Daily

daily@lists.cert.at

1 participants
3208 discussions

Tageszusammenfassung - 17.06.2025
by Daily end-of-shift report 17 Jun '25

17 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Montag 16-06-2025 18:00 − Dienstag 17-06-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Apple: Sicherheitslücke in diversen Betriebssystemen wird angegriffen ∗∗∗ --------------------------------------------- Die neu attackierte Schwachstelle betrifft nach Apples Angaben Messages. "Ein Logikfehler kann bei der Verarbeitung von bösartig präparierten Fotos oder Videos auftreten, die mittels eines iCloud-Links geteilt wurden", schreiben die Entwickler dazu (CVE-2025-43200 / EUVD-2025-18428, CVSS steht noch aus, Risikoeinstufung fehlt derzeit). Sie erklären weiter: "Apple weiß von einem Bericht, demzufolge dieses Problem in einem extrem ausgeklügelten Angriff gegen bestimmte Zielpersonen ausgenutzt worden sein könnte." Der Schwachstelleneintrag stammt vom Montag dieser Woche. Sicherheitsmitteilungen zu den diversen Betriebssystemen und -versionen hat Apple hingegen bereits am Donnerstag vergangener Woche aktualisiert oder neu veröffentlicht. --------------------------------------------- https://heise.de/-10449241 ∗∗∗ Cross-Site Scripting (XSS) Schwachstelle CVE-2025-4123 in Grafana ∗∗∗ --------------------------------------------- In der Open-Source-Software Grafana wurde die Tage eine Cross-Site Scripting (XSS) Schwachstelle CVE-2025-4123 öffentlich. Es ist ein kritischer offener Redirect-Fehler in Grafana, der zur Übernahme von Konten führen könnte. [..] Sonic Wall hat dies bereits zum 5. Juni 2025 im Beitrag High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 öffentlich gemacht. Die Schwachstelle CVE-2025-4123 ist laut dem Grafana Sicherheitshinweis Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin vom 21. Mai 2025 in den Versionen v10.4.18+security-01, v11.2.9+security-01, v11.3.6+security-01, v11.4.4+security-01, v11.5.4+security-01, v11.6.1+security-01 und v12.0.0+security-01 behoben. --------------------------------------------- https://www.borncity.com/blog/2025/06/17/cross-site-scripting-xss-schwachst… ∗∗∗ Water Curse Targets Infosec Pros via Poisoned GitHub Repositories ∗∗∗ --------------------------------------------- The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware. --------------------------------------------- https://www.darkreading.com/cyberattacks-data-breaches/water-curse-targets-… ∗∗∗ How Long Until the Phishing Starts? About Two Weeks, (Tue, Jun 17th) ∗∗∗ --------------------------------------------- I recently added an account to my Google Workspace domain (montance[dot]com). Friday, May 16th, 10:10 am, to be exact. Something interesting to note about the domain configuration is there’s a catchall account in place, so all email addresses are valid. Starting May 28th the new account started receiving targeted phishing email messages. [..] Nothing especially surprising, but a reminder that they’re watching for opportunities. Someone new at the company and eager to appear responsive seems like a good phishing target! --------------------------------------------- https://isc.sans.edu/diary/rss/32052 ∗∗∗ TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when processing the ssid1 parameter in a specially crafted HTTP GET request. --------------------------------------------- https://thehackernews.com/2025/06/tp-link-router-flaw-cve-2023-33538.html ∗∗∗ New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers have called attention to a new campaign thats actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. --------------------------------------------- https://thehackernews.com/2025/06/new-flodrix-botnet-variant-exploits.html ∗∗∗ Eine Kühlbox voll Stiegl Bier? Vorsicht vor Fake-Gewinnspiel! ∗∗∗ --------------------------------------------- Aktuell schwappt eine Phishing-Welle durch österreichische WhatsApp-Konten. Angeblich verlost die Stiegl Brauerei eine Kühlbox voll Bier. Dahinter versteckt sich aber nichts anderes als eine altbekannte Kombination aus Abo-Falle und Phishing-Attacke – mit einer raffinierten Neuerung. --------------------------------------------- https://www.watchlist-internet.at/news/stiegl-bier-fake-phishing/ ∗∗∗ Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation ∗∗∗ --------------------------------------------- We analyze two new KimJongRAT stealer variants, combining new research with existing knowledge. One uses a Portable Executable (PE) file and the other PowerShell. --------------------------------------------- https://unit42.paloaltonetworks.com/kimjongrat-stealer-variant-powershell/ ===================== = Vulnerabilities = ===================== ∗∗∗ Hard-Coded b Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. [..] This also means that the exploit chain only works if users have installed Sitecore using installers for versions ≥ 10.1. Users are likely not impacted if they were previously running a version prior to 10.1 and then upgraded to a newer vulnerable version, assuming the old database is being migrated, and not the database embedded within the installation package. WT-2025-0024 (CVE-2025-XXXXX), WT-2025-0032 (CVE-2025-XXXXX), WT-2025-0025 (CVE-2025-XXXXX) --------------------------------------------- https://thehackernews.com/2025/06/hard-coded-b-password-in-sitecore-xp.html ∗∗∗ Veeam: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2 ∗∗∗ --------------------------------------------- CVE-2025-23121: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. Severity: Critical --------------------------------------------- https://www.veeam.com/kb4743 ∗∗∗ ASUS Armoury Crate bug lets attackers get Windows admin privileges ∗∗∗ --------------------------------------------- Armoury Crate is the official system control software for Windows from ASUS, providing a centralized interface to control RGB lighting (Aura Sync), adjust fan curves, manage performance profiles and ASUS peripherals, as well as download drivers and firmware updates. [..] Cisco Talos validated that CVE-2025-3464 impacts Armoury Crate version 5.9.13.0, but ASUS' bulletin notes that the flaw impacts all versions between 5.9.9.0 and 6.1.18.0. [..] A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. The security issue is tracked as CVE-2025-3464 and received a severity score of 8.8 out of 10. --------------------------------------------- https://www.bleepingcomputer.com/news/security/asus-armoury-crate-bug-lets-… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, buildah, containernetworking-plugins, firefox, gstreamer1-plugins-bad-free, libsoup3, podman, skopeo, sqlite, thunderbird, unbound, valkey, varnish, and xz), Debian (webkit2gtk), Fedora (fido-device-onboard, python-django4.2, rust-git-interactive-rebase-tool, and thunderbird), Red Hat (libsoup), Slackware (libxml2), SUSE (java-11-openjdk, kernel, and wireshark), and Ubuntu (c3p0, dojo, python-django, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, and requests). --------------------------------------------- https://lwn.net/Articles/1025734/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.06.2025
by Daily end-of-shift report 16 Jun '25

16 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-06-2025 18:00 − Montag 16-06-2025 18:00 Handler: Felician Fuchs Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Washington Posts email system hacked, journalists accounts compromised ∗∗∗ --------------------------------------------- Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. --------------------------------------------- https://www.bleepingcomputer.com/news/security/washington-posts-email-syste… ∗∗∗ Kali Linux 2025.2 released with 13 new tools, car hacking updates ∗∗∗ --------------------------------------------- Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kali-linux-20252-released-wi… ∗∗∗ BKA schaltet Darknet-Marktplatz "Archetyp Market" ab ∗∗∗ --------------------------------------------- Das BKA hat den mutmaßlichen Betreiber des Online-Drogenmarktplatzes "Archetyp Market" am Mittwoch vergangener Woche in Barcelona festgenommen. --------------------------------------------- https://www.heise.de/news/BKA-schaltet-Darknet-Marktplatz-Archetyp-Market-a… ∗∗∗ Die Hersteller von Staatstrojanern sind Gegner – keine Verbündeten ∗∗∗ --------------------------------------------- Die Leiterin von Googles Threat-Intelligence-Abteilung macht klar, warum sie solche Firmen als Gegner betrachtet. Zudem erläutert sie im Gespräch die wachsende Relevanz von KI für Angreifer und die Gefahr aus Nordkorea. --------------------------------------------- https://www.derstandard.at/story/3000000273949/die-hersteller-von-staatstro… ∗∗∗ Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach ∗∗∗ --------------------------------------------- Hackers leak data of 10,000 VirtualMacOSX customers in alleged breach, exposing names, emails, passwords, and financial details on a hacking forum. --------------------------------------------- https://hackread.com/hackers-leak-virtualmacosx-customers-data-breach/ ===================== = Vulnerabilities = ===================== ∗∗∗ IBM AIX/VIOS und DataPower Gateway für Schadcode-Attacken anfällig ∗∗∗ --------------------------------------------- Wenn Angreifer erfolgreich an Sicherheitslücken in IBM AIX/VIOS und DataPower Gateway ansetzen, kann Schadcode auf Systeme gelangen und diese kompromittieren. Updates schließen die Schwachstellen. --------------------------------------------- https://www.heise.de/news/IBM-AIX-VIOS-und-DataPower-Gateway-fuer-Schadcode… ∗∗∗ Angreifer können Server über Schwachstelle in Dell iDRAC Tools attackieren ∗∗∗ --------------------------------------------- Angreifer können an einer Sicherheitslücke in Dell iDRAC Tools ansetzen, um Server zu attackieren. Mittlerweile haben die Entwickler die Schwachstelle geschlossen. --------------------------------------------- https://www.heise.de/news/Sicherheitsluecke-in-Dell-iDRAC-Tools-gefaehrdet-… ∗∗∗ Dell ControlVault: Angreifer können Systeme vollständig kompromittieren ∗∗∗ --------------------------------------------- In Dells ControlVault klaffen Sicherheitslücken in den Treibern und der Firmware, die Angreifern das Einschleusen und Ausführen von Schadcode und damit die Übernahme von Systemen ermöglichen. Dell bietet aktualisierte Software an, um die Sicherheitslecks zu schließen. --------------------------------------------- https://www.heise.de/news/Dell-ControlVault-Angreifer-koennen-Systeme-volls… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (.NET 8.0 and .NET 9.0), Arch Linux (curl, ghostscript, go, konsole, python-django, roundcubemail, and samba), Fedora (aerc, chromium, golang-x-perf, libkrun, python3.11, python3.12, rust-kbs-types, rust-sev, rust-sevctl, valkey, and wireshark), Gentoo (Konsole and sysstat), Oracle (.NET 9.0), Red Hat (bootc, grub2, keylime-agent-rust, python3.12-cryptography, rpm-ostree, rust-bootupd, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (apache2-mod_auth_openidc, docker, grub2, java-1_8_0-openj9, kernel, less, python-Django, screen, and sqlite3), and Ubuntu (cifs-utils and modsecurity-apache). --------------------------------------------- https://lwn.net/Articles/1025618/ ∗∗∗ Tenable: Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-11 ∗∗∗ Chromium: CVE-2025-5959 Type Confusion in V8 ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5959 ∗∗∗ Chromium: CVE-2025-5958 Use after free in Media ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5958 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2025
by Daily end-of-shift report 13 Jun '25

13 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-06-2025 18:00 − Freitag 13-06-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Trend Micro fixes critical vulnerabilities in multiple products ∗∗∗ --------------------------------------------- Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critic… ∗∗∗ Nach über 100 Jahren: Cyberangriff drängt deutsche Firma in die Insolvenz ∗∗∗ --------------------------------------------- Der in Euskirchen ansässige Serviettenhersteller Fasana hat nach einem Cyberangriff Zahlungsprobleme. Hacker haben den Betrieb vollständig lahmgelegt. --------------------------------------------- https://www.golem.de/news/nach-ueber-100-jahren-cyberangriff-draengt-deutsc… ∗∗∗ [Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware, (Fri, Jun 13th) ∗∗∗ --------------------------------------------- This is a Guest Diary by Michal Ambrozkiewicz, an ISC intern as part of the SANS.edu Bachelor .. --------------------------------------------- https://isc.sans.edu/diary/Guest+Diary+Anatomy+of+a+Linux+SSH+Honeypot+Atta… ∗∗∗ WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network ∗∗∗ --------------------------------------------- The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own .. --------------------------------------------- https://thehackernews.com/2025/06/wordpress-sites-turned-weapon-how.html ∗∗∗ "Anmeldung mit nicht erkanntem Gerät": Phishing-Attacke im Namen von PayPal ∗∗∗ --------------------------------------------- Ein angeblicher Login in ein bestehendes PayPal-Profil ruft die ebenso angebliche Sicherheitsabteilung des Unternehmens auf den Plan. Hinter den alarmierenden E-Mails und SMS-Nachrichten steckt aber nichts weiter als eine klassische Phishing-Masche. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-attacke-paypal/ ∗∗∗ Bert ransomware: what you need to know ∗∗∗ --------------------------------------------- Bert is a recently-discovered strain of ransomware that encrypts victims files and demands a payment for the decryption key. Read more in my article on the Fortra blog. --------------------------------------------- https://www.fortra.com/blog/bert-ransomware-what-you-need-know ∗∗∗ Serverless Tokens in the Cloud: Exploitation and Detections ∗∗∗ --------------------------------------------- Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers. --------------------------------------------- https://unit42.paloaltonetworks.com/serverless-authentication-cloud/ ∗∗∗ Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors .. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a ∗∗∗ E-Mail-Sicherheit: Verstärkte Angriffe mit SVG ∗∗∗ --------------------------------------------- Immer mehr Phishing-Kampagnen nutzen das wenig bekannte Vektorgrafik-Format SVG. Das kann nämlich Skripte enthalten, die dann beim Öffnen ausgeführt werden. --------------------------------------------- https://heise.de/-10444330 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, glibc, kernel, and mod_security), Fedora (chromium, gh, mingw-icu, nginx-mod-modsecurity, python3.10, python3.9, thunderbird, valkey, and yarnpkg), Oracle (.NET 8.0, .NET 9.0, glibc, grafana-pcp, kernel, libxml2, mod_security, nodejs:20, and thunderbird), SUSE (audiofile, helm, kubernetes-old, kubernetes1.23, kubernetes1.24, libcryptopp, postgresql15, thunderbird, and valkey), and Ubuntu (linux-nvidia-tegra-igx). --------------------------------------------- https://lwn.net/Articles/1025354/ ∗∗∗ CISA Releases Ten Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released ten Industrial Control Systems (ICS) advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-162-01 Siemens Tecnomatix Plant SimulationICSA-25-162-02 Siemens RUGGEDCOM APE1808ICSA-25-162-03 Siemens SCALANCE and RUGGEDCOMICSA-25-162-04 .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-ten-indust… ∗∗∗ [R1] Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2025
by Daily end-of-shift report 12 Jun '25

12 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-06-2025 18:00 − Donnerstag 12-06-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CRA Vulnerability Reports: why would we not share them with other CSIRTs? ∗∗∗ --------------------------------------------- The Cyber Resilience Act (Regulation (EU) 2024/2847) defines security requirements for products with digital elements and requires vendors to report to national CSIRTs if a vulnerability in one of their products is actively exploited. --------------------------------------------- https://www.cert.at/en/blog/2025/6/cra-vulnerability-reports-why-would-we-n… ∗∗∗ Fog ransomware attack uses unusual mix of legitimate and open-source tools ∗∗∗ --------------------------------------------- Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fog-ransomware-attack-uses-u… ∗∗∗ Password-spraying attacks target 80,000 Microsoft Entra ID accounts ∗∗∗ --------------------------------------------- Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/password-spraying-attacks-ta… ∗∗∗ Google Bug Allowed Brute-Forcing of Any User Phone Number ∗∗∗ --------------------------------------------- Google has fixed a security vulnerability in its page for recovering account details that allowed anyone to access the page and brute-force the private phone number of any user. The flaw posed a significant risk to Google users by exposing them to risk of phishing and other attacks. --------------------------------------------- https://www.darkreading.com/vulnerabilities-threats/google-bug-brute-forcin… ∗∗∗ Air-Gapped-Systeme: Malware leitet Daten über hochfrequenten Schall aus ∗∗∗ --------------------------------------------- Der bekannte Sicherheitsforscher Mordechai Guri hat eine neue Angriffstechnik vorgestellt, mit der sich Daten von Air-Gapped-Systemen ohne eigene Netzwerkanbindung über eine Smartwatch exfiltrieren lassen. Der Smartattack genannte Angriff basiert auf einer Datenübertragung mittels Schallwellen in einem derart hohen Frequenzbereich, dass sie für Menschen je nach Hörvermögen kaum bis gar nicht wahrnehmbar sind. --------------------------------------------- https://www.golem.de/news/air-gapped-systeme-malware-leitet-daten-ueber-hoc… ∗∗∗ Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks ∗∗∗ --------------------------------------------- Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. --------------------------------------------- https://thehackernews.com/2025/06/former-black-basta-members-use.html ∗∗∗ Kritische Sicherheitslücke in Microsoft 365 Copilot zeigt Risiko von KI-Agenten ∗∗∗ --------------------------------------------- Der KI-Agent von M365 konnte per E-Mail und ohne Mausklick zur Freigabe sensibler Informationen verführt werden. Microsoft hat die Lücke jetzt geschlossen. --------------------------------------------- https://www.heise.de/news/Kritische-Sicherheitsluecke-in-Microsoft-365-Copi… ∗∗∗ Markenfälschungen im Netz: Eine wachsende Gefahr für den österreichischen Onlinehandel ∗∗∗ --------------------------------------------- Kaum eine Marke ist im Internet noch vor Fälschungen sicher: Kriminelle verwenden gestohlene Logos und Produktbilder beliebter Händler, um täuschend echte Fake-Shops zu erstellen. Neben bekannten Marken sind auch kleine und mittlere Unternehmen (KMU) zunehmend betroffen. Im Rahmen einer Studie des Österreichischen Instituts für angewandte Telekommunikation (ÖIAT) wurde das Ausmaß der Markenfälschungen im Internet untersucht und konkrete Handlungsempfehlungen fürs KMU erarbeitet. --------------------------------------------- https://www.watchlist-internet.at/news/markenfaelschungen-im-netz-eine-wach… ∗∗∗ JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique ∗∗∗ --------------------------------------------- We recently discovered a large-scale campaign that has been compromising legitimate websites with injected, obfuscated JavaScript code. Threat actors commonly use this type of campaign to invisibly redirect victims from legitimate websites to malicious pages that serve malware, exploits and spam. --------------------------------------------- https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-… ∗∗∗ Fortinet: Angreifer können VPN-Verbindungen umleiten ∗∗∗ --------------------------------------------- Mehrere Produkte von Fortinet sind verwundbar. Angreifer können an Sicherheitslücken in FortiADC, FortiAnalyzer, FortiClientEMS, FortiClientWindows, FortiManager, FortiManager Cloud, FortiOS, FortiPAM, FortiProxy, FortiSASE und FortiWeb ansetzen. Im schlimmsten Fall kann es zur Ausführung von Schadcode kommen. --------------------------------------------- https://heise.de/-10441108 ===================== = Vulnerabilities = ===================== ∗∗∗ Phishing-Angriffe mit manipulierten SVG-Dateien - Vorsicht geboten ∗∗∗ --------------------------------------------- CERT.at warnt vor stark zunehmenden Phishing-Kampagnen, bei denen manipulierte SVG-Dateien (Scalable Vector Graphics) als E-Mail-Anhänge verwendet werden. Diese Angriffsmethode wird seit mehreren Monaten verstärkt beobachtet und stellt eine ernsthafte Bedrohung dar, da SVG-Dateien von vielen Sicherheitslösungen nicht ausreichend geprüft werden. --------------------------------------------- https://www.cert.at/de/warnungen/2025/6/phishing-angriffe-mit-manipulierten… ∗∗∗ GitLab patches high severity account takeover, missing auth issues ∗∗∗ --------------------------------------------- GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. The company released GitLab Community and Enterprise versions 18.0.2, 17.11.4, and 17.10.8 to address these security flaws and urged all admins to upgrade immediately. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity… ∗∗∗ Thunderbird: HTML-Mails können Zugangsdaten verraten, Update verfügbar ∗∗∗ --------------------------------------------- Mozilla hat Updates für Thunderbird veröffentlicht. Sie stopfen ein Sicherheitsleck bei der Anzeige von HTML-E-Mails. --------------------------------------------- https://www.heise.de/news/Thunderbird-HTML-Mails-koennen-Zugangsdaten-verra… ∗∗∗ Palo Alto stopft hochriskante Lücken in PAN-OS und GlobalProtect ∗∗∗ --------------------------------------------- Palo Alto Networks hat Sicherheitsmitteilungen zu Schwachstellen in mehreren Produkten wie dem PAN-OS-Betriebssystem oder der GlobalProtect-App herausgegeben. Angreifer können die Sicherheitslücken missbrauchen, um Befehle einzuschleusen und mit erhöhten Rechten auszuführen, Schadcode einzuschleusen und auszuführen oder unbefugt Traffic einzusehen. --------------------------------------------- https://www.heise.de/news/Palo-Alto-stopft-hochriskante-Luecken-in-PAN-OS-u… ∗∗∗ Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) ∗∗∗ --------------------------------------------- ONLYOFFICE Docs was affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which were reflected in the server's HTML response. --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel), Debian (chromium, gst-plugins-bad1.0, node-tar-fs, and ublock-origin), Gentoo (Emacs, File-Find-Rule, GStreamer, GStreamer Plugins, GTK+ 3, LibreOffice, Node.js, OpenImageIO, Python, PyPy, Qt, X.Org X server, XWayland, and YAML-LibYAML), Mageia (mariadb and roundcubemail), Red Hat (go-toolset:rhel8, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, libxml2, libxslt, mod_security, nodejs:20, and perl-FCGI:0.78), Slackware (mozilla), SUSE (docker, docker-compose, iputils, kernel, libsoup, open-vm-tools, rabbitmq-server, rabbitmq-server313, wget, and yelp), and Ubuntu (libsoup2.4 and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/1025208/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2025
by Daily end-of-shift report 11 Jun '25

11 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-06-2025 18:00 − Mittwoch 11-06-2025 18:00 Handler: Alexander Riepl Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Microsoft Outlook to block more risky attachments used in attacks ∗∗∗ --------------------------------------------- Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-outlook-to-block-m… ∗∗∗ ConnectWise rotating code signing certificates over security concerns ∗∗∗ --------------------------------------------- ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. --------------------------------------------- https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-si… ∗∗∗ Zehntausende Überwachungskameras streamen ungeschützt ins Netz ∗∗∗ --------------------------------------------- Überwachungskameras sind überall – in U-Bahnen, an Türklingeln und in Fahrstühlen. Oft bemerkt man sie gar nicht, weil es mittlerweile so kleine und unscheinbare Modelle gibt. Amerikanische Sicherheitsforscher warnen nun aber davor, wie einfach es für Dritte ist, sich Zugriff auf die Feeds solcher Überwachungskameras zu verschaffen. Bei einem Test konnten die Experten von Bitsight Live-Feeds von insgesamt 40.000 Kameras abrufen, die mit dem Internet verbunden waren. --------------------------------------------- https://futurezone.at/digital-life/zehntausende-ueberwachungskameras-stream… ∗∗∗ Quasar RAT Delivered Through Bat Files, (Wed, Jun 11th) ∗∗∗ --------------------------------------------- RAT's are popular malware. They are many of them in the wild, Quasar[1] being one of them. The malware has been active for a long time and new campaigns come regularly back on stage. I spotted an interesting .bat file (Windows script) that attracted my attention because it is very well obfuscated. --------------------------------------------- https://isc.sans.edu/diary/rss/32036 ∗∗∗ Trump Quietly Throws Out Bidens Cyber Policies ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from Axios: President Trump quietly took a red pen to much of the Biden administrations cyber legacy in a little-noticed move late Friday. Under an executive order signed just before the weekend, Trump is tossing out some of the major touchstones of Bidens cyber policy legacy - while keeping a few others. The order preserves efforts around post-quantum cryptography, advanced encryption standards, and border gateway protocol security, along with the Cyber --------------------------------------------- https://it.slashdot.org/story/25/06/10/2044217/trump-quietly-throws-out-bid… ∗∗∗ Ungeklärte Phishing-Vorfälle rund um Booking.com ∗∗∗ --------------------------------------------- Hotels in Südtirol haben vermehrt mit kompromittierten Extranet-Zugängen von Booking.com zu tun, über die sie mit Gästen kommunizieren. Noch ist unklar, warum. --------------------------------------------- https://www.heise.de/news/Ungeklaerte-Phishing-Vorfaelle-rund-um-Booking-co… ∗∗∗ UEFI-BIOS-Lücken: SecureBoot-Umgehung und Firmware-Austausch möglich ∗∗∗ --------------------------------------------- Zwei unterschiedliche Sicherheitslücken in diversen UEFI-BIOS-Versionen mehrerer Anbieter ermöglichen die Umgehung des SecureBoot-Mechanismus. In UEFI-BIOSen von Insyde können Angreifer sogar die Firmware austauschen. Verwundbare Systeme lassen sich damit vollständig kompromittieren. Proof-of-Concept-Code dafür ist öffentlich verfügbar. Systemhersteller arbeiten an BIOS-Updates zum Schließen der Lücken. --------------------------------------------- https://www.heise.de/news/UEFI-BIOS-Luecken-SecureBoot-Umgehung-und-Firmwar… ∗∗∗ Reflective Kerberos Relay Attack Against Domain-Joined Windows Clients and Servers ∗∗∗ --------------------------------------------- RedTeam Pentesting has developed the Reflective Kerberos Relay Attack which remotely allows low-privileged Active Directory domain users to obtain NT AUTHORITY\SYSTEM privileges on domain-joined Windows computers. This vulnerability affects all domain-joined Windows hosts that do not require SMB signing of incoming connections. In their default configurations, this includes all Windows 10 and 11 versions up to 23H2 and all Windows Server versions including 2025 24H2 and excluding domain controllers. --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-002/ ∗∗∗ Inside Stealth Falcon’s Espionage Campaign Using a Microsoft Zero-Day ∗∗∗ --------------------------------------------- Inside Stealth Falcon’s Espionage Campaign Using a Microsoft Zero-Day --------------------------------------------- https://blog.checkpoint.com/research/inside-stealth-falcons-espionage-campa… ∗∗∗ UK cyber agency pushes for strategic policy agenda as government efforts stall ∗∗∗ --------------------------------------------- Following years-long delays in the United Kingdom bringing forward new cybersecurity legislation, what seems to be an increasingly exasperated National Cyber Security Centre (NCSC) called on Monday for the country to adopt a strategic policy agenda to tackle the growing risks. --------------------------------------------- https://therecord.media/ncsc-pushes-uk-government-create-strategic-cyber-po… ∗∗∗ Operation Secure: INTERPOL Disrupts 20,000 Infostealer Domains, 32 Arrested ∗∗∗ --------------------------------------------- An international cybercrime operation coordinated by INTERPOL has led to the takedown of more than 20,000 malicious IPs and domains used to deploy infostealer malware across the Asia-Pacific region. --------------------------------------------- https://hackread.com/operation-secure-interpol-disrupts-infostealer-domains/ ∗∗∗ Hydroph0bia (CVE-2025-4275) - a trivial SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O, part 1 ∗∗∗ --------------------------------------------- This post will be about a vulnerability I dubbed Hydroph0bia (as a pun on Insyde H2O) aka CVE-2025-4275 or INSYDE-SA-2025002. --------------------------------------------- https://coderush.me/hydroph0bia-part1/ ∗∗∗ NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073 ∗∗∗ --------------------------------------------- For nearly two decades, Windows has been plagued with NTLM reflection vulnerabilities. In this article, we present CVE-2025-33073, a logical vulnerability which bypasses NTLM reflection mitigations and allows an authenticated remote attacker to execute arbitrary commands as SYSTEM on any machine which does not enforce SMB signing. The vulnerability discovery, the complete analysis of the root cause as well as the patch by Microsoft will be detailed in this blogpost. --------------------------------------------- https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live… ∗∗∗ Infuencing LLM Output using logprobs and Token Distribution ∗∗∗ --------------------------------------------- What if you could influence an LLM's output not by breaking its rules, but by bending its probabilities? In this deep-dive, we explore how small changes in user input (down to a single token) can shift the balance between “true” and “false”, triggering radically different completions. --------------------------------------------- https://blog.sicuranext.com/infuencing-llm-output-using-logprobs-and-token-… ∗∗∗ Software Supply Chain Attacks Have Surged in Recent Months ∗∗∗ --------------------------------------------- IT and software supply chain attacks have surged in recent months, as threat actors have gotten better at exploiting supply chain vulnerabilities, Cyble threat intelligence researchers reported this week. In a June 9 blog post, Cyble researchers said software supply chain attacks have grown from just under 13 a month during February-September 2024 to just over 16 a month from October 2024 to May 2025, an increase of 25%. However, the last two months have seen an average of nearly 25 cyberattacks with supply chain impact, a near-doubling of supply chain attacks from the year-ago period. --------------------------------------------- https://thecyberexpress.com/software-supply-chain-attacks-have-surged/ ∗∗∗ Undocumented Root Shell Access bei SIMCom Modem ∗∗∗ --------------------------------------------- Das SIMCom SIM7600G Modem unterstützt einen undokumentierten AT Befehl, welcher es einem lokalen/physischen Angreifer ermöglicht, Systembefehle mit root-Berechtigungen auf dem Modem auszuführen. Der Stand der Entfernung des Backdoor-Kommandos ist unklar, da sich der Hersteller nach zahlreichen Kontaktversuchen nicht mehr gemeldet hat. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/undocumented-root-she… ===================== = Vulnerabilities = ===================== ∗∗∗ New Secure Boot flaw lets attackers install bootkit malware, patch now ∗∗∗ --------------------------------------------- Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-at… ∗∗∗ Patch Tuesday, June 2025 Edition ∗∗∗ --------------------------------------------- Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public. --------------------------------------------- https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/ ∗∗∗ Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities ∗∗∗ --------------------------------------------- Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” --------------------------------------------- https://blog.talosintelligence.com/microsoft-patch-tuesday-june-2025/ ∗∗∗ Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw ∗∗∗ --------------------------------------------- Cybersecurity experts at Akamai have uncovered a new threat: two separate botnets are actively exploiting a critical flaw in Wazuh security software, open source XDR and SIEM solution, to spread the Mirai malware. This vulnerability, tracked as CVE-2025-24016, affects Wazuh versions 4.4.0 through 4.9.0 and has since been fixed in version 4.9.1. It lets attackers run their own code on a target server by sending a specially crafted request through Wazuh’s API, hence, allowing attackers to take control of affected servers remotely. --------------------------------------------- https://hackread.com/two-mirai-botnets-lzrd-resgod-exploiting-wazuh-flaw/ ∗∗∗ TBK DVRs Botnet Attack ∗∗∗ --------------------------------------------- Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are being conscripted into a botnet capable of conducting DDoS attacks. If successfully exploited, there is a potential for significant disruption from DDoS attacks, lateral movement, or further malware delivery. --------------------------------------------- https://fortiguard.fortinet.com/threat-signal-report/6127 ∗∗∗ Patchday: Schadcode-Lücken in Adobe Acrobat, InDesign & Co. geschlossen ∗∗∗ --------------------------------------------- Angreifer können an Sicherheitslücken (CVE-2025-43573 / EUVD-2025-17828) in Adobe Acrobat, Commerce, Experince Manager, InCopy, InDesign, Substance 3D Painter und Substance 3D Sampler ansetzen. Im Rahmen des Juni-Patchdays stellt Adobe Updates zum Download bereit. --------------------------------------------- https://heise.de/-10439601 ∗∗∗ The June 2025 Security Update Review ∗∗∗ --------------------------------------------- https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review ∗∗∗ Security Vulnerabilities fixed in Thunderbird 139.0.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-50/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 128.11.1 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.06.2025
by Daily end-of-shift report 10 Jun '25

10 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-06-2025 18:00 − Dienstag 10-06-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Over 84,000 Roundcube instances vulnerable to actively exploited flaw ∗∗∗ --------------------------------------------- Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-84-000-roundcube-instan… ∗∗∗ FIN6 hackers pose as job seekers to backdoor recruiters’ devices ∗∗∗ --------------------------------------------- In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-see… ∗∗∗ Windows: Designproblem erlaubt Aushebeln von Gruppenrichtlinien ∗∗∗ --------------------------------------------- In Windows schlummert ein Designproblem, das es normalen Nutzern und Malware erlaubt, von Admins gesetzte Gruppenrichtlinien außer Kraft zu setzen. Ein Bericht von .. --------------------------------------------- https://www.golem.de/news/windows-designproblem-erlaubt-aushebeln-von-grupp… ∗∗∗ Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs ∗∗∗ --------------------------------------------- SentinelOne discovered the campaign when they tried to hit the security vendors own servers An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks should a conflict break out. --------------------------------------------- https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelon… ∗∗∗ DanaBleed: DanaBot C2 Server Memory Leak Bug ∗∗∗ --------------------------------------------- DanaBot is a Malware-as-a-Service (MaaS) platform that has been active since 2018. DanaBot operates on an affiliate model, where the malware developer sells access to customers who then distribute and use the malware for activities like credential theft and banking fraud. The developer is responsible for creating the malware, maintaining the .. --------------------------------------------- https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server… ∗∗∗ Microsoft: Abhilfe für Sicherheitslücke durch gelöschte "inetpub"-Ordner ∗∗∗ --------------------------------------------- Windows-Update hat einen "inetpub"-Ordner angelegt. Wird er gelöscht, blockiert das womöglich weitere Updates. Ein Script hilft. --------------------------------------------- https://www.heise.de/news/Microsoft-Abhilfe-fuer-Sicherheitsluecke-durch-ge… ∗∗∗ SAP-Patchday: Erneut kritische Sicherheitslücke in Netweaver ∗∗∗ --------------------------------------------- SAP kümmert sich am Juni-Patchday in 14 neuen Sicherheitsnotizen um teils kritische Sicherheitslücken in den Produkten aus Walldorf. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-Erneut-kritische-Sicherheitsluecke-i… ∗∗∗ Malvertising: Suche nach Standardbefehlen für Macs liefert Infostealer ∗∗∗ --------------------------------------------- Perfide Masche: Bei der Suche nach Standardbefehlen für macOS erscheinen Seiten, die Befehle zur Malware-Installation anzeigen. --------------------------------------------- https://www.heise.de/news/Malvertising-Suche-nach-Standardbefehlen-fuer-Mac… ∗∗∗ Phishing-Alarm: Ex-Mitarbeiterin verschenkt keine Rabattcodes! ∗∗∗ --------------------------------------------- Videos und Postings auf Social-Media-Plattformen erwecken den Anschein, als würde eine gekündigte Angestellte eines großen Einzelhandelsunternehmens Rabattcodes verschenken. Als Rache am Ex-Arbeitgeber. Tatsächlich versteckt sich dahinter nichts anderes als eine simple Phishing-Falle. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-alarm-rabattcodes/ ∗∗∗ Falsche E-Mails im Namen der WKO im Umlauf! ∗∗∗ --------------------------------------------- Derzeit sind betrügerische E-Mails im Umlauf, die vorgeben, von der Wirtschaftskammer Österreich (WKO) zu stammen. In diesen gefälschten Nachrichten werden Unternehmer:innen zur Zahlung der Kammerumlage 2025 aufgefordert und gleichzeitig dazu verleitet, ihre WKO-Zugangsdaten preiszugeben. --------------------------------------------- https://www.watchlist-internet.at/news/falsche-e-mails-im-namen-der-wko-im-… ∗∗∗ The Evolution of Linux Binaries in Targeted Cloud Operations ∗∗∗ --------------------------------------------- Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files. --------------------------------------------- https://unit42.paloaltonetworks.com/elf-based-malware-targets-cloud/ ∗∗∗ New hacker group uses LockBit ransomware variant to target Russian companies ∗∗∗ --------------------------------------------- In its latest campaign this spring, DarkGaboon was observed deploying LockBit 3.0 ransomware against victims in Russia, Positive Technologies said in a report last week. --------------------------------------------- https://therecord.media/new-hacker-group-lockbit-target-russia ∗∗∗ Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone ∗∗∗ --------------------------------------------- Israel-based spyware maker Paragon and Italys government had a falling out over the companys offer to help investigate what happened on journalist Francesco Cancellatos phone. --------------------------------------------- https://therecord.media/paragon-spyware-maker-cuts-ties-italy-government ∗∗∗ Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats ∗∗∗ --------------------------------------------- GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. --------------------------------------------- https://www.greynoise.io/blog/coordinated-brute-force-activity-targeting-ap… ∗∗∗ Bitsight Identifies Thousands of Security Cameras Openly Accessible on the Internet ∗∗∗ --------------------------------------------- In our latest research at Bitsight TRACE, we found over 40,000 exposed cameras streaming live on the internet. No passwords. No protections. Just out there. We first raised the alarm in 2023, and based on this latest study, the situation hasn’t gotten any better. --------------------------------------------- https://www.bitsight.com/blog/bitsight-identifies-thousands-of-compromised-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (golang, nodejs22, thunderbird, and varnish), Debian (gimp, modsecurity-apache, python-tornado, and roundcube), Fedora (chromium, coreutils, fcgi, ghostscript, krb5, libvpx, mingw-gstreamer1-plugins-bad-free, mingw-libsoup, mod_security, and samba), Mageia (php-adodb, systemd, and tomcat), Red Hat (buildah, firefox, glibc, grafana, kernel, libsoup, libxslt, mod_security, perl-FCGI, podman, python-tornado, and skopeo), Slackware (libvpx), and SUSE .. --------------------------------------------- https://lwn.net/Articles/1024625/ ∗∗∗ Security Vulnerabilities fixed in Firefox 139.0.4 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/ ∗∗∗ June Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/june-security-update -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.06.2025
by Daily end-of-shift report 06 Jun '25

06 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-06-2025 18:00 − Freitag 06-06-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Hacker selling critical Roundcube webmail exploit as tech info disclosed ∗∗∗ --------------------------------------------- Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roun… ∗∗∗ FBI: BADBOX 2.0 Android malware infects millions of consumer devices ∗∗∗ --------------------------------------------- The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-badbox-20-android-malwar… ∗∗∗ Critical Fortinet flaws now exploited in Qilin ransomware attacks ∗∗∗ --------------------------------------------- The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-… ∗∗∗ Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 ∗∗∗ --------------------------------------------- Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721. --------------------------------------------- https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-20… ∗∗∗ Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks."Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantecs Security Technology and .. --------------------------------------------- https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.h… ∗∗∗ AT&T not sure if new customer data dump is déjà vu ∗∗∗ --------------------------------------------- Re-selling info from an earlier breach? Probably. But which one? AT&T is investigating claims that millions of its customers data are listed for sale on a cybercrime forum in what appears to be a re-release from an earlier hack. --------------------------------------------- https://www.theregister.com/2025/06/05/att_investigates_data_dump/ ∗∗∗ Turning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs ∗∗∗ --------------------------------------------- In October 2024, Censys researchers discovered nearly 400 web-based HMIs for U.S. water facilities exposed online. These were identified via TLS certificate analysis and confirmed through screenshot .. --------------------------------------------- https://censys.com/blog/turning-off-the-information-flow-working-with-the-e… ∗∗∗ Blitz Malware: A Tale of Game Cheats and Code Repositories ∗∗∗ --------------------------------------------- Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2. --------------------------------------------- https://unit42.paloaltonetworks.com/blitz-malware-2025/ ∗∗∗ DDoS-Angriffe auf österreichische Unternehmen und Organisationen ∗∗∗ --------------------------------------------- Uns erreichen aktuell vermehrt Berichte von österreichischen Unternehmen und Organisationen über DDoS-Angriffe gegen ihre Systeme und Netzwerke. Betroffen sind Ziele in den verschiedensten Bereichen und Sektoren, ein besonderer Schwerpunkt der Kriminellen lässt sich bisher nicht festmachen. Bei manchen Angriffen liegen deutliche Hinweise .. --------------------------------------------- https://www.cert.at/de/aktuelles/2025/6/ddos-angriffe-auf-osterreichische-u… ∗∗∗ Nigeria jails 9 Chinese nationals for being part of international cyberfraud syndicate ∗∗∗ --------------------------------------------- The group was arrested in December as part of a raid that included 599 Nigerians and 193 other foreign nationals, many of them Chinese, on suspicion of being involved in a range of online crimes. --------------------------------------------- https://therecord.media/nigeria-jails-9-chinese-nationals-cyber-fraud ∗∗∗ Unsecured Database Exposes Data of 3.6 Million Passion.io Creators ∗∗∗ --------------------------------------------- A massive data leak has put the personal information of over 3.6 million app creators, influencers, and .. --------------------------------------------- https://hackread.com/unsecured-database-exposes-passion-io-creators-data/ ∗∗∗ NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU ∗∗∗ --------------------------------------------- iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU .. --------------------------------------------- https://hackread.com/nickname-zero-click-imessage-exploit-figures-us-eu/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (go-toolset:rhel8, golang, nodejs:20, nodejs:22, openssh, and python36:3.6), Debian (edk2, libfile-find-rule-perl, and webkit2gtk), Fedora (emacs, libvpx, perl-FCGI, and seamonkey), Mageia (cifs-utils), Red Hat (containernetworking-plugins, go-toolset:rhel8, golang, gvisor-tap-vsock, krb5, mod_auth_openidc:2.3, protobuf, and thunderbird), Slackware (seamonkey), SUSE (gimp, gnutls, haproxy, opensaml, openssh, openvpn, python-cryptography, .. --------------------------------------------- https://lwn.net/Articles/1024317/ ∗∗∗ CISA Releases Seven Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-155-01 CyberData 011209 SIP Emergency IntercomICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product ICSA-21-049-02 Mitsubishi Electric FA .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-releases-seven-indu… ∗∗∗ ZDI-25-325: Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-325/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2025
by Daily end-of-shift report 05 Jun '25

05 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-06-2025 18:00 − Donnerstag 05-06-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ BidenCash carding market domains seized in international operation ∗∗∗ --------------------------------------------- Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bidencash-carding-market-dom… ∗∗∗ Cisco warns of ISE and CCP flaws with public exploit code ∗∗∗ --------------------------------------------- Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-f… ∗∗∗ Researchers Bypass Deepfake Detection With Replay Attacks ∗∗∗ --------------------------------------------- An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate. --------------------------------------------- https://www.darkreading.com/cybersecurity-analytics/researchers-bypass-deep… ∗∗∗ Für Datenklau: Hacker kapern reihenweise Salesforce-Zugänge ∗∗∗ --------------------------------------------- Sicherheitsforscher der Google Threat Intelligence Group (GTIG) warnen vor laufenden Vishing-Angriffen (Voice Phishing), die darauf abzielen, Zugang zu Salesforce-Instanzen zu erlangen und daraus massenhaft vertrauliche Unternehmensdaten abzugreifen. --------------------------------------------- https://www.golem.de/news/fuer-datenklau-hacker-kapern-reihenweise-salesfor… ∗∗∗ Be Careful With Fake Zoom Client Downloads ∗∗∗ --------------------------------------------- Collaborative tools are really popular these days. Since the COVID-19 pandemic, many people switched to remote work positions and we need to collaborate with our colleagues or customers every day. Tools like Microsoft Teams, Zoom, WebEx, (name your best solution), became popular and must be regularly updated. Yesterday, I received an interesting email with a fake Zoom meeting invitation. --------------------------------------------- https://isc.sans.edu/diary/rss/32014 ∗∗∗ AI kept 15-year-old zombie vuln alive, but its time is drawing near ∗∗∗ --------------------------------------------- Despite multiple developer warnings about the 2010 GitHub Gist containing the path traversal vulnerability in 2012, 2014, and 2018, the flaw appeared in MDN Web Docs documentation and a Stack Overflow snippet. From there, it took up residence in large language models (LLMs) trained on the flawed examples. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/06/05/llm_kept_per… ∗∗∗ Musikhaus Thomann: Kriminelle locken in Fake-Shops ∗∗∗ --------------------------------------------- Der Erfolg des Musik-Versandhändlers ruft zunehmend Betrüger:innen auf den Plan. Diese bauen den Original-Onlineshop detailgetreu nach und bieten Produkte zu unrealistischen Schleuderpreisen. Wer dort bestellt, bekommt allerdings nichts, sondern verliert Geld. Wir verraten, wie Sie die Fakes am einfachsten erkennen. --------------------------------------------- https://www.watchlist-internet.at/news/musikhaus-thomann-fake-shops/ ∗∗∗ Newly identified wiper malware "PathWiper" targets critical infrastructure in Ukraine ∗∗∗ --------------------------------------------- Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling "PathWiper". --------------------------------------------- https://blog.talosintelligence.com/pathwiper-targets-ukraine/ ∗∗∗ Updated Guidance on Play Ransomware ∗∗∗ --------------------------------------------- CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection. Since June 2022, Playcrypt has targeted diverse businesses and critical infrastructure across North America, South America, and Europe, becoming one of the most active ransomware groups in 2024. The FBI has identified approximately 900 entities allegedly exploited by these ransomware actors as of May 2025. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ra… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Integrated Management Controller Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Sicherheitsupdates: Dell repariert PowerScale OneFS und Bluetooth-Treiber ∗∗∗ --------------------------------------------- Angreifer können an einer Schwachstelle in Dells NAS-Betriebssystem PowerScale OneFS ansetzen und Dateien löschen. Außerdem macht eine Lücke im Bluetooth-Treiber unzählige Dell-PCs angreifbar. Sicherheitsupdates stehen zum Download. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Dell-repariert-PowerScale-OneF… ∗∗∗ VMware NSX: Hochriskante Sicherheitslücke gestopft ∗∗∗ --------------------------------------------- Broadcom warnt vor teils hochriskanten Sicherheitslücken in der Netzwerkvirtualisierungs- und Sicherheitsplattform VMware NSX. Angreifer können unter anderem Schadcode einschleusen und ausführen. IT-Verantwortliche sollten zügig auf die fehlerbereinigten Versionen aktualisieren. --------------------------------------------- https://www.heise.de/news/VMware-NSX-Hochriskante-Sicherheitsluecke-gestopf… ∗∗∗ Acronis Cyber Protect: Mehrere teils kritische Sicherheitslücken ∗∗∗ --------------------------------------------- In der umfangreichen Virenschutz- und Backup-Software Acronis Cyber Protect hat der Hersteller mehrere, teils höchst kritische Sicherheitslücken entdeckt. Diese stopfen die Entwickler mit aktualisierter Software. --------------------------------------------- https://www.heise.de/news/Acronis-Cyber-Protect-Mehrere-teils-kritische-Sic… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and mariadb-10.5), Oracle (firefox, ghostscript, git, go-toolset:ol8, golang, kernel, krb5, mingw-freetype and spice-client-win, nodejs:20, nodejs:22, perl-CPAN, python36:3.6, rsync, varnish, and varnish:6), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (curl and python3), SUSE (apache-commons-beanutils, apache2-mod_security2, avahi, buildkit, ca-certificates-mozilla, cloud-regionsrv-client, cloud-regionsrv-client, python-toml, containerd, containerized-data-importer, cups, curl, dnsmasq, docker, elemental-operator, elemental-toolkit, expat, firefox, freetype2, gdk-pixbuf, git, glib2, glibc, gnuplot, gnutls, gpg2, gstreamer, gstreamer-plugins-base, gtk3, haproxy, helm, java-17-openjdk, java-1_8_0-openjdk, keepalived, kernel, kernel-firmware, krb5, kubevirt, less, libarchive, libcryptopp, libdb-4_8, libndp, libpcap, libsoup, libtasn1, libvirt, libX11, libxml2, libxslt, Mesa, mozilla-nss, nghttp2, nvidia-open-driver-G06-signed, opensc, openssh, openssl-3, openssl-3, libpulp, ulp-macros, orc, pam, pam_pkcs11, pam_u2f, patch, pcp, pcr-oracle, shim, perl-Crypt-OpenSSL-RSA, podman, postgresql16, procps, protobuf, python-dnspython, python-Jinja2, python-requests, python-setuptools, python-tornado6, python-urllib3, python311, python311, python-rpm-macros, qemu, rsync, runc, rust-keylime, selinux-policy, sevctl, skopeo, sssd, SUSE Manager Client Tools, systemd, thunderbird, tiff, tpm2.0-tools, tpm2-0-tss, u-boot, ucode-intel, unbound, util-linux, vim, wget, and wpa_supplicant), and Ubuntu (linux-nvidia, python-django, twitter-bootstrap3, twitter-bootstrap4, and wireshark). --------------------------------------------- https://lwn.net/Articles/1024158/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2025
by Daily end-of-shift report 04 Jun '25

04 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-06-2025 18:00 − Mittwoch 04-06-2025 18:00 Handler: Felician Fuchs Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Coinbase breach tied to bribed TaskUs support agents in India ∗∗∗ --------------------------------------------- A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-brib… ∗∗∗ Umgehung des Sandboxings: Meta und Yandex de-anonymisieren Android-Nutzer ∗∗∗ --------------------------------------------- Sicherheitsforscher decken eine Methode auf, mit der Meta und Yandex flüchtige Web-Identifikatoren in dauerhafte Nutzeridentitäten umgewandelt haben. --------------------------------------------- https://www.golem.de/news/umgehung-des-sandboxings-meta-und-yandex-de-anony… ∗∗∗ The strange tale of ischhfd83: When cybercriminals eat their own ∗∗∗ --------------------------------------------- This investigation is a good example of how threats can be much more complex than they first appear. From an initial customer query about a new RAT, we uncovered a significant amount of backdoored GitHub repositories, containing multiple kinds of backdoors. --------------------------------------------- https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when… ∗∗∗ Acreed infostealer poised to replace Lumma after global crackdown ∗∗∗ --------------------------------------------- The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said. --------------------------------------------- https://therecord.media/acreed-infostealer-arises-after-lumma-takedown ∗∗∗ Angriffe laufen: Connectwise, Craft CMS und Asus-Router im Visier ∗∗∗ --------------------------------------------- Die CISA warnt vor Angriffen auf Sicherheitslecks in Connectwise ScreenConnect, Craft CMS und Asus-Router. Updates stehen bereit. --------------------------------------------- https://heise.de/-10424978 ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday Android: Angreifer können sich höhere Rechte verschaffen ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates schließen mehrere Lücken in Android 13, 14 und 15. Angreifer attackieren Geräte mit Qualcomm-Prozessor. --------------------------------------------- https://www.heise.de/news/Patchday-Android-Angreifer-koennen-sich-hoehere-R… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarchive, libsoup, libsoup2, libtasn1, libX11, libxml2, libxslt, orc, podman, python-Jinja2, python-requests, python3-setuptools, python310, python311, python39, rubygem-rack, sslh, SUSE Manager Client Tools, SUSE Manager Client Tools and Salt Bundle, ucode-intel, util-linux, and wget), and Ubuntu (libvpx, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-nvidia-tegra, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-aws-fips, linux-gcp-fips, linux-azure-fde, linux-fips, and linux-intel-iot-realtime, linux-realtime). --------------------------------------------- https://lwn.net/Articles/1023793/ ∗∗∗ ZDI-25-324: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-324/ ∗∗∗ ZDI-25-323: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-323/ ∗∗∗ ZDI-25-321: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-321/ ∗∗∗ Critical Vulnerability in multiple Mitsubishi Electric MELSEC iQ-F Series Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03 ∗∗∗ Critical Vulnerability in Schneider Electric Wiser Home Automation ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2025
by Daily end-of-shift report 03 Jun '25

03 Jun '25

===================== = End-of-Day report = ===================== Timeframe: Montag 02-06-2025 18:00 − Dienstag 03-06-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Malicious RubyGems pose as Fastlane to steal Telegram API data ∗∗∗ --------------------------------------------- Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-f… ∗∗∗ Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets ∗∗∗ --------------------------------------------- A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victims contacts list. --------------------------------------------- https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.h… ∗∗∗ How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms ∗∗∗ --------------------------------------------- We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems. [..] A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms appeared first on Unit 42. --------------------------------------------- https://unit42.paloaltonetworks.com/comparing-llm-guardrails-across-genai-p… ∗∗∗ Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims ∗∗∗ --------------------------------------------- North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer data. Explore the methods used by attackers and the wider impact on retail security. --------------------------------------------- https://hackread.com/cyberattacks-retailers-cartier-north-face-victims/ ∗∗∗ Inside RansomHub: Tactics, Targets, and What It Means for You ∗∗∗ --------------------------------------------- What is RansomHub ransomware? We dive into the groups TTPs, latest attacks and news, & mitigation strategies you should know in 2025. --------------------------------------------- https://www.bitsight.com/blog/guide-to-ransomhub-ransomware-2025 ===================== = Vulnerabilities = ===================== ∗∗∗ Google stopft attackierte Lücke in Chrome ∗∗∗ --------------------------------------------- In der Javascript-Engine V8 von Google Chrome ermöglicht eine Schwachstelle Angreifern, außerhalb vorgesehener Speichergrenzen zu lesen und zu schreiben. Für diese Schwachstelle ist ein Exploit in freier Wildbahn aufgetaucht, sie wird daher offenbar bereits attackiert. --------------------------------------------- https://www.heise.de/news/Google-stopft-attackierte-Luecke-in-Chrome-104232… ∗∗∗ Sicherheitsupdate: Vielfältige Attacken auf HPE StoreOnce möglich ∗∗∗ --------------------------------------------- Acht Softwareschwachstellen in der Backuplösung StoreOnce von HPE machen Systeme attackierbar. Darunter findet sich eine "kritische" Lücke. Über weitere Angriffe kann Schadcode auf PCs gelangen. Eine gegen mögliche Attacken geschützte Version steht ab sofort zum Download bereit. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdate-Vielfaeltige-Attacken-auf-HPE-S… ∗∗∗ Angreifer können Roundcube Webmail mit Schadcode attackieren ∗∗∗ --------------------------------------------- Webadmins sollten ihre Roundcube-Webmail-Instanzen zeitnah auf den aktuellen Stand bringen. In aktuellen Ausgaben haben die Entwickler eine Sicherheitslücke geschlossen, über die Schadcode auf Systeme gelangen kann. --------------------------------------------- https://www.heise.de/news/Kritische-Schadcode-Luecke-bedroht-Roundcube-Webm… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado). --------------------------------------------- https://lwn.net/Articles/1023625/ ∗∗∗ SVD-2025-0604: Third-Party Package Updates in Splunk Universal Forwarder - June 2025 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0604 ∗∗∗ SVD-2025-0603: Third-Party Package Updates in Splunk Enterprise - June 2025 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0603 ∗∗∗ SVD-2025-0602: Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0602 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily