End-of-Day report
Timeframe: Montag 05-06-2023 18:00 - Dienstag 06-06-2023 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
News
SSD Advisory - Roundcube markasjunk RCE
A vulnerability in Roundcube-s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code.
https://ssd-disclosure.com/ssd-advisory-roundcube-markasjunk-rce/
Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat
The Cyclops group is particularly proud of having created ransomware capable of infecting all three major platforms: Windows, Linux, and macOS. In an unprecedented move, it has also shared a separate binary specifically geared to steal sensitive data, such as an infected computer name and a number of processes. The latter targets specific files in both Windows and Linux.
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
Gmail spoofing vulnerability sparks Google -Priority 1- probe
Google launched a -Priority 1- investigation into a Gmail security vulnerability after initially dismissing it as -intended behavior- that did not require a fix. The vulnerability relates to the Brand Indicators for Message Identification (BIMI) email authentication method, a feature Google introduced to Gmail in 2021 but only recently rolled out to all 1.8 billion users of its email services.
https://www.scmagazine.com/news/email-security/gmail-spoofing-google-priority-1-probe
Unsichere Firmware: Gigabyte liefert BIOS-Updates für Mainboards
Gigabyte sichert mit BIOS-Updates unsichere Mainboard-Update-Funktionen ab. Diese wurden Ende vergangene Woche entdeckt und betreffen rund 270 Modelle.
https://heise.de/-9178747
KeePass: Lücke zum Auslesen des Master-Passworts geschlossen
Eine Sicherheitslücke im Passwort-Manager KeePass ermöglichte die Rekonstruktion des Master-Passworts aus Speicherabbildern. Ein Update schließt sie jetzt.
https://heise.de/-9179419
Dozens of Malicious Extensions Found in Chrome Web Store
Security researchers recently identified more than 30 malicious extensions that had made their way into the Chrome web store, potentially infecting millions.
https://www.securityweek.com/dozens-of-malicious-extensions-found-in-chrome-web-store/
Webinar: Sicher bezahlen im Internet
Bei Online-Bestellungen im Internet gibt es inzwischen eine Vielzahl an Zahlungsmöglichkeiten. Worauf sollte ich bei der Auswahl achten und welche Zahlungsarten sollte ich lieber nicht nutzen? In diesem Webinar zeigen wir Ihnen, wie Sie im Internet sicher bezahlen. Nehmen Sie kostenlos teil: Dienstag 13. Juni 2023, 18:30 - 20:00 Uhr via zoom
https://www.watchlist-internet.at/news/webinar-sicher-bezahlen-im-internet/
Online-Banking: Vorsicht vor gefälschten Login-Seiten in Suchmaschinen-Ergebnissen
Kriminellen fälschen Online-Banking-Login-Seiten und bewerben sie in Suchmaschinen. Bei einer Bing- oder Google-Suche nach der gewünschten Login-Seite werden die Fake-Seiten häufig als erstes Ergebnis angezeigt, wie uns ein Bank-Austria-Kunde gemeldet hat. Wenn Sie dort Ihre Daten eintippen, landen sie direkt bei Kriminellen. Wir zeigen Ihnen, wie Sie sich davor schützen.
https://www.watchlist-internet.at/news/online-banking-vorsicht-vor-gefaelschten-login-seiten-in-suchmaschinen-ergebnissen/
Xollam, the Latest Face of TargetCompany
This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants behaviors and the ransomware familys extortion scheme.
https://www.trendmicro.com/en_us/research/23/f/xollam-the-latest-face-of-targetcompany.html
Impulse Team-s Massive Years-Long Mostly-Undetected Cryptocurrency Scam
We have been able to uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a threat actor named Impulse Team.
https://www.trendmicro.com/en_us/research/23/f/impulse-team-massive-cryptocurrency-scam.html
Hackers Leak i2VPN Admin Credentials on Telegram
In a recent cybersecurity incident, hackers have claimed to have successfully breached the admin credentials of i2VPN, a popular freemium VPN proxy server app available for download on Google Play and the App Store.
https://www.hackread.com/hackers-i2vpn-admin-credentials-telegram-leak/
Vulnerabilities
Google Chrome 114.0.5735.106/.110 Sicherheitsupdates für 0-day
Es sind Sicherheitsupdates, welche eine kritische Schwachstelle (0-day) beseitigen.
https://www.borncity.com/blog/2023/06/06/google-chrome-114-0-5735-106-110-sicherheitsupdates-fr-0-day/
Android security update fixes Mali GPU flaw exploited by spyware
Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December.
https://www.bleepingcomputer.com/news/security/android-security-update-fixes-mali-gpu-flaw-exploited-by-spyware/
IBM Security Bulletins
Multi-Enterprise Relationship Management, CICS TX, TXSeries for Multiplatforms, Tivoli Netcool Configuration Manager, IBM Control Desk, IBM Maximo, System Networking Switch Center, Tivoli System Automation for Multiplatforms, IBM SDK, IBM Business Automation, IBM Cloud Pak, IBM Operations Analytics, IBM Security Guardium and IBM Semeru Runtimes.
https://www.ibm.com/support/pages/bulletin/
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2023-33009 Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVE-2023-33010 Zyxel Multiple Firewalls Buffer Overflow Vulnerability
https://www.cisa.gov/news-events/alerts/2023/06/05/cisa-adds-two-known-exploited-vulnerabilities-catalog
Security updates for Tuesday
Security updates have been issued by Debian (linux-5.10), Red Hat (cups-filters, curl, kernel, kernel-rt, kpatch-patch, and webkit2gtk3), SUSE (apache-commons-fileupload, openstack-heat, openstack-swift, python-Werkzeug, and openstack-heat, python-Werkzeug), and Ubuntu (frr, go, libraw, libssh, nghttp2, python2.7, python3.10, python3.11, python3.5, python3.6, python3.8, and xfce4-settings).
https://lwn.net/Articles/934010/
Security Vulnerabilities fixed in Firefox 114
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/
Security Vulnerabilities fixed in Firefox ESR 102.12
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series
https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02
Zyxel security advisory for privilege escalation vulnerability in GS1900 series switches
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches
Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers