-to-ransomhub-ransomware-2025 ===================== = Vulnerabilities = ===================== ∗∗∗ Google stopft attackierte Lücke in Chrome ∗∗∗ --------------------------------------------- In der Javascript-Engine V8 von Google Chrome ermöglicht eine Schwachstelle Angreifern, außerhalb vorgesehener Speichergrenzen zu lesen und zu schreiben. Für diese Schwachstelle ist ein Exploit in freier Wildbahn aufgetaucht, sie wird daher offenbar bereits attackiert. --------------------------------------------- https://www.heise.de/news/Google-stopft-attackierte-Luecke-in-Chrome-104232… ∗∗∗ Sicherheitsupdate: Vielfältige Attacken auf HPE StoreOnce möglich ∗∗∗ --------------------------------------------- Acht Softwareschwachstellen in der Backuplösung StoreOnce von HPE machen Systeme attackierbar. Darunter findet sich eine "kritische" Lücke. Über weitere Angriffe kann Schadcode auf PCs gelangen. Eine gegen mögliche Attacken geschützte Version steht ab sofort zum Download bereit. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdate-Vielfaeltige-Attacken-auf-HPE-S… ∗∗∗ Angreifer können Roundcube Webmail mit Schadcode attackieren ∗∗∗ --------------------------------------------- Webadmins sollten ihre Roundcube-Webmail-Instanzen zeitnah auf den aktuellen Stand bringen. In aktuellen Ausgaben haben die Entwickler eine Sicherheitslücke geschlossen, über die Schadcode auf Systeme gelangen kann. --------------------------------------------- https://www.heise.de/news/Kritische-Schadcode-Luecke-bedroht-Roundcube-Webm… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado). --------------------------------------------- https://lwn.net/Articles/1023625/ ∗∗∗ SVD-2025-0604: Third-Party Package Updates in Splunk Universal Forwarder - June 2025 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0604 ∗∗∗ SVD-2025-0603: Third-Party Package Updates in Splunk Enterprise - June 2025 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0603 ∗∗∗ SVD-2025-0602: Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0602 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.06.2025
by Daily end-of-shift report 02 Jun '25

02 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-05-2025 18:00 − Montag 02-06-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Exploit details for max severity Cisco IOS XE flaw now public ∗∗∗ --------------------------------------------- Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-details-for-max-seve… ∗∗∗ Deutscher Rüstungskonzern: Cybergang leakt interne Daten von Rheinmetall ∗∗∗ --------------------------------------------- Der deutsche Rüstungskonzern Rheinmetall ist offenbar Ziel einer Cyberattacke geworden, bei der vertrauliche Daten in die Hände der Angreifer gelangt sind. Die Hackergruppe Babuk2 hatte Rheinmetall schon am 4. April auf ihre Datenleckseite aufgenommen. Jetzt berichtete Tagesschau.de, dass auch die Datenschutzbehörde NRW sowie das Bundesamt für Sicherheit in der Informationstechnik über den Vorfall informiert worden seien. --------------------------------------------- https://www.golem.de/news/deutscher-ruestungskonzern-cybergang-leakt-intern… ∗∗∗ Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions ∗∗∗ --------------------------------------------- Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. --------------------------------------------- https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.h… ∗∗∗ Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump ∗∗∗ --------------------------------------------- A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs — believed to have raked in billions from companies, hospitals, and individuals worldwide. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/05/31/gangexposed_… ∗∗∗ RCEs and more in the KUNBUS GmbH Revolution Pi PLC ∗∗∗ --------------------------------------------- We found four vulnerabilities by downloading and extracting Revolution Pi’s latest firmware version (01/2025). We didn’t even need to buy the device, although one would look great on our ICS demo rig! All were found with static code analysis but demonstrated by installing the firmware to a standard Raspberry Pi. --------------------------------------------- https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-g… ∗∗∗ The remote desktop puzzle. DFIR techniques for dealing with RDP Bitmap Cache ∗∗∗ --------------------------------------------- A lot of people are aware of RDP and what its functions are. It’s known for providing remote access and making life easier for administrators and users. With that comes insight for forensic investigators, regarding the ‘bitmap cache’. This is often overlooked, but when analysed correctly can provide some great understanding about what’s happened on a system. --------------------------------------------- https://www.pentestpartners.com/security-blog/the-remote-desktop-puzzle-dfi… ∗∗∗ LOLCLOUD - Azure Arc - C2aaS ∗∗∗ --------------------------------------------- Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases. --------------------------------------------- https://blog.zsec.uk/azure-arc-c2aas/ ===================== = Vulnerabilities = ===================== ∗∗∗ New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora ∗∗∗ --------------------------------------------- Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. --------------------------------------------- https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html ∗∗∗ 2025-06-02: Cyber Security Advisory - ELSB/Home Solutions Outdated SW Components in ABB Welcome IP-Gateway ∗∗∗ --------------------------------------------- An attacker who successfully exploits these vulnerabilities could potentially gain unauthorized access and potentially compromise the system's - and log-file - confidentiality, integrity and availability. --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A8948&Lan… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (espeak-ng, kitty, kmail-account-wizard, krb5, libreoffice, libvpx, net-tools, python-flask-cors, symfony, tcpdf, thunderbird, and twitter-bootstrap3), Fedora (chromium, dropbear, firefox, gstreamer1-plugins-bad-free, python-tornado, systemd, and thunderbird), Mageia (coreutils, deluge, glib2.0, and redis), Oracle (firefox, kernel, and systemd), Red Hat (firefox, kernel, kernel-rt, varnish, varnish:6, and zlib), SUSE (bind, curl, dnsdist, docker, ffmpeg-7, firefox, glibc, golang-github-prometheus-alertmanager, govulncheck-vulndb, icinga2, iputils, java-11-openjdk, java-1_8_0-ibm, kea, kernel, libopenssl-3-devel, libsoup, libxml2, nodejs-electron, open-vm-tools, openbao, perl-Net-Dropbox-API, pluto, poppler, postgresql14, postgresql15, postgresql16, postgresql17, python312-setuptools, runc, s390-tools, skopeo, sqlite3, thunderbird, and unbound), and Ubuntu (apport and libphp-adodb). --------------------------------------------- https://lwn.net/Articles/1023501/ ∗∗∗ Multiple vulnerabilities in wivia 5 ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN51394666/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2025