===================== = End-of-Day report = =====================
Timeframe: Donnerstag 05-03-2026 18:00 − Freitag 06-03-2026 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Wikipedia hit by self-propagating JavaScript worm that vandalized pages ∗∗∗ --------------------------------------------- The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propaga...
∗∗∗ Fake Claude Code install guides push infostealers in InstallFix attacks ∗∗∗ --------------------------------------------- Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-claude-code-install-guid...
∗∗∗ Cyberangriff: Das FBI hat offenbar Hacker im Netzwerk ∗∗∗ --------------------------------------------- Beim FBI ist offenbar ein System zur Verwaltung von Überwachungsmaßnahmen kompromittiert worden. Die Behörde untersucht verdächtige Aktivitäten. --------------------------------------------- https://www.golem.de/news/cyberangriff-das-fbi-hat-offenbar-hacker-im-netzwe...
∗∗∗ Datenschutz: FBI gelangt an Zahlungsdaten von Protonmail ∗∗∗ --------------------------------------------- Durch Rechtshilfeabkommen können persönliche Daten auch aus der Schweiz an Strafverfolgungsbehörden in den USA gelangen. --------------------------------------------- https://www.golem.de/news/datenschutz-fbi-gelangt-an-zahlungsdaten-von-proto...
∗∗∗ Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer ∗∗∗ --------------------------------------------- Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. --------------------------------------------- https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html
∗∗∗ Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. --------------------------------------------- https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html
∗∗∗ Warnung vor Angriffen auf Hikvision, Rockwell Automation und Apple-Produkte ∗∗∗ --------------------------------------------- Die US-amerikanische IT-Sicherheitsbehörde CISA warnt vor aktuellen Angriffen auf Hikvision, Rockwell Automation und Apple-Produkte. --------------------------------------------- https://www.heise.de/news/Warnung-vor-Angriffen-auf-Hikvision-Rockwell-Autom...
∗∗∗ London: Bei Cyberangriff auf Verkehrsbehörde zehn Millionen Datensätze gestohlen ∗∗∗ --------------------------------------------- 2024 gab es einen Cyberangriff auf die britische Behörde TfL. Nun ist herausgekommen: Dabei wurden auch Daten von zehn Millionen Kundinnen und Kunden gestohlen. --------------------------------------------- https://www.heise.de/news/London-Zehn-Millionen-Datensaetze-bei-Cyberangriff...
∗∗∗ BSI: 11.500 kritische Einrichtungen unter NIS2 registriert ∗∗∗ --------------------------------------------- Zum Registrierungsfristende haben tausende Unternehmen den Prozess abgeschlossen – doch knapp 20.000 fehlen wohl noch. --------------------------------------------- https://www.heise.de/news/BSI-11-500-kritische-Einrichtungen-unter-NIS2-regi...
∗∗∗ Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets ∗∗∗ --------------------------------------------- We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2026/03/fake-cleanmymac-site-...
∗∗∗ An Investigation Into Years of Undetected Operations Targeting High-Value Sectors ∗∗∗ --------------------------------------------- In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft. --------------------------------------------- https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/
∗∗∗ The Hidden Cyber Risks of Remote Work Infrastructure ∗∗∗ --------------------------------------------- Hidden cyber risks in remote work include insecure home Wi-Fi, phishing attacks, and data exposure, leaving businesses and employees vulnerable to breaches. --------------------------------------------- https://hackread.com/hidden-cyber-risks-remote-work-infrastructure/
∗∗∗ Avira: Deserialize, Delete and Escalate - The Proper Way to Use an AV ∗∗∗ --------------------------------------------- Avira Internet Security ships with a handful of modules that quietly handle privileged operations in the background: software updates, performance monitoring and system cleanup. Each one runs parts of its workflow as SYSTEM. Three of them dont bother checking what they are actually operating on. --------------------------------------------- http://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-w...
∗∗∗ A GitHub Issue Title Compromised 4,000 Developer Machines ∗∗∗ --------------------------------------------- The attack - which Snyk named "Clinejection"2 - composes five well-understood vulnerabilities into a single exploit that requires nothing more than opening a GitHub issue. --------------------------------------------- https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
∗∗∗ Fake imToken Chrome Extension Steals Seed Phrases via Phishing Redirects ∗∗∗ --------------------------------------------- Socket’s Threat Research Team uncovered a malicious Chrome extension, lmΤoken Chromophore (extension ID bbhaganppipihlhjgaaeeeefbaoihcgi), that impersonates imToken while presenting itself as a hex color visualizer in the Chrome Web Store. Instead of providing the harmless tool it promises, the extension automatically opens a threat actor-controlled phishing site as soon as it is installed, and again whenever the user clicks it. --------------------------------------------- https://socket.dev/blog/fake-imtoken-chrome-extension-steals-seed-phrases-vi...
∗∗∗ A Satellite Receiver Trusted by Pentagon, ESA Has More Than 20 Security Flaws — and the Maker Never Responded ∗∗∗ --------------------------------------------- A penetration tester found more than 20 vulnerabilities in a satellite receiver deployed by the U.S. Department of Defense (also referred to as the Department of War), the European Space Agency, and other critical infrastructure operators worldwide — and the device’s manufacturer, International Data Casting Corporation (IDC), did not respond to a single disclosure attempt over several months. --------------------------------------------- https://thecyberexpress.com/satellite-receiver-vulnerabilities-unpatched/
===================== = Vulnerabilities = =====================
∗∗∗ WordPress membership plugin bug exploited to create admin accounts ∗∗∗ --------------------------------------------- Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-membership-plugin-b...
∗∗∗ Acronis warnt vor zig Sicherheitslücken in Cyber Protect ∗∗∗ --------------------------------------------- Vor mehr als 20 Sicherheitslücken in Cyber Protect warnt Acronis aktuell. Admins sollten bereitstehende Updates rasch anwenden. --------------------------------------------- https://www.heise.de/news/Acronis-Cyber-Protect-Zig-Schwachstellen-gefaehrde...
∗∗∗ LWN Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1061738/