[CERT-daily] Tageszusammenfassung - 24.05.2024

Fri May 24 18:11:29 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-05-2024 18:00 − Freitag 24-05-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft spots gift card thieves using cyber-espionage tactics ∗∗∗
---------------------------------------------
Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/


∗∗∗ DKIM/BIMI: Die Zombies des Debian-OpenSSL-Bugs ∗∗∗
---------------------------------------------
Vor 16 Jahren sorgte ein Bug dafür, dass mit Debian und OpenSSL erstellte Schlüssel unsicher waren. Viele DKIM-Setups nutzten auch 16 Jahre später solche Schlüssel.
---------------------------------------------
https://www.golem.de/news/dkim-bimi-die-zombies-des-debian-openssl-bugs-2405-185275.html


∗∗∗ Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.
---------------------------------------------
https://thehackernews.com/2024/05/japanese-experts-warn-of-bloodalchemy.html


∗∗∗ Fake Antivirus Websites Deliver Malware to Android and Windows Devices ∗∗∗
---------------------------------------------
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.
---------------------------------------------
https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html


∗∗∗ Google Chrome: Vierte bereits missbrauchte Zero-Day-Lücke in zwei Wochen ∗∗∗
---------------------------------------------
Google schließt eine Zero-Day-Lücke im Chrome-Webbrowser, die bereits angegriffen wird. Die vierte in zwei Wochen.
---------------------------------------------
https://heise.de/-9730530


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Dringend patchen: Gitlab-Schwachstelle ermöglicht Übernahme fremder Konten ∗∗∗
---------------------------------------------
Die Sicherheitslücke ist über ein Bug-Bounty-Programm gemeldet worden. Der Entdecker erhielt dafür mehr als 10.000 US-Dollar von Gitlab.
---------------------------------------------
https://www.golem.de/news/dringend-patchen-gitlab-schwachstelle-ermoeglicht-uebernahme-fremder-konten-2405-185399.html


∗∗∗ Mehrere Schwachstellen entdeckt: Qnap verschläft Patches und gelobt Besserung ∗∗∗
---------------------------------------------
Nach der Entdeckung teils schwerwiegender Sicherheitslücken in QTS und QuTS Hero liefert Qnap Patches und entschuldigt sich für die Verspätung.
---------------------------------------------
https://www.golem.de/news/mehrere-schwachstellen-entdeckt-qnap-verschlaeft-patches-und-gelobt-besserung-2405-185415.html


∗∗∗ CISA Warns of Actively Exploited Apache Flink Security Vulnerability ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
---------------------------------------------
https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-apache.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium, libreoffice, and thunderbird), Red Hat (.NET 7.0, .NET 8.0, gdk-pixbuf2, git-lfs, glibc, python3, and xorg-x11-server-Xwayland), SUSE (firefox, opensc, and ucode-intel), and Ubuntu (cjson and gnome-remote-desktop).
---------------------------------------------
https://lwn.net/Articles/974913/


∗∗∗ Splunk Config Explorer vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN56781258/


∗∗∗ WordPress Plugin "WP Booking" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN35838128/


∗∗∗ Exposed Serial Shell on multiple PLCs in Siemens CP-XXXX Series ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/exposed-serial-shell-on-multiple-plcs-in-siemens-cp-xxxx-series/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily