End-of-Day report
Timeframe: Dienstag 11-06-2024 18:00 - Mittwoch 12-06-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Schwachstelle in Windows: Angreifer können per WLAN Schadcode einschleusen
Ein Angreifer muss sich lediglich in WLAN-Reichweite zum Zielsystem befinden, um bösartigen Code auszuführen. Betroffen sind alle gängigen Windows-Versionen.
https://www.golem.de/news/schwachstelle-in-windows-angreifer-koennen-per-wlan-schadcode-einschleusen-2406-185979.html
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.
https://www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/
New backdoor BadSpace delivered by high-ranking infected websites
Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, theres an unwelcome surprise: the ..
https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Geheimdienst deckt auf: China-Hacker dringen in 20.000 Fortinet-Systeme ein
Ziele der Cyberangriffe sind dem niederländischen NCSC zufolge westliche Regierungen, diplomatische Einrichtungen und die Rüstungsindustrie.
https://www.golem.de/news/geheimdienst-deckt-auf-china-hacker-dringen-in-20-000-fortinet-systeme-ein-2406-185985.html
Microsoft Patch Tuesday June 2024, (Tue, Jun 11th)
Microsoft's June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft's Brave browser. Only one vulnerability is rated critical. One of the vulnerabilities had been disclosed before today.
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2024/31000
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from ..
https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
Adobe Plugs Code Execution Holes in After Effects, Illustrator
Patch Tuesday: Adobe fixes critical flaws and warns of the risk of code execution attacks on Windows and macOS platforms.
https://www.securityweek.com/adobe-plugs-code-execution-holes-in-after-effects-illustrator/
Betrifft iOS und MacOS: Angreifer können per Mail Facetime-Anrufe einleiten
Der Entdecker der Schwachstelle behauptet, sie lasse sich sehr einfach ausnutzen. Selbst ein aktiver Lockdown-Modus könne die unerwünschten Anrufe nicht blockieren.
https://www.golem.de/news/betrifft-ios-und-macos-angreifer-koennen-per-mail-facetime-anrufe-einleiten-2406-185993.html
Ransomware Group Exploits PHP Vulnerability Days After Disclosure
The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.
https://www.securityweek.com/ransomware-group-exploits-php-vulnerability-days-after-disclosure/
GitHub Paid Out Over $4 Million via Bug Bounty Program
The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.
https://www.securityweek.com/github-paid-out-over-4-million-via-bug-bounty-program/
The Evolution of QR Code Phishing: ASCII-Based QR Codes
Quishing is a rapidly evolving threat. Starting around August, when we saw the first rapid increase, we-ve also seen a change in the type of QR code attacks. It started with standard MFA authentication requests. It then evolved to conditional routing and custom targeting. Now, we-re seeing another evolution, into the manipulation of ..
https://blog.checkpoint.com/harmony-email/the-evolution-of-qr-code-phishing-ascii-based-qr-codes/
Ukrainian police identify suspected affiliate of Conti, LockBit groups
Ukrainian cyber police say they have identified a local hacker affiliated with the notorious Conti and LockBit ..
https://therecord.media/ukraine-suspected-lockbit-conti-affiliate
Vulnerabilities
DSA-5707-1 vlc - security update
https://lists.debian.org/debian-security-announce/2024/msg00117.html
ZDI-24-579: Apple macOS PPM Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-579/
Security updates for Wednesday
https://lwn.net/Articles/978136/
XenServer and Citrix Hypervisor Security Update for CVE-2024-5661
https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661