===================== = End-of-Day report = =====================

Timeframe: Dienstag 03-06-2025 18:00 − Mittwoch 04-06-2025 18:00 Handler: Felician Fuchs Co-Handler: n/a

===================== = News = =====================

∗∗∗ Coinbase breach tied to bribed TaskUs support agents in India ∗∗∗ --------------------------------------------- A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribe...

∗∗∗ Umgehung des Sandboxings: Meta und Yandex de-anonymisieren Android-Nutzer ∗∗∗ --------------------------------------------- Sicherheitsforscher decken eine Methode auf, mit der Meta und Yandex flüchtige Web-Identifikatoren in dauerhafte Nutzeridentitäten umgewandelt haben. --------------------------------------------- https://www.golem.de/news/umgehung-des-sandboxings-meta-und-yandex-de-anonym...

∗∗∗ The strange tale of ischhfd83: When cybercriminals eat their own ∗∗∗ --------------------------------------------- This investigation is a good example of how threats can be much more complex than they first appear. From an initial customer query about a new RAT, we uncovered a significant amount of backdoored GitHub repositories, containing multiple kinds of backdoors. --------------------------------------------- https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-...

∗∗∗ Acreed infostealer poised to replace Lumma after global crackdown ∗∗∗ --------------------------------------------- The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said. --------------------------------------------- https://therecord.media/acreed-infostealer-arises-after-lumma-takedown

∗∗∗ Angriffe laufen: Connectwise, Craft CMS und Asus-Router im Visier ∗∗∗ --------------------------------------------- Die CISA warnt vor Angriffen auf Sicherheitslecks in Connectwise ScreenConnect, Craft CMS und Asus-Router. Updates stehen bereit. --------------------------------------------- https://heise.de/-10424978

===================== = Vulnerabilities = =====================

∗∗∗ Patchday Android: Angreifer können sich höhere Rechte verschaffen ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates schließen mehrere Lücken in Android 13, 14 und 15. Angreifer attackieren Geräte mit Qualcomm-Prozessor. --------------------------------------------- https://www.heise.de/news/Patchday-Android-Angreifer-koennen-sich-hoehere-Re...

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarchive, libsoup, libsoup2, libtasn1, libX11, libxml2, libxslt, orc, podman, python-Jinja2, python-requests, python3-setuptools, python310, python311, python39, rubygem-rack, sslh, SUSE Manager Client Tools, SUSE Manager Client Tools and Salt Bundle, ucode-intel, util-linux, and wget), and Ubuntu (libvpx, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-nvidia-tegra, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-aws-fips, linux-gcp-fips, linux-azure-fde, linux-fips, and linux-intel-iot-realtime, linux-realtime). --------------------------------------------- https://lwn.net/Articles/1023793/

∗∗∗ ZDI-25-324: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-324/

∗∗∗ ZDI-25-323: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-323/

∗∗∗ ZDI-25-321: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-321/

∗∗∗ Critical Vulnerability in multiple Mitsubishi Electric MELSEC iQ-F Series Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03

∗∗∗ Critical Vulnerability in Schneider Electric Wiser Home Automation ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-01