End-of-Day report
Timeframe: Montag 02-06-2025 18:00 - Dienstag 03-06-2025 18:00
Handler: Felician Fuchs
Co-Handler: Guenes Holler
News
Malicious RubyGems pose as Fastlane to steal Telegram API data
Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data.
https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victims contacts list.
https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html
How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms
We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems. [..] A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms appeared first on Unit 42.
https://unit42.paloaltonetworks.com/comparing-llm-guardrails-across-genai-platforms/
Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims
North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer data. Explore the methods used by attackers and the wider impact on retail security.
https://hackread.com/cyberattacks-retailers-cartier-north-face-victims/
Inside RansomHub: Tactics, Targets, and What It Means for You
What is RansomHub ransomware? We dive into the groups TTPs, latest attacks and news, & mitigation strategies you should know in 2025.
https://www.bitsight.com/blog/guide-to-ransomhub-ransomware-2025
Vulnerabilities
Google stopft attackierte Lücke in Chrome
In der Javascript-Engine V8 von Google Chrome ermöglicht eine Schwachstelle Angreifern, außerhalb vorgesehener Speichergrenzen zu lesen und zu schreiben. Für diese Schwachstelle ist ein Exploit in freier Wildbahn aufgetaucht, sie wird daher offenbar bereits attackiert.
https://www.heise.de/news/Google-stopft-attackierte-Luecke-in-Chrome-10423201.html
Sicherheitsupdate: Vielfältige Attacken auf HPE StoreOnce möglich
Acht Softwareschwachstellen in der Backuplösung StoreOnce von HPE machen Systeme attackierbar. Darunter findet sich eine "kritische" Lücke. Über weitere Angriffe kann Schadcode auf PCs gelangen. Eine gegen mögliche Attacken geschützte Version steht ab sofort zum Download bereit.
https://www.heise.de/news/Sicherheitsupdate-Vielfaeltige-Attacken-auf-HPE-StoreOnce-moeglich-10423179.html
Angreifer können Roundcube Webmail mit Schadcode attackieren
Webadmins sollten ihre Roundcube-Webmail-Instanzen zeitnah auf den aktuellen Stand bringen. In aktuellen Ausgaben haben die Entwickler eine Sicherheitslücke geschlossen, über die Schadcode auf Systeme gelangen kann.
https://www.heise.de/news/Kritische-Schadcode-Luecke-bedroht-Roundcube-Webmail-10423965.html
Security updates for Tuesday
Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado).
https://lwn.net/Articles/1023625/
SVD-2025-0604: Third-Party Package Updates in Splunk Universal Forwarder - June 2025
https://advisory.splunk.com//advisories/SVD-2025-0604
SVD-2025-0603: Third-Party Package Updates in Splunk Enterprise - June 2025
https://advisory.splunk.com//advisories/SVD-2025-0603
SVD-2025-0602: Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade
https://advisory.splunk.com//advisories/SVD-2025-0602