===================== = End-of-Day report = =====================
Timeframe: Montag 02-06-2025 18:00 − Dienstag 03-06-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler
===================== = News = =====================
∗∗∗ Malicious RubyGems pose as Fastlane to steal Telegram API data ∗∗∗ --------------------------------------------- Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fa...
∗∗∗ Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets ∗∗∗ --------------------------------------------- A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victims contacts list. --------------------------------------------- https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.ht...
∗∗∗ How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms ∗∗∗ --------------------------------------------- We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems. [..] A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms appeared first on Unit 42. --------------------------------------------- https://unit42.paloaltonetworks.com/comparing-llm-guardrails-across-genai-pl...
∗∗∗ Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims ∗∗∗ --------------------------------------------- North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer data. Explore the methods used by attackers and the wider impact on retail security. --------------------------------------------- https://hackread.com/cyberattacks-retailers-cartier-north-face-victims/
∗∗∗ Inside RansomHub: Tactics, Targets, and What It Means for You ∗∗∗ --------------------------------------------- What is RansomHub ransomware? We dive into the groups TTPs, latest attacks and news, & mitigation strategies you should know in 2025. --------------------------------------------- https://www.bitsight.com/blog/guide-to-ransomhub-ransomware-2025
===================== = Vulnerabilities = =====================
∗∗∗ Google stopft attackierte Lücke in Chrome ∗∗∗ --------------------------------------------- In der Javascript-Engine V8 von Google Chrome ermöglicht eine Schwachstelle Angreifern, außerhalb vorgesehener Speichergrenzen zu lesen und zu schreiben. Für diese Schwachstelle ist ein Exploit in freier Wildbahn aufgetaucht, sie wird daher offenbar bereits attackiert. --------------------------------------------- https://www.heise.de/news/Google-stopft-attackierte-Luecke-in-Chrome-1042320...
∗∗∗ Sicherheitsupdate: Vielfältige Attacken auf HPE StoreOnce möglich ∗∗∗ --------------------------------------------- Acht Softwareschwachstellen in der Backuplösung StoreOnce von HPE machen Systeme attackierbar. Darunter findet sich eine "kritische" Lücke. Über weitere Angriffe kann Schadcode auf PCs gelangen. Eine gegen mögliche Attacken geschützte Version steht ab sofort zum Download bereit. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdate-Vielfaeltige-Attacken-auf-HPE-St...
∗∗∗ Angreifer können Roundcube Webmail mit Schadcode attackieren ∗∗∗ --------------------------------------------- Webadmins sollten ihre Roundcube-Webmail-Instanzen zeitnah auf den aktuellen Stand bringen. In aktuellen Ausgaben haben die Entwickler eine Sicherheitslücke geschlossen, über die Schadcode auf Systeme gelangen kann. --------------------------------------------- https://www.heise.de/news/Kritische-Schadcode-Luecke-bedroht-Roundcube-Webma...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado). --------------------------------------------- https://lwn.net/Articles/1023625/
∗∗∗ SVD-2025-0604: Third-Party Package Updates in Splunk Universal Forwarder - June 2025 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0604
∗∗∗ SVD-2025-0603: Third-Party Package Updates in Splunk Enterprise - June 2025 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0603
∗∗∗ SVD-2025-0602: Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-0602