End-of-Day report
Timeframe: Dienstag 25-06-2024 18:00 - Mittwoch 26-06-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
New Medusa Android Trojan Targets Banking Users Across 7 Countries
Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S.
https://thehackernews.com/2024/06/new-medusa-android-trojan-targets.html
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer.
https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html
Vorsicht vor Jobbetrug auf dm-supermall.com
Vorsicht, wenn Sie für Ihren neuen Job, bei dm-supermall.com einkaufen müssen. Diese Plattform ist Teil einer Betrugsmasche. Der neue Job, bei dem Sie Online-Shops oder Dienstleistungen testen, ist betrügerisch.
https://www.watchlist-internet.at/news/vorsicht-vor-jobbetrug-auf-dm-supermallcom/
Attackers Exploiting Public Cobalt Strike Profiles
Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques.
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles/
Buying a VPN? Here-s what to know and look for
VPNs are not all created equal - make sure to choose the right provider that will help keep your data safe from prying eyes.
https://www.welivesecurity.com/en/privacy/buying-vpn-what-know-look-for/
Vulnerabilities
Snowblind malware abuses Android security feature to bypass security
A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.
https://www.bleepingcomputer.com/news/security/snowblind-malware-abuses-android-security-feature-to-bypass-security/
A Novel DoS Vulnerability affecting WebRTC Media Servers
A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC-s DTLS-SRTP, specifically in their handling of ClientHello messages.
https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/
Security updates for Wednesday
Security updates have been issued by AlmaLinux (git, python3.11, and python3.9), Debian (chromium, emacs, git, linux-5.10, and org-mode), Fedora (libopenmpt, nginx-mod-modsecurity, and thunderbird), Mageia (emacs, python-ansible-core, and python-authlib), Oracle (git, python3.11, and python3.9), Red Hat (kernel, kernel-rt, and samba), and Ubuntu (ansible, cups, google-guest-agent, google-osconfig-agent, libheif, openvpn, roundcube, and salt).
https://lwn.net/Articles/979740/
Supply-Chain-Angriff gegen polyfill.js
Die populäre Javascript-Bibliothek polyfill.js, welche von Entwickler:innen verwendet wird, um alte Browserversionen zu unterstützen, wurde Opfer eines Supply-Chain-Angriffes beziehungsweise für einen solchen missbraucht.
https://www.cert.at/de/aktuelles/2024/6/supply-chain-angriff-gegen-polyfilljs
Jetzt patchen! Progress-MOVEit-Sicherheitslücken werden bereits angegriffen
Progress hat zwei kritische Lücken in MOVEit Gateway und Transfer gestopft. Eine davon missbrauchen Cyberkriminelle bereits.
https://heise.de/-9778266
Sicherheitslücke: Apple stoppt Bluetooth-Übernahme von AirPods und Beats-Geräten
Apple hat eine neue Firmware für verschiedene Kopfhörermodelle veröffentlicht, die eine problematische Lücke schließt. Das Update ist allerdings nicht einfach.
https://heise.de/-9778924
ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-882/
Multiple Vulnerabilities in Siemens Power Automation Products (CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE)
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-siemens-power-automation-products-cp-8000-cp-8021-cp8-022-cp-8031-cp-8050-sicore/