Tageszusammenfassung - 24.05.2024

End-of-Day report

Timeframe: Donnerstag 23-05-2024 18:00 - Freitag 24-05-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Microsoft spots gift card thieves using cyber-espionage tactics

Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States.

https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/

DKIM/BIMI: Die Zombies des Debian-OpenSSL-Bugs

Vor 16 Jahren sorgte ein Bug dafür, dass mit Debian und OpenSSL erstellte Schlüssel unsicher waren. Viele DKIM-Setups nutzten auch 16 Jahre später solche Schlüssel.

https://www.golem.de/news/dkim-bimi-die-zombies-des-debian-openssl-bugs-2405-185275.html

Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.

https://thehackernews.com/2024/05/japanese-experts-warn-of-bloodalchemy.html

Fake Antivirus Websites Deliver Malware to Android and Windows Devices

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.

https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html

Google Chrome: Vierte bereits missbrauchte Zero-Day-Lücke in zwei Wochen

Google schließt eine Zero-Day-Lücke im Chrome-Webbrowser, die bereits angegriffen wird. Die vierte in zwei Wochen.

https://heise.de/-9730530

Vulnerabilities

Dringend patchen: Gitlab-Schwachstelle ermöglicht Übernahme fremder Konten

Die Sicherheitslücke ist über ein Bug-Bounty-Programm gemeldet worden. Der Entdecker erhielt dafür mehr als 10.000 US-Dollar von Gitlab.

https://www.golem.de/news/dringend-patchen-gitlab-schwachstelle-ermoeglicht-uebernahme-fremder-konten-2405-185399.html

Mehrere Schwachstellen entdeckt: Qnap verschläft Patches und gelobt Besserung

Nach der Entdeckung teils schwerwiegender Sicherheitslücken in QTS und QuTS Hero liefert Qnap Patches und entschuldigt sich für die Verspätung.

https://www.golem.de/news/mehrere-schwachstellen-entdeckt-qnap-verschlaeft-patches-und-gelobt-besserung-2405-185415.html

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-apache.html

Security updates for Friday

Security updates have been issued by Fedora (chromium, libreoffice, and thunderbird), Red Hat (.NET 7.0, .NET 8.0, gdk-pixbuf2, git-lfs, glibc, python3, and xorg-x11-server-Xwayland), SUSE (firefox, opensc, and ucode-intel), and Ubuntu (cjson and gnome-remote-desktop).

https://lwn.net/Articles/974913/

Splunk Config Explorer vulnerable to cross-site scripting

https://jvn.jp/en/jp/JVN56781258/

WordPress Plugin "WP Booking" vulnerable to cross-site scripting

https://jvn.jp/en/jp/JVN35838128/

Exposed Serial Shell on multiple PLCs in Siemens CP-XXXX Series

https://sec-consult.com/vulnerability-lab/advisory/exposed-serial-shell-on-multiple-plcs-in-siemens-cp-xxxx-series/