[CERT-daily] Tageszusammenfassung - 06.06.2023

Tue Jun 6 19:03:05 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-06-2023 18:00 − Dienstag 06-06-2023 18:00
Handler:     Stephan Richter
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ SSD Advisory - Roundcube markasjunk RCE ∗∗∗
---------------------------------------------
A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code.
---------------------------------------------
https://ssd-disclosure.com/ssd-advisory-roundcube-markasjunk-rce/


∗∗∗ Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat ∗∗∗
---------------------------------------------
The Cyclops group is particularly proud of having created ransomware capable of infecting all three major platforms: Windows, Linux, and macOS. In an unprecedented move, it has also shared a separate binary specifically geared to steal sensitive data, such as an infected computer name and a number of processes. The latter targets specific files in both Windows and Linux.
---------------------------------------------
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo


∗∗∗ Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe ∗∗∗
---------------------------------------------
Google launched a “Priority 1” investigation into a Gmail security vulnerability after initially dismissing it as “intended behavior” that did not require a fix. The vulnerability relates to the Brand Indicators for Message Identification (BIMI) email authentication method, a feature Google introduced to Gmail in 2021 but only recently rolled out to all 1.8 billion users of its email services.
---------------------------------------------
https://www.scmagazine.com/news/email-security/gmail-spoofing-google-priority-1-probe


∗∗∗ Unsichere Firmware: Gigabyte liefert BIOS-Updates für Mainboards ∗∗∗
---------------------------------------------
Gigabyte sichert mit BIOS-Updates unsichere Mainboard-Update-Funktionen ab. Diese wurden Ende vergangene Woche entdeckt und betreffen rund 270 Modelle.
---------------------------------------------
https://heise.de/-9178747


∗∗∗ KeePass: Lücke zum Auslesen des Master-Passworts geschlossen ∗∗∗
---------------------------------------------
Eine Sicherheitslücke im Passwort-Manager KeePass ermöglichte die Rekonstruktion des Master-Passworts aus Speicherabbildern. Ein Update schließt sie jetzt.
---------------------------------------------
https://heise.de/-9179419


∗∗∗ Dozens of Malicious Extensions Found in Chrome Web Store ∗∗∗
---------------------------------------------
Security researchers recently identified more than 30 malicious extensions that had made their way into the Chrome web store, potentially infecting millions.
---------------------------------------------
https://www.securityweek.com/dozens-of-malicious-extensions-found-in-chrome-web-store/


∗∗∗ Webinar: Sicher bezahlen im Internet ∗∗∗
---------------------------------------------
Bei Online-Bestellungen im Internet gibt es inzwischen eine Vielzahl an Zahlungsmöglichkeiten. Worauf sollte ich bei der Auswahl achten und welche Zahlungsarten sollte ich lieber nicht nutzen? In diesem Webinar zeigen wir Ihnen, wie Sie im Internet sicher bezahlen. Nehmen Sie kostenlos teil: Dienstag 13. Juni 2023, 18:30 - 20:00 Uhr via zoom
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-sicher-bezahlen-im-internet/


∗∗∗ Online-Banking: Vorsicht vor gefälschten Login-Seiten in Suchmaschinen-Ergebnissen ∗∗∗
---------------------------------------------
Kriminellen fälschen Online-Banking-Login-Seiten und bewerben sie in Suchmaschinen. Bei einer Bing- oder Google-Suche nach der gewünschten Login-Seite werden die Fake-Seiten häufig als erstes Ergebnis angezeigt, wie uns ein Bank-Austria-Kunde gemeldet hat. Wenn Sie dort Ihre Daten eintippen, landen sie direkt bei Kriminellen. Wir zeigen Ihnen, wie Sie sich davor schützen.
---------------------------------------------
https://www.watchlist-internet.at/news/online-banking-vorsicht-vor-gefaelschten-login-seiten-in-suchmaschinen-ergebnissen/


∗∗∗ Xollam, the Latest Face of TargetCompany ∗∗∗
---------------------------------------------
This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants behaviors and the ransomware familys extortion scheme.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/f/xollam-the-latest-face-of-targetcompany.html


∗∗∗ Impulse Team’s Massive Years-Long Mostly-Undetected Cryptocurrency Scam ∗∗∗
---------------------------------------------
We have been able to uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a threat actor named Impulse Team.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/f/impulse-team-massive-cryptocurrency-scam.html


∗∗∗ Hackers Leak i2VPN Admin Credentials on Telegram ∗∗∗
---------------------------------------------
In a recent cybersecurity incident, hackers have claimed to have successfully breached the admin credentials of i2VPN, a popular freemium VPN proxy server app available for download on Google Play and the App Store.
---------------------------------------------
https://www.hackread.com/hackers-i2vpn-admin-credentials-telegram-leak/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Google Chrome 114.0.5735.106/.110 Sicherheitsupdates für 0-day ∗∗∗
---------------------------------------------
Es sind Sicherheitsupdates, welche eine kritische Schwachstelle (0-day) beseitigen.
---------------------------------------------
https://www.borncity.com/blog/2023/06/06/google-chrome-114-0-5735-106-110-sicherheitsupdates-fr-0-day/


∗∗∗ Android security update fixes Mali GPU flaw exploited by spyware ∗∗∗
---------------------------------------------
Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-security-update-fixes-mali-gpu-flaw-exploited-by-spyware/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
Multi-Enterprise Relationship Management, CICS TX, TXSeries for Multiplatforms, Tivoli Netcool Configuration Manager, IBM Control Desk, IBM Maximo, System Networking Switch Center, Tivoli System Automation for Multiplatforms, IBM SDK, IBM Business Automation, IBM Cloud Pak, IBM Operations Analytics, IBM Security Guardium and IBM Semeru Runtimes.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CVE-2023-33009 Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVE-2023-33010 Zyxel Multiple Firewalls Buffer Overflow Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/05/cisa-adds-two-known-exploited-vulnerabilities-catalog


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (linux-5.10), Red Hat (cups-filters, curl, kernel, kernel-rt, kpatch-patch, and webkit2gtk3), SUSE (apache-commons-fileupload, openstack-heat, openstack-swift, python-Werkzeug, and openstack-heat, python-Werkzeug), and Ubuntu (frr, go, libraw, libssh, nghttp2, python2.7, python3.10, python3.11, python3.5, python3.6, python3.8, and xfce4-settings).
---------------------------------------------
https://lwn.net/Articles/934010/


∗∗∗ Security Vulnerabilities fixed in Firefox 114 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/


∗∗∗ Security Vulnerabilities fixed in Firefox ESR 102.12 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/


∗∗∗ Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02


∗∗∗ Zyxel security advisory for privilege escalation vulnerability in GS1900 series switches ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches


∗∗∗ Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily