End-of-Day report
Timeframe: Dienstag 03-06-2025 18:00 - Mittwoch 04-06-2025 18:00
Handler: Felician Fuchs
Co-Handler: n/a
News
Coinbase breach tied to bribed TaskUs support agents in India
A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.
https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/
Umgehung des Sandboxings: Meta und Yandex de-anonymisieren Android-Nutzer
Sicherheitsforscher decken eine Methode auf, mit der Meta und Yandex flüchtige Web-Identifikatoren in dauerhafte Nutzeridentitäten umgewandelt haben.
https://www.golem.de/news/umgehung-des-sandboxings-meta-und-yandex-de-anonymisieren-android-nutzer-2506-196807.html
The strange tale of ischhfd83: When cybercriminals eat their own
This investigation is a good example of how threats can be much more complex than they first appear. From an initial customer query about a new RAT, we uncovered a significant amount of backdoored GitHub repositories, containing multiple kinds of backdoors.
https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own/
Acreed infostealer poised to replace Lumma after global crackdown
The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said.
https://therecord.media/acreed-infostealer-arises-after-lumma-takedown
Angriffe laufen: Connectwise, Craft CMS und Asus-Router im Visier
Die CISA warnt vor Angriffen auf Sicherheitslecks in Connectwise ScreenConnect, Craft CMS und Asus-Router. Updates stehen bereit.
https://heise.de/-10424978
Vulnerabilities
Patchday Android: Angreifer können sich höhere Rechte verschaffen
Wichtige Sicherheitsupdates schließen mehrere Lücken in Android 13, 14 und 15. Angreifer attackieren Geräte mit Qualcomm-Prozessor.
https://www.heise.de/news/Patchday-Android-Angreifer-koennen-sich-hoehere-Rechte-verschaffen-10424643.html
Security updates for Wednesday
Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarchive, libsoup, libsoup2, libtasn1, libX11, libxml2, libxslt, orc, podman, python-Jinja2, python-requests, python3-setuptools, python310, python311, python39, rubygem-rack, sslh, SUSE Manager Client Tools, SUSE Manager Client Tools and Salt Bundle, ucode-intel, util-linux, and wget), and Ubuntu (libvpx, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-nvidia-tegra, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-aws-fips, linux-gcp-fips, linux-azure-fde, linux-fips, and linux-intel-iot-realtime, linux-realtime).
https://lwn.net/Articles/1023793/
ZDI-25-324: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-324/
ZDI-25-323: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-323/
ZDI-25-321: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-321/
Critical Vulnerability in multiple Mitsubishi Electric MELSEC iQ-F Series Products
https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03
Critical Vulnerability in Schneider Electric Wiser Home Automation
https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-01