[CERT-daily] Tageszusammenfassung - 05.06.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-06-2024 18:00 − Mittwoch 05-06-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New V3B phishing kit targets customers of 54 European banks ∗∗∗
---------------------------------------------
Cybercriminals are promoting a new phishing kit named V3B on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-v3b-phishing-kit-targets-customers-of-54-european-banks/


∗∗∗ Cisco Webex: Tausende Videokonferenzen von Ministerien waren abhörbar ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in Cisco Webex ermöglichte Angreifern das Abhören von Onlinemeetings. Jüngste Recherchen zeigen: Die Liste der Betroffenen ist lang.
---------------------------------------------
https://www.golem.de/news/cisco-webex-tausende-videokonferenzen-von-ministerien-waren-abhoerbar-2406-185766.html


∗∗∗ Authentifizierung: Microsofts NTLM ist nun offiziell veraltet ∗∗∗
---------------------------------------------
Das Authentifizierungsprotokoll wird allerdings in vielen Apps und Arbeitsgruppen noch immer verwendet. Microsoft empfiehlt Kerberos.
---------------------------------------------
https://www.golem.de/news/authentifizierung-microsofts-ntlm-ist-nun-offiziell-veraltet-2406-185772.html


∗∗∗ Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them ∗∗∗
---------------------------------------------
Lolbins? Where we’re going, we don’t need lolbins.
---------------------------------------------
https://research.nccgroup.com/2024/06/05/cross-execute-your-linux-binaries-dont-cross-compile-them/


∗∗∗ Vorsicht vor E-Mail zu ausstehenden Schulden im Namen angeblicher Kunden ∗∗∗
---------------------------------------------
Kriminelle senden E-Mails an Unternehmen und geben sich als deren Kunden aus. Es wird nachgefragt, ob derzeit offene Forderungen bestehen. Ist dies der Fall, sollen die entsprechenden Rechnungen zugesandt werden. Antworten Sie nicht auf diese E-Mails.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-e-mail-zu-ausstehenden-schulden-im-namen-angeblicher-kunden/


∗∗∗ RansomHub: New Ransomware has Origins in Older Knight ∗∗∗
---------------------------------------------
Emergent operation has grown quickly to become one of the most prolific ransomware threats.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware


∗∗∗ Threat Actors’ Systems Can Also Be Exposed and Used by Other Threat Actors ∗∗∗
---------------------------------------------
Types of cyberattack include not only Advanced Persistent Threat (APT) attacks targeting a few specific companies or organizations but also scan attacks targeting multiple random servers connected to the Internet. This means that the infrastructures of threat actors can become the targets of cyberattack alongside companies, organizations, and personal users.
---------------------------------------------
https://asec.ahnlab.com/en/66372/


∗∗∗ DarkGate switches up its tactics with new payload, email templates ∗∗∗
---------------------------------------------
Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victims system with the DarkGate malware.
---------------------------------------------
https://blog.talosintelligence.com/darkgate-remote-template-injection/


∗∗∗ Muhstik Malware Targets Message Queuing Services Applications ∗∗∗
---------------------------------------------
Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform.
---------------------------------------------
https://blog.aquasec.com/muhstik-malware-targets-message-queuing-services-applications



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dotnet8.0, dwayland, fcitx-qt5, fcitx5-qt, gammaray, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qgnomeplatform, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, [...]
---------------------------------------------
https://lwn.net/Articles/977233/


∗∗∗ TikTok: Zero-Day-Lücke ermöglichte Übernahme von Promi- und Marken-Accounts ∗∗∗
---------------------------------------------
Wegen einer Zero-Day-Lücke ließen sich auf TikTok Accounts über eine Direktnachricht übernehmen.
---------------------------------------------
https://heise.de/-9748177


∗∗∗ Patchday: Attacken auf Geräte mit Android 12, 13 und 14 möglich ∗∗∗
---------------------------------------------
Wichtige Sicherheitsupdates schließen mehrere Schwachstellen in verschiedenen Android-Versionen.
---------------------------------------------
https://heise.de/-9748243


∗∗∗ 40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/06/40000-wordpress-sites-affected-by-vulnerability-that-leads-to-privilege-escalation-in-login-signup-popup-wordpress-plugin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily