[CERT-daily] Tageszusammenfassung - 26.06.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 25-06-2024 18:00 − Mittwoch 26-06-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New Medusa Android Trojan Targets Banking Users Across 7 Countries ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S.
---------------------------------------------
https://thehackernews.com/2024/06/new-medusa-android-trojan-targets.html


∗∗∗ New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites ∗∗∗
---------------------------------------------
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer.
---------------------------------------------
https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html


∗∗∗ Vorsicht vor Jobbetrug auf dm-supermall.com ∗∗∗
---------------------------------------------
Vorsicht, wenn Sie für Ihren neuen Job, bei dm-supermall.com einkaufen müssen. Diese Plattform ist Teil einer Betrugsmasche. Der neue Job, bei dem Sie Online-Shops oder Dienstleistungen testen, ist betrügerisch.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-jobbetrug-auf-dm-supermallcom/


∗∗∗ Attackers Exploiting Public Cobalt Strike Profiles ∗∗∗
---------------------------------------------
Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques.
---------------------------------------------
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles/


∗∗∗ Buying a VPN? Here’s what to know and look for ∗∗∗
---------------------------------------------
VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes.
---------------------------------------------
https://www.welivesecurity.com/en/privacy/buying-vpn-what-know-look-for/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Snowblind malware abuses Android security feature to bypass security ∗∗∗
---------------------------------------------
A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/snowblind-malware-abuses-android-security-feature-to-bypass-security/


∗∗∗ A Novel DoS Vulnerability affecting WebRTC Media Servers ∗∗∗
---------------------------------------------
A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP, specifically in their handling of ClientHello messages.
---------------------------------------------
https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (git, python3.11, and python3.9), Debian (chromium, emacs, git, linux-5.10, and org-mode), Fedora (libopenmpt, nginx-mod-modsecurity, and thunderbird), Mageia (emacs, python-ansible-core, and python-authlib), Oracle (git, python3.11, and python3.9), Red Hat (kernel, kernel-rt, and samba), and Ubuntu (ansible, cups, google-guest-agent, google-osconfig-agent, libheif, openvpn, roundcube, and salt).
---------------------------------------------
https://lwn.net/Articles/979740/


∗∗∗ Supply-Chain-Angriff gegen polyfill.js ∗∗∗
---------------------------------------------
Die populäre Javascript-Bibliothek polyfill.js, welche von Entwickler:innen verwendet wird, um alte Browserversionen zu unterstützen, wurde Opfer eines Supply-Chain-Angriffes beziehungsweise für einen solchen missbraucht.
---------------------------------------------
https://www.cert.at/de/aktuelles/2024/6/supply-chain-angriff-gegen-polyfilljs


∗∗∗ Jetzt patchen! Progress-MOVEit-Sicherheitslücken werden bereits angegriffen ∗∗∗
---------------------------------------------
Progress hat zwei kritische Lücken in MOVEit Gateway und Transfer gestopft. Eine davon missbrauchen Cyberkriminelle bereits.
---------------------------------------------
https://heise.de/-9778266


∗∗∗ Sicherheitslücke: Apple stoppt Bluetooth-Übernahme von AirPods und Beats-Geräten ∗∗∗
---------------------------------------------
Apple hat eine neue Firmware für verschiedene Kopfhörermodelle veröffentlicht, die eine problematische Lücke schließt. Das Update ist allerdings nicht einfach.
---------------------------------------------
https://heise.de/-9778924


∗∗∗ ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-24-882/


∗∗∗ Multiple Vulnerabilities in Siemens Power Automation Products (CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE) ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-siemens-power-automation-products-cp-8000-cp-8021-cp8-022-cp-8031-cp-8050-sicore/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily