October 2025 - Daily

Tageszusammenfassung - 31.10.2025
by Daily end-of-shift report 31 Oct '25

31 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-10-2025 18:00 − Freitag 31-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. --------------------------------------------- https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html ∗∗∗ Windows zero-day actively exploited to spy on European diplomats ∗∗∗ --------------------------------------------- A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-wind… ∗∗∗ Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks ∗∗∗ --------------------------------------------- The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. --------------------------------------------- https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.h… ∗∗∗ Massive surge of NFC relay malware steals Europeans’ credit cards ∗∗∗ --------------------------------------------- Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal peoples payment card information in the past few months. --------------------------------------------- https://www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-m… ∗∗∗ China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems ∗∗∗ --------------------------------------------- The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. --------------------------------------------- https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html ∗∗∗ Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack ∗∗∗ --------------------------------------------- A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said its tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. --------------------------------------------- https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html ∗∗∗ Proton trains new service to expose corporate infosec cover-ups ∗∗∗ --------------------------------------------- Service will tell on compromised organizations, even if they didnt plan on doing so themselves Some orgs would rather you not know when theyve suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light on the big breaches that might otherwise stay buried. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/30/proton_data_… ∗∗∗ Open VSX: Eclipse Foundation zieht Konsequenzen aus GlassWorm-Attacke ∗∗∗ --------------------------------------------- Die Eclipse Foundation hat ihren jüngsten Sicherheitsvorfall rund um Open VSX – den Open-Source-Marktplatz für VS-Code-Erweiterungen – aufgearbeitet. In den vergangenen Wochen war bekannt geworden, dass Zugangstokens versehentlich in öffentlichen Repositories gelandet waren. Ein Teil davon wurde missbraucht, um manipulierte Erweiterungen einzuschleusen. --------------------------------------------- https://www.heise.de/news/Open-VSX-Eclipse-Foundation-zieht-Konsequenzen-au… ∗∗∗ Hacking India’s largest automaker: Tata Motors ∗∗∗ --------------------------------------------- If you are in the US and ask your friends and family if they have heard of “Tata Motors”, they would likely say no. However, if you go overseas, Tata Motors and the Tata Group in general are a massive, well-known conglomerate. Back in 2023, I took my hacking adventures overseas and found many vulnerabilities with Tata Motors. This post covers 4 of the most impactful findings I discovered that I am finally ready to share today. Let’s dive in! --------------------------------------------- https://eaton-works.com/2025/10/28/tata-motors-hack/ ∗∗∗ Hacktivist ICS Attacks Target Canadian Critical Infrastructure ∗∗∗ --------------------------------------------- Canadian cybersecurity officials are warning that hacktivists are increasingly targeting critical infrastructure in the country. In an October 29 alert, the Canadian Centre for Cyber Security described three recent attacks on internet-accessible industrial control systems (ICS). --------------------------------------------- https://thecyberexpress.com/hacktivist-ics-attacks-canada/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty). --------------------------------------------- https://lwn.net/Articles/1044380/ ∗∗∗ ZDI-25-983: evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-983/ ∗∗∗ ZDI-25-982: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-982/ ∗∗∗ ZDI-25-980: Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-980/ ∗∗∗ ZDI-25-979: Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-979/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 30.10.2025
by Daily end-of-shift report 30 Oct '25

30 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-10-2025 18:00 − Donnerstag 30-10-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Kein Fix verfügbar: Milliarden von Webbrowsern lassen sich in Sekunden crashen ∗∗∗ --------------------------------------------- Eine bisher ungepatchte Sicherheitslücke betrifft Nutzer Chromium-basierter Browser. Die Software lässt sich sekundenschnell zum Absturz bringen. --------------------------------------------- https://www.golem.de/news/kein-fix-verfuegbar-milliarden-von-webbrowsern-la… ∗∗∗ GIMP: Manipulierte Bilder können Schadcode einschmuggeln ∗∗∗ --------------------------------------------- Die GIMP-Version 3.0.6 schließt einige hochriskante Sicherheitslücken. Angreifer können mit präparierten Bildern Malware einschleusen. --------------------------------------------- https://www.heise.de/news/Bildbarbeitung-GIMP-Version-3-0-6-schliesst-Codes… ∗∗∗ Sicherheitslücke: MOVEit Transfer ist für Attacken anfällig ∗∗∗ --------------------------------------------- Ein Patch schließt eine Schwachstelle in der Dateiübertragungssoftware MOVEit Transfer. --------------------------------------------- https://www.heise.de/news/Sicherheitsluecke-Angreifer-koennen-Dienst-von-MO… ∗∗∗ USA: Verkaufsverbot für TP-Link-Router wird immer wahrscheinlicher ∗∗∗ --------------------------------------------- Das US-Handelsministerium schlägt ein Verkaufsverbot für TP-Link-Router vor. Mehrere Bundesbehörden sehen ein Sicherheitsrisiko durch Verbindungen nach China. --------------------------------------------- https://www.heise.de/news/USA-Verkaufsverbot-fuer-TP-Link-Router-wird-immer… ∗∗∗ Security awareness: four pillars for staying safe online ∗∗∗ --------------------------------------------- TL;DR Introduction When it comes to being security aware, there are seemingly endless things you need to consider. Here are four key areas as a user you can focus on to keep yourself secure. --------------------------------------------- https://www.pentestpartners.com/security-blog/security-awareness-four-pilla… ∗∗∗ #5TageGegenDeepfakes: Kriminelle nutzen Deepfakes von Promis für Investmentscams ∗∗∗ --------------------------------------------- Einige Prominente genießen aufgrund ihrer Persönlichkeit eine hohe Vertrauenswürdigkeit. Kriminelle machen sich dies zunutze und erstellen Deepfakes der Promis, um sie betrügerische Investments bewerben zu lassen. --------------------------------------------- https://www.watchlist-internet.at/news/5tagegegendeepfakes-kriminelle-nutze… ∗∗∗ Former Trenchant exec pleads guilty to selling cyber exploits to Russian broker ∗∗∗ --------------------------------------------- The former executive sold the trade secrets to a Russian cyber-tools broker that “publicly advertises itself as a reseller of cyber exploits to various customers, including the Russian government,” according to the Department of Justice. --------------------------------------------- https://therecord.media/trenchant-exec-pleads-guilty-russia-secrets ∗∗∗ Cyber info sharing ‘holding steady’ despite lapse in CISA 2015, official says ∗∗∗ --------------------------------------------- The comments come roughly a month after the expiration of the 2015 Cybersecurity Information Sharing Act, which incentivized private entities to share threat data with the government with antitrust and liability safeguards. --------------------------------------------- https://therecord.media/cyber-info-sharing-holding-steady-official-says ∗∗∗ Russian Hackers Exploit Adaptix Pentesting Tool in Ransomware Attacks ∗∗∗ --------------------------------------------- Silent Push wars of Russian hackers exploiting Adaptix, a pentesting tool built for Windows, Linux, and macOS, in ransomware campaigns. --------------------------------------------- https://hackread.com/russian-hackers-adaptix-pentest-ransomware/ ∗∗∗ New Guidance Released on Microsoft Exchange Server Security Best Practices ∗∗∗ --------------------------------------------- Today, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices, a guide to help network defenders harden on-premises Exchange servers against exploitation .. at high risk of compromise. Best practices in this guide focus on hardening user --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/30/new-guidance-released-mi… ∗∗∗ Learnings from recent npm supply chain compromises ∗∗∗ --------------------------------------------- A look at recent npm supply chain compromises and how we can learn from them to better prepare for future incidents. --------------------------------------------- https://securitylabs.datadoghq.com/articles/learnings-from-recent-npm-compr… ∗∗∗ Vulnerabilities in LUKS2 disk encryption for confidential VMs ∗∗∗ --------------------------------------------- Trail of Bits is disclosing vulnerabilities in eight different confidential computing systems that use Linux Unified Key Setup version 2 (LUKS2) for disk encryption. Using these vulnerabilities, a malicious actor with access to storage disks can extract all confidential data stored on that disk and can modify the contents of the disk arbitrarily. The vulnerabilities are caused by malleable metadata headers that allow an attacker to trick a trusted execution environment guest into encrypting .. --------------------------------------------- https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encry… ===================== = Vulnerabilities = ===================== ∗∗∗ SVD-2025-1011: Third-Party Package Updates in Splunk Operator for Kubernetes Add-on - October 2025 ∗∗∗ --------------------------------------------- Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Operator for Kubernetes Add-on version 3.0.0 and higher. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-1011 ∗∗∗ SVD-2025-1010: Third-Party Package Updates in Splunk AppDynamics Analytics Agent - October 2025 ∗∗∗ --------------------------------------------- Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Analytics Agent version 25.7.0 and higher. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-1010 ∗∗∗ SVD-2025-1009: Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent - October 2025 ∗∗∗ --------------------------------------------- Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Private Synthetic Agent version 25.7.0 and higher. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-1009 ∗∗∗ SVD-2025-1008: Third-Party Package Updates in Splunk AppDynamics Machine Agent - October 2025 ∗∗∗ --------------------------------------------- Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Machine Agent version 25.7.0 and higher. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2025-1008 ∗∗∗ Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-114 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 29.10.2025
by Daily end-of-shift report 29 Oct '25

29 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-10-2025 18:00 − Mittwoch 29-10-2025 18:00 Handler: Alexander Riepl Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ How typosquatting tricked me (a bit) ∗∗∗ --------------------------------------------- Typosquatting is a popular method using similarly looking names to draw people into malicious content – such as phishing websites or fake software packages. It leverages our “brain optimization” that matches what we see with what we already know – even if it’s not exactly the same. I haven’t installed any shady software, but it’s still a good example how easily our brain could be used against us by utilizing our biases. --------------------------------------------- https://www.cert.at/en/blog/2025/10/how-typosquatting-tricked-me-a-bit ∗∗∗ Qilin ransomware abuses WSL to run Linux encryptors in Windows ∗∗∗ --------------------------------------------- The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qilin-ransomware-abuses-wsl-… ∗∗∗ Collins Aerospace: Mangelhafte Passwörter ermöglichten Nachrichten an Cockpits ∗∗∗ --------------------------------------------- Durch mangelhaften Zugriffsschutz bei Collins Aerospace ließen sich Nachrichten an Flugzeug-Cockpits schicken. --------------------------------------------- https://www.heise.de/news/Collins-Aerospace-Mangelhafte-Passwoerter-ermoegl… ∗∗∗ Aisuru Botnet Shifts from DDoS to Residential Proxies ∗∗∗ --------------------------------------------- Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts say a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users. --------------------------------------------- https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-resid… ∗∗∗ HTTPS by default ∗∗∗ --------------------------------------------- One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS. --------------------------------------------- http://security.googleblog.com/2025/10/https-by-default.html ∗∗∗ Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated October 28) ∗∗∗ --------------------------------------------- On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management. Microsoft's initial patch during the October Patch Tuesday did not fully address the flaw, necessitating an emergency out-of-band security update released Oct. 23, 2025. Within hours of the emergency update, Unit 42 and other security researchers observed active exploitation in the wild. The combination of a remotely exploitable, unauthenticated RCE in a core infrastructure service, coupled with observed active exploitation in the wild, represents a severe and time-sensitive risk. --------------------------------------------- https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/ ∗∗∗ Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack ∗∗∗ --------------------------------------------- We have discovered a new Windows-based malware family we've named Airstalk, which is available in both PowerShell and .NET variants. We assess with medium confidence that a possible nation-state threat actor used this malware in a likely supply chain attack. We have created the threat activity cluster CL-STA-1009 to identify and track any further related activity. --------------------------------------------- https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airsta… ∗∗∗ Cybersecurity on a budget: Strategies for an economic downturn ∗∗∗ --------------------------------------------- This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts. --------------------------------------------- https://blog.talosintelligence.com/cybersecurity-on-a-budget-strategies-for… ∗∗∗ Hackers Hijack Corporate XWiki Servers for Crypto Mining ∗∗∗ --------------------------------------------- Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. --------------------------------------------- https://hackread.com/hackers-hijack-xwiki-servers-crypto-mining/ ∗∗∗ iOS: Sicherheitsforscher warnen vor Third-Party-App-Store "Flekst0re" ∗∗∗ --------------------------------------------- Apple muss in der EU Konkurrenten zum iOS App Store zulassen. Flekst0re ist eines der Angebote, wobei es Sonderwege beschreitet. Das reißt Sicherheitslücken. --------------------------------------------- https://heise.de/-10961981 ∗∗∗ What We Talk About When We Talk About Sideloading ∗∗∗ --------------------------------------------- We recently published a blog post with our reaction to the new Google Developer Program and how it impacts your freedom to use the devices that you own in the ways that you want. The post garnered quite a lot of feedback and interest from the community and press, as well as various civil society groups and regulatory agencies. --------------------------------------------- https://f-droid.org/2025/10/28/sideloading.html ===================== = Vulnerabilities = ===================== ∗∗∗ BSI warnt vor Bind-Lücke: Daten unzähliger DNS-Server manipulierbar ∗∗∗ --------------------------------------------- In der weitverbreiteten DNS-Lösung Bind klafft eine gefährliche Sicherheitslücke, die es Angreifern ermöglicht, durch sogenanntes Cache-Poisoning DNS-Einträge zu manipulieren. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat eine Warnung herausgegeben (öffnet im neuen Fenster), laut der inzwischen auch ein Proof of Concept (PoC) zur Ausnutzung der Lücke im Netz kursiert. Admins sollten zügig handeln. --------------------------------------------- https://www.golem.de/news/exploit-code-verfuegbar-dns-eintraege-unzaehliger… ∗∗∗ Lücken gefährden Systeme mit IBMs Sicherheitslösungen Concert und QRadar SIEM ∗∗∗ --------------------------------------------- Angreifer können an mehreren Sicherheitslücken in IBM Concert und QRadar SIEM ansetzen. Patches sind verfügbar. --------------------------------------------- https://www.heise.de/news/Luecken-gefaehrden-Systeme-mit-IBMs-Sicherheitslo… ∗∗∗ Jetzt patchen! Attacken auf DELMIA Apriso beobachtet ∗∗∗ --------------------------------------------- Das Fertigungsmanagementtool DELMIA Apriso ist derzeit im Fokus von Angreifern. Sicherheitspatches stehen schon seit Sommer dieses Jahres zum Download bereit. --------------------------------------------- https://www.heise.de/news/Jetzt-patchen-Attacken-auf-DELMIA-Apriso-beobacht… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gimp, python-authlib, and xorg-server), Fedora (chromium and git-lfs), Mageia (poppler and tomcat), Red Hat (kernel, kernel-rt, redis, and redis:6), SUSE (fetchmail, grafana, ImageMagick, kernel-devel, libluajit-5_1-2, proxy-helm, python-Authlib, and xen), and Ubuntu (linux-intel-iotg, linux-intel-iotg-5.15 and squid, squid3). --------------------------------------------- https://lwn.net/Articles/1043983/ ∗∗∗ Ungeschützte NFC-Kartenmanipulation führt zu kostenloser Aufladung in GiroWeb Cashless Catering Solutions bei veralteter Kundeninfrastruktur ∗∗∗ --------------------------------------------- Bei Verwendung der GiroWeb Cashless Catering-Lösung mit älteren NFC-Karten kann das gespeicherte Kartenguthaben ohne Backend-Überprüfung geändert werden. Dieses Verhalten tritt auf, weil der Guthabenwert ausschließlich auf der Karte gespeichert ist. Der Anbieter hat erklärt, dass dieses Verhalten mit dem Design des spezifischen NFC-Kartentyps zusammenhängt und daher keine Schwachstelle in der Zahlungslösung selbst darstellt, sondern auf die unsicheren Karten zurückzuführen ist, die von seinen Kunden in älteren Umgebungen verwendet werden. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/ungeschuetzte-nfc-kar… ∗∗∗ ZDI-25-977: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-977/ ∗∗∗ ZDI-25-975: X.Org Server XkbSetCompatMap Numeric Truncation Error Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-975/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 28.10.2025
by Daily end-of-shift report 28 Oct '25

28 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Montag 27-10-2025 18:00 − Dienstag 28-10-2025 18:00 Handler: Alexander Riepl Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Google disputes false claims of massive Gmail data breach ∗∗∗ --------------------------------------------- Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-disputes-false-claims… ∗∗∗ Millionen Gmail-Passwörter gestohlen: Ist eures darunter? ∗∗∗ --------------------------------------------- Laut dem Cybersecurity-Experten Troy Hunt, der das Datenleck aufgedeckt hat, könnten 3,5 Terabyte an Daten betroffen sein. --------------------------------------------- https://futurezone.at/digital-life/gmail-passwoerter-datenleak-pwned-cybers… ∗∗∗ Ransomware: Immer weniger Unternehmen zahlen Hackern ein Lösegeld ∗∗∗ --------------------------------------------- Die Rentabilität von Ransomware-Attacken fällt. Nicht nur zahlen immer weniger Opfer das Lösegeld. Auch die Höhe der Zahlungen ist zuletzt stark gefallen. --------------------------------------------- https://www.golem.de/news/ransomware-immer-weniger-unternehmen-zahlen-hacke… ∗∗∗ Admin-Zugang gekapert: Insasse hackt Gefängnis-IT und macht Mithäftlinge reich ∗∗∗ --------------------------------------------- Aufgeflogen ist alles, weil Inhaftierte ihre Gier nicht im Griff hatten. Ein Millionenbetrag auf dem Konto eines Insassen ist dann doch etwas auffällig. --------------------------------------------- https://www.golem.de/news/admin-zugang-gekapert-insasse-hackt-gefaengnis-it… ∗∗∗ Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs ∗∗∗ --------------------------------------------- Kaspersky GReAT experts dive deep into the BlueNoroff APTs GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images. --------------------------------------------- https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117… ∗∗∗ BSI: Checkliste für Vorgehen bei geknackten Konten ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat zusammen mit dem Programm polizeiliche Kriminalprävention (ProPK) eine Checkliste veröffentlicht, die Privatanwendern helfen soll, wenn ihre Zugänge von Kriminellen übernommen wurden. --------------------------------------------- https://www.heise.de/news/BSI-Checkliste-fuer-Vorgehen-bei-geknackten-Konte… ∗∗∗ Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild ∗∗∗ --------------------------------------------- On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management. Microsoft's initial patch during the October Patch Tuesday did not fully address the flaw, necessitating an emergency out-of-band security update released Oct. 23, 2025. Within hours of the emergency update, Unit 42 and other security researchers observed active exploitation in the wild. --------------------------------------------- https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/ ∗∗∗ US declines to join more than 70 countries in signing UN cybercrime treaty ∗∗∗ --------------------------------------------- More than 70 countries signed the landmark UN Convention against Cybercrime in Hanoi this weekend, a significant step in the yearslong effort to create a global mechanism to counteract digital crime. --------------------------------------------- https://therecord.media/us-declines-signing-cybercrime-treaty ∗∗∗ Steigende Cyber-Attacken auf die Fertigungsindustrie ∗∗∗ --------------------------------------------- Die Fertigungsindustrie gerät wohl immer mehr ins Visier von Cyber-Kriminellen. Check Point Research stellt steigende Fallzahlen von Angriffen fest. Führungskräfte sollten sich mit diesem Trend auseinandersetzen, denn Cyber-Sicherheit ist kein exklusives Thema mehr, welches man seiner IT-Abteilung überlässt. --------------------------------------------- https://www.borncity.com/blog/2025/10/28/steigende-cyber-attacken-auf-die-f… ∗∗∗ Vulnerability Management – Process Perspective ∗∗∗ --------------------------------------------- In this post, we dive deeper into the HOW of vulnerability management. This post is dedicated to the processes to provide a comprehensive overview. --------------------------------------------- https://blog.nviso.eu/2025/10/28/vulnerability-management-process-perspecti… ∗∗∗ Keys to the Kingdom: A Defenders Guide to Privileged Account Monitoring ∗∗∗ --------------------------------------------- Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/privileged-account… ∗∗∗ Friends don’t let friends reuse IVs ∗∗∗ --------------------------------------------- If you’ve encountered cryptography software, you’ve probably heard the advice to never use an IV (initial value) twice—in fact, that’s where the other common name for that concept, nonce (number used once), comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key! But common knowledge may not cover every possible way to accidentally reuse nonces. Sometimes, the techniques that are supposed to prevent nonce reuse have subtle flaws. --------------------------------------------- https://blog.trailofbits.com/2024/09/13/friends-dont-let-friends-reuse-nonc… ===================== = Vulnerabilities = ===================== ∗∗∗ Docker Desktop: Windows-Installer für Ausführung von Schadcode anfällig ∗∗∗ --------------------------------------------- Der Windows-Installer von Docker Desktop lässt sich falsche DLLs unterschieben. Die Entwickler steuern mit einer aktualisierten Software-Version gegen. --------------------------------------------- https://www.heise.de/news/Docker-Desktop-Windows-Installer-fuer-Ausfuehrung… ∗∗∗ Proxmon Backup Server: Angreifer können Backup-Snapshots zerstören ∗∗∗ --------------------------------------------- Die Entwickler der Backuplösung Proxmon Backup Server haben Sicherheitslücken geschlossen. Bislang gibt es keine Berichte zu Attacken. --------------------------------------------- https://www.heise.de/news/Proxmon-Backup-Server-Angreifer-koennen-Backup-Sn… ∗∗∗ 100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin ∗∗∗ --------------------------------------------- On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. --------------------------------------------- https://www.wordfence.com/blog/2025/10/100000-wordpress-sites-affected-by-a… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, libtiff, squid:4, and thunderbird), Debian (strongswan and webkit2gtk), Fedora (pcre2, qt5-qtbase, squid, unbound, and xen), Mageia (icu and libtpms), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, squid:4, and thunderbird), Red Hat (libtiff, squid, squid:4, and webkit2gtk3), SUSE (cmake, dracut-saltboot, erlang, exim, expat, ffmpeg-4, firefox, golang-github-prometheus-alertmanager, haproxy, java-11-openjdk, kernel, libxslt, multi-linux-manager, openssl-3, podman, rabbitmq-server, spacewalk-web, strongswan, and wireshark), and Ubuntu (gst-plugins-good1.0, linux-aws-5.15, radare2, ruby2.3, ruby2.5, ruby2.7, and strongswan). --------------------------------------------- https://lwn.net/Articles/1043776/ ∗∗∗ Security Vulnerabilities fixed in Firefox 144.0.2, High impact ∗∗∗ --------------------------------------------- Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-86/ ∗∗∗ "ChatGPT Tainted Memories" Exploit Enables Command Injection in Atlas Browser ∗∗∗ --------------------------------------------- LayerX Security found a flaw in OpenAI’s ChatGPT Atlas browser that lets attackers inject commands into its memory, posing major security and phishing risks. --------------------------------------------- https://hackread.com/chatgpt-tainted-memories-atlas-browser/ ∗∗∗ CISA Releases Three Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released three Industrial Control Systems (ICS) Advisories: ICSA-25-301-01 Schneider Electric EcoStruxure, ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services and ICSA-24-352-04 Schneider Electric Modicon (Update B). --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/28/cisa-releases-three-indu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 27.10.2025
by Daily end-of-shift report 27 Oct '25

27 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-10-2025 18:00 − Montag 27-10-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New CoPhish attack steals OAuth tokens via Copilot Studio agents ∗∗∗ --------------------------------------------- A new phishing technique dubbed CoPhish weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-cophish-attack-steals-oa… ∗∗∗ Hackers steal Discord accounts with RedTiger-based infostealer ∗∗∗ --------------------------------------------- Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-steal-discord-accoun… ∗∗∗ Dringend patchen: Hacker attackieren Windows-Server über kritische WSUS-Lücke ∗∗∗ --------------------------------------------- Angreifer können unter anderem manipulierte Windows-Updates einschleusen und diese an Clients verteilen lassen. Admins sollten schnell handeln. --------------------------------------------- https://www.golem.de/news/dringend-patchen-windows-server-werden-ueber-wsus… ∗∗∗ Mem3nt0 mori – The Hacking Team is back! ∗∗∗ --------------------------------------------- Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks. --------------------------------------------- https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/ ∗∗∗ North Korea Has Stolen Billions in Cryptocurrency and Tech Firm Salaries, Report Says ∗∗∗ --------------------------------------------- The Associated Press reports that "North Korean hackers have pilfered billions of dollars" by breaking into cryptocurrency exchanges and by creating fake identities to get remote tech jobs at foreign companies — all orchestrated by the North Korean government to finance R&D on nuclear arms. Thats according to a new the 138-page report by a group watching .. --------------------------------------------- https://yro.slashdot.org/story/25/10/25/1246241/north-korea-has-stolen-bill… ∗∗∗ ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands ∗∗∗ --------------------------------------------- The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to .. --------------------------------------------- https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.h… ∗∗∗ Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack ∗∗∗ --------------------------------------------- The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in .. --------------------------------------------- https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.h… ∗∗∗ X says passkey reset isnt about a security issue – its to finally kill off twitter.com ∗∗∗ --------------------------------------------- Social media site dispatches crucial clarification days after curious announcement X (formerly Twitter) sparked security concerns over the weekend when it announced users must re-enroll their security keys by November 10 or face account lockouts — without initially explaining why. --------------------------------------------- https://www.theregister.com/2025/10/27/x_passkey_reset/ ∗∗∗ Collins Aerospace: Alte Passwörter und verzögerte Reaktion ermöglichen Datenklau ∗∗∗ --------------------------------------------- Neue Details zum Cyberangriff auf Collins Aerospace: Alte Passwörter ermöglichten Datenklau, wohl Millionen Passagierdaten betroffen – mehr als nur Ransomware. --------------------------------------------- https://www.heise.de/news/Collins-Aerospace-Alte-Passwoerter-und-verzoegert… ∗∗∗ Ubiquiti UniFi Access: Angreifer können sich unbefugt Zugriff verschaffen ∗∗∗ --------------------------------------------- In Ubiquitis UniFi Door Access klafft eine kritische Sicherheitslücke, die Angreifern unbefugten Zugriff ermöglicht. --------------------------------------------- https://www.heise.de/news/Ubiquiti-UniFi-Access-Angreifer-koennen-sich-unbe… ∗∗∗ Angreifer können Authentifizierung bei Dell Storage Manager umgehen ∗∗∗ --------------------------------------------- In einer aktuellen Version von Dells Storage Manager haben die Entwickler drei Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/news/Angreifer-koennen-Authentifizierung-bei-Dell-Stor… ∗∗∗ Schneider Electric Opfer der Oracle E-Business Suite 0-day Schwachstelle CVE-2025-61882 ∗∗∗ --------------------------------------------- Nutzer der Oracle Oracle E-Business Suite (EBS) werden seit Juli 2025 über eine erst am 4. Oktober 2025 gepatchte 0-day-Schwachstelle CVE-2025-61882 erfolgreich angegriffen. Inzwischen werden die Namen von Opfern bekannt. So ist .. --------------------------------------------- https://www.borncity.com/blog/2025/10/24/oracle-e-business-suite-0-day-schw… ∗∗∗ Distribution of Rhadamanthys Malware Disguised as a Game Developed with Ren’Py ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Infostealer malware Rhadamanthys is being distributed disguised as a game created with RenPy. RenPy is a game development tool based on Python that allows users to easily .. --------------------------------------------- https://asec.ahnlab.com/en/90767/ ∗∗∗ Uncovering Qilin attack methods exposed through multiple cases ∗∗∗ --------------------------------------------- Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. --------------------------------------------- https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-… ===================== = Vulnerabilities = ===================== ∗∗∗ Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/unauthenticated-local-fi… ∗∗∗ Potential Security Impact of ASP.NET Vulnerability on NetBak PC Agent ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-25-44 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 24.10.2025
by Daily end-of-shift report 24 Oct '25

24 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-10-2025 18:00 − Freitag 24-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Angriffe gegen Microsoft WSUS Installationen - Update verfügbar ∗∗∗ --------------------------------------------- Microsoft hat eine kritische Sicherheitslücke in Windows Server Update Service (WSUS) veröffentlicht, die es unauthentifizierten Angreifern ermöglicht, aus der Ferne beliebigen Code auf betroffenen Servern auszuführen. Die Schwachstelle entsteht durch unsichere Deserialisierung von nicht vertrauenswürdigen Daten in einem veralteten Serialisierungsmechanismus. Microsoft hatte hierzu bereits am 14. Oktober einen ersten Patch veröffentlicht. Dieser erwies sich allerdings als unzureichend und wurde nun außerplanmäßig nachgebessert. --------------------------------------------- https://www.cert.at/de/warnungen/2025/10/angriffe-gegen-microsoft-wsus-inst… ∗∗∗ Fake LastPass death claims used to breach password vaults ∗∗∗ --------------------------------------------- LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-u… ∗∗∗ 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation ∗∗∗ --------------------------------------------- A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. --------------------------------------------- https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.ht… ∗∗∗ APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign ∗∗∗ --------------------------------------------- A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. --------------------------------------------- https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html ∗∗∗ LockBit Returns — and It Already Has Victims ∗∗∗ --------------------------------------------- LockBit is back. After being disrupted in early 2024, the ransomware group has resurfaced and is already extorting new victims. --------------------------------------------- https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-vic… ∗∗∗ Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques ∗∗∗ --------------------------------------------- Trend Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/j/agenda-ransomware-deploys-li… ∗∗∗ Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X ∗∗∗ --------------------------------------------- New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil. --------------------------------------------- https://hackread.com/baohuo-android-malware-telegram-x-hijacks-accounts/ ∗∗∗ Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials ∗∗∗ --------------------------------------------- Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. The actor effectively uses social engineering to deliver malware and phishing kits, ultimately aiming to compromise high-value corporate accounts, in order to hijack digital advertising accounts. GTIG tracks parts of this activity as UNC6229. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/vietnamese-actors-… ===================== = Vulnerabilities = ===================== ∗∗∗ Atlassian Jira Data Center: Angreifer können Daten abgreifen ∗∗∗ --------------------------------------------- Sicherheitsupdates lösen IT-Sicherheitsprobleme in Atlassian Confluence Data Center und Jira Data Center. --------------------------------------------- https://www.heise.de/news/Atlassian-Jira-Data-Center-Angreifer-koennen-Date… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (webkit2gtk3), Debian (bind9, chromium, python-internetarchive, and tryton-sao), Fedora (dokuwiki and php-php81_bc-strftime), Mageia (firefox, nss & rootcerts and thunderbird), Slackware (openssl), SUSE (bleachbit, chromium, kernel, mozilla-nss, and python311-uv), and Ubuntu (fetchmail, golang-go.crypto, and linux-oracle-5.4). --------------------------------------------- https://lwn.net/Articles/1043235/ ∗∗∗ CISA Releases Eight Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released eight Industrial Control Systems (ICS) Advisories. ICSA-25-296-01 AutomationDirect Productivity Suite, ICSA-25-296-02 ASKI Energy ALS-Mini-S8 and ALS-Mini-S4, ICSA-25-296-03 Veeder-Root TLS4B Automatic Tank Gauge System, ICSA-25-296-04 Delta Electronics ASDA-Soft, ICSMA-25-296-01 NIHON KOHDEN Central Monitor CNS-6201, ICSA-25-037-02 Schneider Electric EcoStruxure (Update C), ICSA-24-116-02 Hitachi Energy MACH SCM (Update A), ICSA-25-259-01 Schneider Electric Altivar products, ATVdPAC module, ILC992 InterLink Converter (Update A). --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/23/cisa-releases-eight-indu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 23.10.2025
by Daily end-of-shift report 23 Oct '25

23 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-10-2025 18:00 − Donnerstag 23-10-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cache poisoning vulnerabilities found in 2 DNS resolving apps ∗∗∗ --------------------------------------------- The makers of BIND, the Internet’s most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to malicious destinations that are indistinguishable from the real ones. --------------------------------------------- https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-brin… ∗∗∗ BSI warnt: Laufende Angriffe gefährden fast 7.000 deutsche Firewalls ∗∗∗ --------------------------------------------- Die Anzahl anfälliger Watchguard-Firewalls geht bisher nur schleppend zurück. Jetzt schlägt das BSI Alarm und warnt vor laufenden Attacken. --------------------------------------------- https://www.golem.de/news/bsi-warnt-laufende-angriffe-gefaehrden-fast-7-000… ∗∗∗ Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw ∗∗∗ --------------------------------------------- E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. --------------------------------------------- https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html ∗∗∗ The Smishing Deluge: China-Based Campaign Flooding Global Text Messages ∗∗∗ --------------------------------------------- We are attributing an ongoing smishing (phishing via text message) campaign of fraudulent toll violation and package misdelivery notices to a group widely known as the Smishing Triad. Our analysis indicates this campaign is a significantly more extensive and complex threat than previously reported. Attackers have impersonated international services across a wide array of critical sectors. --------------------------------------------- https://unit42.paloaltonetworks.com/global-smishing-campaign/ ∗∗∗ Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks ∗∗∗ --------------------------------------------- A cyber-espionage group known as Bitter (APT-Q-37), widely thought to operate from South Asia, is using new, sneaky methods to install a malicious backdoor program on computers belonging to high-value targets. --------------------------------------------- https://hackread.com/bitter-apt-winrar-vulnerability-backdoor-attacks/ ∗∗∗ PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine ∗∗∗ --------------------------------------------- SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure. --------------------------------------------- https://hackread.com/phantomcaptcha-rat-attack-targets-ukraine/ ∗∗∗ North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets ∗∗∗ --------------------------------------------- Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. --------------------------------------------- https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücken: GitLab-Entwickler raten zu zügigem Update ∗∗∗ --------------------------------------------- Um GitLab-Instanzen gegen mögliche Angriffe zu schützen, sollten Admins die verfügbaren Sicherheitspatches zeitnah installieren. Geschieht das nicht, können Angreifer an sieben Sicherheitslücken ansetzen. --------------------------------------------- https://www.heise.de/news/Sicherheitsluecken-GitLab-Entwickler-raten-zu-zue… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (ipa, kernel, and thunderbird), Debian (gdk-pixbuf, gegl, gimp, intel-microcode, raptor2, request-tracker4, and request-tracker5), Fedora (samba and wireshark), Mageia (haproxy, nginx, openssl, and python-django), Oracle (kernel and thunderbird), Red Hat (redis and redis:7), Slackware (bind), SUSE (aws-cli, local-npm-registry, python-boto3, python- botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python- pytest-cov, python-pytest-html, python-pytest-metada, cargo-audit-advisory-db-20251021, fetchmail, git-bug, ImageMagick, istioctl, kernel, krb5, libsoup, libxslt, python-Authlib, and sccache), and Ubuntu (bind9, linux, linux-aws, linux-azure, linux-azure-6.8, linux-gcp, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-gcp-5.15, linux-gcp-6.8, linux-gke, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, and linux-realtime, linux-realtime-6.8). --------------------------------------------- https://lwn.net/Articles/1043027/ ∗∗∗ OpenWRT: Updates schließen Sicherheitslücken in Router-Betriebssystem ∗∗∗ --------------------------------------------- Im quelloffenen Linux-Betriebssystem OpenWRT haben die Entwickler zwei Sicherheitslücken geschlossen. Sie ermöglichen unter Umständen das Einschleusen und Ausführen von Schadcode sowie die Ausweitung von Rechten. Die Schwachstellen gelten als hochriskant. Wer OpenWRT einsetzt, sollte daher die aktualisierten Images installieren. --------------------------------------------- https://heise.de/-10811056 ∗∗∗ DSA-6030-1 intel-microcode - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2025/msg00196.html ∗∗∗ DSA-6031-1 request-tracker5 - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2025/msg00197.html ∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/22/cisa-adds-one-known-expl… ∗∗∗ CISA Adds Five Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/14/cisa-adds-five-known-exp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 22.10.2025
by Daily end-of-shift report 22 Oct '25

22 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-10-2025 18:00 − Mittwoch 22-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Sharepoint ToolShell attacks targeted orgs across four continents ∗∗∗ --------------------------------------------- Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sharepoint-toolshell-attacks… ∗∗∗ Russia Pivots, Cracks Down on Resident Hackers ∗∗∗ --------------------------------------------- Thanks to improving cybersecurity and law enforcement action from the West, Russias government is reevaluating which cybercriminals it wants to give safe haven from the law. --------------------------------------------- https://www.darkreading.com/threat-intelligence/russia-cracks-down-low-leve… ∗∗∗ Veraltete Chromium-Basis: Beliebte KI-Coding-IDEs gefährden Millionen Entwickler ∗∗∗ --------------------------------------------- Forscher schlagen Alarm: Die KI-Coding-IDEs Cursor und Windsurf enthalten eine uralte Chromium-Version mit mindestens 94 bekannten Sicherheitslücken. --------------------------------------------- https://www.golem.de/news/veraltete-chromium-basis-beliebte-ki-coding-ides-… ∗∗∗ Public Sector Ransomware Attacks Relentlessly Continue ∗∗∗ --------------------------------------------- In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping up, causing crippling service outages, massive data loss, reputational damage, public distrust, and financial harm. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/public-sect… ∗∗∗ Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware ∗∗∗ --------------------------------------------- Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian .. --------------------------------------------- https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.ht… ∗∗∗ Have I Been Pwned: 183 Millionen von Infostealern erbeutete Zugänge ergänzt ∗∗∗ --------------------------------------------- "Have I Been Pwned" sammelt veröffentlichte Zugangsdaten. Nun kamen 183 Millionen von Infostealern geklaute Konten hinzu. --------------------------------------------- https://www.heise.de/news/Have-I-Been-Pwned-183-Millionen-von-Infostealern-… ∗∗∗ Kritische Schadcode-Lücken bedrohen TP-Link Omada Gateways ∗∗∗ --------------------------------------------- Wichtige Sicherheitspatches schließen Schwachstellen in Omada Gateways. Netzwerkadmins sollten zügig handeln. --------------------------------------------- https://www.heise.de/news/Kritische-Schadcode-Luecken-bedrohen-TP-Link-Omad… ∗∗∗ Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign ∗∗∗ --------------------------------------------- Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments. --------------------------------------------- https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/ ∗∗∗ Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities ∗∗∗ --------------------------------------------- Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades… ∗∗∗ Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich ∗∗∗ --------------------------------------------- Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich. --------------------------------------------- https://heise.de/-10794033 ∗∗∗ Schwachstelle in Rust-Library für tar-Archive entdeckt ∗∗∗ --------------------------------------------- Die Library async-tar und ihre Forks enthalten eine als TARmageddon benannte Schwachstelle. Der am weitesten verbreitete Fork tokio-tar bekommt keinen Patch. --------------------------------------------- https://heise.de/-10793899 ∗∗∗ Prompt injection to RCE in AI agents ∗∗∗ --------------------------------------------- We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms. --------------------------------------------- https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agent… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (inih, mingw-exiv2, and mod_http2), SUSE (ffmpeg-4, kernel, libqt5-qtbase, protobuf, python-ldap, and python313), and Ubuntu (erlang, ffmpeg, linux, linux-aws, linux-gcp, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14, linux-azure-fips, linux-oracle-5.4, and linux-realtime-6.14). --------------------------------------------- https://lwn.net/Articles/1042911/ ∗∗∗ Multiple stored cross-site scripting vulnerabilities in Movable Type ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN24333679/ ∗∗∗ Oracle Critical Patch Update Advisory - October 2025 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/cpuoct2025.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 21.10.2025
by Daily end-of-shift report 21 Oct '25

21 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Montag 20-10-2025 18:00 − Dienstag 21-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques ∗∗∗ --------------------------------------------- Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses. --------------------------------------------- https://securelist.com/email-phishing-techniques-2025/117801/ ∗∗∗ Inside the attack chain: Threat activity targeting Azure Blob Storage ∗∗∗ --------------------------------------------- Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics. [..] Therefore, in this blog, we outline some of the unique threats associated with the data storage layer, including relevant stages of the attack chain for Blob Storage to connect these risks to actionable Azure Security controls and applicable security recommendations. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/10/20/inside-the-attack-… ∗∗∗ PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose. [..] There is evidence to suggest that the activity involving the malware may have started as far back as June 2023. --------------------------------------------- https://thehackernews.com/2025/10/polaredge-targets-cisco-asus-qnap.html ∗∗∗ Stop payroll diversion scams before they start ∗∗∗ --------------------------------------------- Scammers send emails to the payroll team in an attempt to change an unlucky employee’s banking details. They harvest LinkedIn for details about potential victims. --------------------------------------------- https://www.pentestpartners.com/security-blog/stop-payroll-diversion-scams-… ∗∗∗ GlassWorm – Self-Propagating VSCode Extension Worm ∗∗∗ --------------------------------------------- Seven OpenVSX extensions were compromised on October 17, 2025, with 35,800 total downloads, and ten extensions were still actively distributing malware two days later. [..] On October 19, a new infected extension was detected in Microsoft’s VSCode marketplace and it’s stiill active. --------------------------------------------- https://www.truesec.com/hub/blog/glassworm-self-propagating-vscode-extension ∗∗∗ Reducing abuse of Microsoft 365 Exchange Online’s Direct Send ∗∗∗ --------------------------------------------- Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Heres how to strengthen your defenses. --------------------------------------------- https://blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange… ∗∗∗ Sicherheitsleck in Dolby Digital Plus Decoder in Android, iOS, macOS und Windows ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Dolby Digital Plus Unified Decoder machte Android, iOS, macOS und Windows anfällig für Angriffe. Sie ermöglichte etwa Zero-Click-Attacken auf Android-Geräte. --------------------------------------------- https://heise.de/-10793034 ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisory CVE-2025-58147,CVE-2025-58148 / XSA-475 ∗∗∗ --------------------------------------------- A buggy or malicious guest can cause Denial of Service (DoS) affecting the entire host, information leaks, or elevation of privilege. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-475.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (.NET 8.0, firefox, kernel, kernel-rt, libssh, and perl-JSON-XS), Debian (ark and libphp-adodb), Fedora (chromium and gi-docgen), Mageia (quictls), Oracle (.NET 8.0, .NET 9.0, firefox, httpd, kernel, libsoup3, libssh, microcode_ctl, and webkit2gtk3), SUSE (go1.24, go1.25, krb5, python-ldap, and webkit2gtk3), and Ubuntu (gst-plugins-base1.0, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-intel-iot-realtime, linux-realtime, and python-ldap). --------------------------------------------- https://lwn.net/Articles/1042822/ ∗∗∗ Zahlreiche Schwachstellen in EfficientLab WorkExaminer Professional ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachste… ∗∗∗ Oxford Nanopore Technologies MinKNOW ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-294-01 ∗∗∗ Rockwell Automation Compact GuardLogix 5370 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-02 ∗∗∗ Rockwell Automation 1783-NATR ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-01 ∗∗∗ CloudEdge Online Cameras and App ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-05 ∗∗∗ Raisecomm RAX701-GC Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-06 ∗∗∗ Zyxel security advisory for post-authentication command injection and missing authorization vulnerabilities in ZLD firewalls ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 20.10.2025
by Daily end-of-shift report 20 Oct '25

20 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-10-2025 18:00 − Montag 20-10-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google ads for fake Homebrew, LogMeIn sites push infostealers ∗∗∗ --------------------------------------------- A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-ads-for-fake-homebrew… ∗∗∗ Fake-Shops, Phishing, Identitätsdiebstahl: „Die Bedrohungslage ist ernst“ ∗∗∗ --------------------------------------------- Eine Studie im Auftrag von A1 zeigt, dass vor allem junge Menschen ihre Kompetenz im Bereich Cybersecurity als gering einschätzen. --------------------------------------------- https://futurezone.at/digital-life/fake-shops-phishing-identitaetsdiebstahl… ∗∗∗ Internetanschluss: Millionen Balkonkraftwerke als Einfallstor für Hacker ∗∗∗ --------------------------------------------- 1,17 Millionen Balkonkraftwerke in Deutschland sind online - und damit verwundbar. Ein Sicherheitsexperte hat einige Sicherheitslücken gefunden. --------------------------------------------- https://www.golem.de/news/internetanschluss-millionen-balkonkraftwerke-als-… ∗∗∗ Russische Cyberkriminelle: Durchorganisiert und technisch spitze ∗∗∗ --------------------------------------------- Der russische Cyberuntergrund besitzt herausragende technische Fähigkeiten. Gruppen organisieren und vernetzen sich wie Unternehmen - doch es gibt Bruchlinien. --------------------------------------------- https://www.golem.de/news/russische-cyberkriminelle-durchorganisiert-und-te… ∗∗∗ Cyberangriff bei Auktionshaus Sothebys ∗∗∗ --------------------------------------------- Bei Sothebys kommen teuerste Kunst- und Luxusgegenstände unter den Hammer. Jetzt gerieten personenbezogene Daten in die Hände von Kriminellen. --------------------------------------------- https://www.heise.de/news/Cyberangriff-bei-Auktionshaus-Sotheby-s-10778385.… ∗∗∗ Moxa Router: Hartkodierte Zugangsdaten ermöglichen Angreifern Vollzugriff ∗∗∗ --------------------------------------------- Patches schließen mehrere Schwachstellen in Security Appliances und Routern von Moxa. Bislang gibt es keine Hinweise auf Attacken. --------------------------------------------- https://www.heise.de/news/Moxa-Router-Hartkodierte-Zugangsdaten-ermoegliche… ∗∗∗ Verschlüsselnde USB-Sticks von Verbatim bleiben unsicher ∗∗∗ --------------------------------------------- Die Keypad-Datenträger von Verbatim sollen Daten vor Diebstahl schützen. Das funktioniert allerdings auch nach Firmware-Updates nicht zuverlässig. --------------------------------------------- https://www.heise.de/news/Verschluesselnde-USB-Sticks-von-Verbatim-bleiben-… ∗∗∗ #10TageGegenPhishing: Achtung Telefonbetrug! So gehen die Kriminellen vor ∗∗∗ --------------------------------------------- Immer wieder versuchen Kriminelle, Menschen am Telefon zu täuschen. Dabei geben sie sich als Mitarbeiter:innen von Banken oder bekannten Unternehmen wie Microsoft, PayPal, Amazon oder Apple aus. Ziel ist es, an sensible Daten, Zugänge oder direkt an Geld zu gelangen. --------------------------------------------- https://www.watchlist-internet.at/news/10tage-telefonbetrug/ ∗∗∗ #10TageGegenPhishing: Der „Recovery Scam“ nimmt frühere Opfer erneut ins Visier ∗∗∗ --------------------------------------------- Wenn Kriminelle sich direkt mit dem Versprechen an ehemalige Opfer wenden, gestohlenes Geld oder Krypto-Guthaben zurückzuholen, spricht man von Recovery Scam. Die Betrüger:innen geben sich dabei als Behörde, Agentur oder eine ähnliche Institution aus. Für die Auswahl ihrer Ziele greifen sie auch auf ihre eigenen Datenbanken zurück. --------------------------------------------- https://www.watchlist-internet.at/news/10tage-recovery-scam/ ∗∗∗ Peking schlägt Alarm: US-Spionage bei chinesischer Forschungseinrichtung ∗∗∗ --------------------------------------------- Chinas Staatssicherheitsdienst wirft der NSA monatelange Cyberangriffe auf das Nationale Zeitdienstzentrum vor --------------------------------------------- https://www.derstandard.at/story/3000000292602/peking-schlaegt-alarm-us-spi… ∗∗∗ SAP behebt schwerwiegende Sicherheitslücken in mehreren Produkten ∗∗∗ --------------------------------------------- Im Rahmen des regulären Oktober-Patchday hat SAP insgesamt 13 Updates für Schwachstellen in seinen Produkten veröffentlicht. Besonders hervorzuheben sind dabei folgende Lücken: CVE-2025-42944, CVSS 10.0, ist eine Deserialization in SAP NetWeaver, mittels welcher unauthentifizierte Angreifer:innen betroffene Systeme vollständig kompromittieren können. Dieses Problem wurde bereits im vergangenen Monat durch SAP adressiert, laut Sicherheitsforscher:innen bietet das .. --------------------------------------------- https://www.cert.at/de/aktuelles/2025/10/sap-behebt-schwerwiegende-sicherhe… ∗∗∗ She Sells Web Shells by the Seashore (Part III) ∗∗∗ --------------------------------------------- The web shell starts by initializing a PHP session[1]: if the session already exists, the variables are retrieved in the dictionary $_SESSION, .. --------------------------------------------- https://www.truesec.com/hub/blog/she-sells-web-shells-by-the-seashore-part-… ∗∗∗ KI-Angriffsmethode "Lies-in-the-Loop" ∗∗∗ --------------------------------------------- Schritt für Schritt werden immer mehr Angriffsmethoden für AI-Modelle entdeckt bzw. bekannt. Das Research Team Checkmarx Zero hat eine neue Angriffsmethode gegen KI-Agenten identifiziert, die mit Human-in-the-Loop-Mechanismen arbeiten: Die Researcher sprechen von "Lies-in-the-Loop" (LITL). Die Information liegt .. --------------------------------------------- https://www.borncity.com/blog/2025/10/18/ki-angriffsmethode-lies-in-the-loo… ∗∗∗ To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER ∗∗∗ --------------------------------------------- COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy advisors and dissidents, swiftly shifted operations after the May 2025 public disclosure of its LOSTKEYS malware, operationalizing new malware families five days later. It is unclear how long COLDRIVER had this malware in .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/new-malware-russia… ∗∗∗ 131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store ∗∗∗ --------------------------------------------- This cluster of Chrome extensions comprises 131 rebrands of a single tool, all sharing the same codebase, design patterns, and infrastructure. They are not classic malware, but they function as high-risk spam automation that abuses platform rules. The code injects directly into the WhatsApp Web page, running alongside WhatsApp’s own scripts, .. --------------------------------------------- https://socket.dev/blog/131-spamware-extensions-targeting-whatsapp-flood-ch… ∗∗∗ Lessons from the BlackBasta Ransomware Attack on Capita ∗∗∗ --------------------------------------------- When a company that manages data for millions of UK citizens falls victim to ransomware, the whole industry should pay attention to it. On 15 October 2025, the UK Information Commissioner’s Office (ICO) published a detailed 136 page report about the Capita breach. The aim of this blog is to extract actionable cybersecurity lessons .. --------------------------------------------- https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick, incus, lxd, pgagent, svgpp, and sysstat), Fedora (chromium, complyctl, fetchmail, firefox, mbedtls, mingw-binutils, mingw-python3, mingw-qt5-qtsvg, mingw-qt6-qtsvg, python3.10, python3.11, python3.12, python3.9, runc, and suricata), Mageia (expat), Red Hat (firefox, kernel, qt5-qtbase, and qt6-qtbase), Slackware (stunnel), SUSE (chromium, coredns, ctdb, firefox, kernel, libexslt0, libpoppler-cpp2, ollama, openssl-1_1, pam, samba, .. --------------------------------------------- https://lwn.net/Articles/1042680/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 17.10.2025
by Daily end-of-shift report 17 Oct '25

17 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-10-2025 18:00 − Freitag 17-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft: Office 2016 and Office 2019 have reached end of support ∗∗∗ --------------------------------------------- Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-o… ∗∗∗ Hackers exploit Cisco SNMP flaw to deploy rootkit on switches ∗∗∗ --------------------------------------------- Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-f… ∗∗∗ Post-exploitation framework now also delivered via npm ∗∗∗ --------------------------------------------- The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. --------------------------------------------- https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/ ∗∗∗ A Surprising Amount of Satellite Traffic Is Unencrypted ∗∗∗ --------------------------------------------- We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls .. --------------------------------------------- https://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satel… ∗∗∗ Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign ∗∗∗ --------------------------------------------- Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were "used in fake Teams setup files to .. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html ∗∗∗ Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code.The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is .. --------------------------------------------- https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.ht… ∗∗∗ Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks ∗∗∗ --------------------------------------------- Networking software company F5 disclosed a long-term breach of its systems this week. The fallout could be severe. --------------------------------------------- https://www.wired.com/story/f5-hack-networking-software-big-ip/ ∗∗∗ Cyberkriminelle erbeuten Kundendaten von Modekonzern Mango ∗∗∗ --------------------------------------------- Kundendaten von Mango geklaut – jetzt warnt der Modekonzern vor gefälschten E-Mails und Anrufen. Was Betroffene jetzt wissen müssen. --------------------------------------------- https://www.heise.de/news/Cyberkriminelle-erbeuten-Kundendaten-von-Modekonz… ∗∗∗ IP-Telefonie: Cisco und Ubiquiti stellen Sicherheits-Updates bereit ∗∗∗ --------------------------------------------- Aktualisierungen für Ubiquitis UniFi Talk sowie für mehrere IP-Telefonserien von Cisco schließen Sicherheitslücken mit "High"-Einstufung. --------------------------------------------- https://www.heise.de/news/IP-Telefonie-Cisco-und-Ubiquiti-stellen-Sicherhei… ∗∗∗ Email Bombs Exploit Lax Authentication in Zendesk ∗∗∗ --------------------------------------------- Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. --------------------------------------------- https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-… ∗∗∗ Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities ∗∗∗ --------------------------------------------- A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others. --------------------------------------------- https://unit42.paloaltonetworks.com/nation-state-threat-actor-steals-f5-sou… ∗∗∗ A review of the “Concluding report of the High-Level Group on access to data for effective law enforcement” ∗∗∗ --------------------------------------------- As I’ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a “High-Level Group on access to data for effective .. --------------------------------------------- https://www.cert.at/en/blog/2025/10/hlg-paper-review ∗∗∗ European police bust network selling thousands of phone numbers to scammers ∗∗∗ --------------------------------------------- Authorities raided a "SIM farm" operation that used tens of thousands of cards to enable fraud in several European countries, including Latvia and Austria. --------------------------------------------- https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia ∗∗∗ .NET Security Group: Partnerunternehmen erhalten frühzeitig Security-Patches ∗∗∗ --------------------------------------------- Unternehmen mit eigener .NET-Distribution können der bestehenden Sicherheitsgruppe beitreten und frühzeitig Patches für Sicherheitslücken einbinden. --------------------------------------------- https://heise.de/-10773932 ∗∗∗ How I Almost Got Hacked By A Job Interview ∗∗∗ --------------------------------------------- I was 30 seconds away from running malware on my machine. The attack vector? A fake coding interview from a "legitimate" blockchain company. Here's how a sophisticated scam operation almost got me, and why every developer needs to read this. --------------------------------------------- https://blog.daviddodda.com/how-i-almost-got-hacked-by-a-job-interview ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and libssh), Debian (firefox-esr and pgpool2), Mageia (varnish & lighttpd), Red Hat (python3, python3.11, python3.12, python3.9, and python39:3.9), SUSE (expat, gstreamer-plugins-rs, kernel, openssl1, pgadmin4, python311-ldap, and squid), and Ubuntu (dotnet8, dotnet9, dotnet10 and mupdf). --------------------------------------------- https://lwn.net/Articles/1042452/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 16.10.2025
by Daily end-of-shift report 16 Oct '25

16 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-10-2025 18:00 − Donnerstag 16-10-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Fake LastPass, Bitwarden breach alerts lead to PC hijacks ∗∗∗ --------------------------------------------- An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-brea… ∗∗∗ LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets ∗∗∗ --------------------------------------------- An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. --------------------------------------------- https://thehackernews.com/2025/10/linkpro-linux-rootkit-uses-ebpf-to-hide.h… ∗∗∗ Scammers are still sending us their fake Robinhood security alerts ∗∗∗ --------------------------------------------- A short while ago, our friends at Malwaretips wrote about a text scam impersonating Robinhood, a popular US-based investment app that lets people trade stocks and cryptocurrencies. The scam warns users about supposed “suspicious activity” on their accounts. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/10/scammers-are-still-sending-u… ∗∗∗ BeaverTail and OtterCookie evolve with a new Javascript module ∗∗∗ --------------------------------------------- Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea. --------------------------------------------- https://blog.talosintelligence.com/beavertail-and-ottercookie/ ∗∗∗ GreyNoise’s Recent Observations Around F5 ∗∗∗ --------------------------------------------- Amid the security incident involving F5 BIG-IP announced on 15 October 2025, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. --------------------------------------------- https://www.greynoise.io/blog/recent-observations-around-f5 ∗∗∗ DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains ∗∗∗ --------------------------------------------- Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and facilitate cryptocurrency theft, the first time GTIG has observed a nation-state actor adopting this method. This post is part of a two-part blog series on adversaries using EtherHiding, a technique that leverages transactions on public blockchains to store and retrieve malicious payloads—notable for its resilience against conventional takedown and blocklisting efforts. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherh… ∗∗∗ yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) ∗∗∗ --------------------------------------------- Today is the 8th of November 1996, and we’re thrilled to be exploring this new primitive we call Stack-based Buffer Overflows. It’s a great time to be alive, especially because we don’t have to deal with any of the pain of modern/not-so-modern mitigations. Oh no, wait, it’s 2025 and we are still seeing Stack-based Buffer Overflows in enterprise-grade appliances, and of course, lacking mainstream exploit mitigations. --------------------------------------------- https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds… ∗∗∗ US-Forscher belauschen unverschlüsselte Satellitenkommunikation ∗∗∗ --------------------------------------------- US-Forscher haben mit handelsüblicher Ausrüstung den Datenverkehr über Satelliten untersucht. Viele, auch sicherheitsrelevante Daten waren unverschlüsselt. --------------------------------------------- https://heise.de/-10767623 ∗∗∗ Handy-Spionage mit SS7: Tausende Opfer wurden wohl ausgespäht ∗∗∗ --------------------------------------------- Ein österreichisch-indonesisches Unternehmen bietet die Überwachung von Mobilfunkkunden an. Malware ist dafür nicht nötig, aber weitreichender Netzzugriff. --------------------------------------------- https://heise.de/-10767347 ===================== = Vulnerabilities = ===================== ∗∗∗ Gladinet fixes actively exploited zero-day in file-sharing software ∗∗∗ --------------------------------------------- Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gladinet-fixes-actively-expl… ∗∗∗ Chrome, Firefox und Thunderbird: Updates beseitigen potenzielle Einfallstore ∗∗∗ --------------------------------------------- Sowohl für Mozillas Firefox und Thunderbird als auch für Googles Chrome-Browser gibt es Aktualisierungen. Kritische Schwachstellen wurden nicht geschlossen – wohl aber einige Lücken mit "High"-Einstufung, die Cybergangster ausnutzen könnten. --------------------------------------------- https://www.heise.de/news/Chrome-Firefox-und-Thunderbird-Updates-beseitigen… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and libsoup3), Debian (chromium and firefox-esr), Fedora (httpd), Oracle (cups, ImageMagick, kernel, and vim), Red Hat (libssh), Slackware (samba), SUSE (alloy, exim, firefox-esr, ImageMagick, kernel, libcryptopp-devel, libQt6Svg6, libsoup-3_0-0, libtiff-devel-32bit, lsd, python3-gi-docgen, python311-Authlib, qt6-base, samba, and squid), and Ubuntu (ffmpeg, linux-oracle-6.8, redict, redis, samba, and subversion). --------------------------------------------- https://lwn.net/Articles/1042330/ ∗∗∗ CVE-2025-55315: Microsoft kills 9.9-rated ASP.NET Core bug – our highest ever score ∗∗∗ --------------------------------------------- Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/16/microsoft_as… ∗∗∗ Samba bei bestimmter Konfiguration über kritische Lücke angreifbar ∗∗∗ --------------------------------------------- Bei aktiviertem WINS-Support können Angreifer unter bestimmten Voraussetzungen Befehle aus der Ferne ausführen. Es gibt wichtige Patches und einen Workaround. --------------------------------------------- https://heise.de/-10773288 ∗∗∗ Open PLC and Planet vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. --------------------------------------------- https://blog.talosintelligence.com/open-plc-and-planet-vulnerabilities/ ∗∗∗ Phoenix Contact CHARX SEC-3xxx vulnerable to code injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN42282226/ ∗∗∗ Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco IOS XE Software Secure Boot Bypass Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ K000156944: Intel vulnerability CVE-2025-20093 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000156944 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 15.10.2025
by Daily end-of-shift report 15 Oct '25

15 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-10-2025 18:00 − Mittwoch 15-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ F5 says hackers stole undisclosed BIG-IP flaws, source code ∗∗∗ --------------------------------------------- U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-u… ∗∗∗ Exploit-as-a-Service Resurgence in 2025 – Broker Models, Bundles & Subscription Access ∗∗∗ --------------------------------------------- Exploit-as-a-Service in 2025: how exploit brokerages, subscription bundles, and underground access models are reshaping cyber crime economics. --------------------------------------------- https://www.darknet.org.uk/2025/10/exploit-as-a-service-resurgence-in-2025-… ∗∗∗ Microsoft: Exchange 2016 and 2019 have reached end of support ∗∗∗ --------------------------------------------- Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and… ∗∗∗ Microsoft signalisiert Windows 10 21H2 Enterprise LTSC als EOL ∗∗∗ --------------------------------------------- Kurze Information an Besitzer bzw. Administratoren von Windows 10 21H2 Enterprise LTSC (und natürlich der IoT-Version). Administratoren dieser Maschinen erhalten (fälschlich) die Information angezeigt, dass der Support für diese Version nun ende. --------------------------------------------- https://www.borncity.com/blog/2025/10/15/mega-pleite-microsoft-signalisiert… ∗∗∗ Oops! Its a kernel stack use-after-free: Exploiting NVIDIAs GPU Linux drivers ∗∗∗ --------------------------------------------- This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. [..] They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025. --------------------------------------------- http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html ∗∗∗ Credential Attacks Detected on SonicWall SSLVPN Devices ∗∗∗ --------------------------------------------- A managed security services provider has detected credential attacks on SonicWall SSLVPN devices. The attacks, reported by Huntress, involve “widespread compromise” of SonicWall SSLVPN devices. [..] The report follows a SonicWall advisory that an unauthorized party had accessed firewall configuration backup files for all SonicWall customers who have used the company’s cloud backup service. --------------------------------------------- https://thecyberexpress.com/credential-attacks-on-sonicwall-sslvpn-devices/ ∗∗∗ Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces ∗∗∗ --------------------------------------------- Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions. This occurred across both the VSCode and Open VSX marketplaces, the latter of which is used by AI-powered VSCode forks like Cursor and Windsurf. Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself. [..] An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base. --------------------------------------------- https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces ∗∗∗ LinkPro: eBPF rootkit analysis ∗∗∗ --------------------------------------------- eBPF (extended Berkeley Packet Filter) is a technology adopted in Linux for its numerous use cases (observability, security, networking, etc.) and its ability to run in the kernel context while being orchestrated from user space. Threat actors are increasingly abusing it to create sophisticated backdoors and evade traditional system monitoring tools. --------------------------------------------- https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis.html ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday XXL: Microsoft schließt teils aktiv attackierte Schwachstellen ∗∗∗ --------------------------------------------- Mit mehr als 170 geschlossenen Sicherheitslücken ist Microsofts Patchday diesen Monat überdurchschnittlich umfangreich ausgefallen. Gleich 17 Fixes für kritische Lücken stehen unter anderem für Azure, Copilot, Office sowie den Windows Server Update Service (WSUS) bereit. Überdies machen drei aktiv angegriffene Schwachstellen mit "Important"-Einstufung das (bestenfalls automatische) Einspielen der verfügbaren Updates besonders dringlich. --------------------------------------------- https://heise.de/-10764876 ∗∗∗ Patchday: Adobe schließt kritische Lücken in mehreren Produkten ∗∗∗ --------------------------------------------- Gefährliche Lücken stecken unter anderem in Substance 3D Stager, Connect, Dimension und Illustrator. Aktuelle Security-Fixes schließen sie. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-schliesst-kritische-Luecken-in-meh… ∗∗∗ Fortinet aktualisiert unter anderem FortiOS, FortiPAM und FortiSwitch Manager ∗∗∗ --------------------------------------------- Mit dem Schweregrad "High" bewertet wurden Schwachstellen in FortiOS, FortiPAM, FortiSwitch Manager, FortiDLP, Fortilsolator sowie im FortiClient Mac. [..] Zur unbefugten Ausführung von Systembefehlen per Kommandozeile könnten lokale, authentifizierte Angreifer die Schwachstelle CVE-2025-58325 ("Restricted CLI command bypass"; CVSS-Score 7.8) missbrauchen. --------------------------------------------- https://www.heise.de/news/Fortinet-aktualisiert-unter-anderem-FortiOS-Forti… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, vim, and webkit2gtk3), Debian (distro-info-data, https-everywhere, and php-horde-css-parser), Fedora (inih, mingw-exiv2, mirrorlist-server, rust-maxminddb, rust-monitord-exporter, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, and rust-protobuf-support), Mageia (fetchmail), Oracle (gnutls, kernel, vim, and webkit2gtk3), Red Hat (kernel, kernel-rt, and webkit2gtk3), Slackware (mozilla), SUSE (curl, libxslt, and net-tools), and Ubuntu (linux-azure-5.15, linux-azure-6.8, linux-azure-fips, linux-oracle, linux-oracle-6.14, and linux-raspi). --------------------------------------------- https://lwn.net/Articles/1042076/ ∗∗∗ Google Chrome: Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desk… ∗∗∗ Rockwell Automation 1715 EtherNet/IP Comms Module ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-287-01 ∗∗∗ F5: K000156572: Quarterly Security Notification (October 2025) ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000156572 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 14.10.2025
by Daily end-of-shift report 14 Oct '25

14 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Montag 13-10-2025 18:00 − Dienstag 14-10-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers can steal 2FA codes and private messages from Android phones ∗∗∗ --------------------------------------------- Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. --------------------------------------------- https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-ha… ∗∗∗ Chinese hackers abuse geo-mapping tool for year-long persistence ∗∗∗ --------------------------------------------- Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-ma… ∗∗∗ Secure Boot bypass risk on nearly 200,000 Linux Framework sytems ∗∗∗ --------------------------------------------- Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-n… ∗∗∗ Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. --------------------------------------------- https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html ∗∗∗ npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels ∗∗∗ --------------------------------------------- Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. --------------------------------------------- https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Weiterer Notfall-Patch für Oracle E-Business Suite ∗∗∗ --------------------------------------------- Oracle hat ein weiteres außerplanmäßiges Update für die E-Business Suite veröffentlicht. Einer Sicherheitswarnung zufolge lässt sich eine Sicherheitslücke mit der Kennung CVE-2025-61884(öffnet im neuen Fenster) aus der Ferne und ohne Authentifizierung ausnutzen. Angreifer erhalten unter Umständen Zugriff auf vertrauliche Ressourcen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-weiterer-notfall-patch-fuer-ora… ∗∗∗ SAP-Patchday im Oktober behebt mehrere kritische Schwachstellen ∗∗∗ --------------------------------------------- Jetzt updaten: Unter anderem stehen wichtige Sicherheitsupdates und -hinweise für NetWeaver, Print Service und Supplier Relationship Management bereit. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-im-Oktober-behebt-mehrere-kritische-… ∗∗∗ Jetzt patchen: Veeam Backup & Replication anfällig für Remote Code Execution ∗∗∗ --------------------------------------------- Ein frisch veröffentlichter Patch schützt Veeams Backup-Lösung gleich zweimal vor Codeausführung aus der Ferne. Auch der Agent für Windows wurde abgesichert. --------------------------------------------- https://www.heise.de/news/Jetzt-patchen-Veeam-Backup-Replication-anfaellig-… ∗∗∗ Totgeglaubter Internet Explorer wird zur Sicherheitslücke: Microsoft reagiert ∗∗∗ --------------------------------------------- Nach aktiven Angriffen hat Microsoft den Internet-Explorer-Modus in Edge drastisch eingeschränkt. Angreifer nutzten sogar Zero-Days für Systemübernahmen. --------------------------------------------- https://www.heise.de/news/Gefahr-aus-dem-Grab-Microsoft-verbuddelt-IE-noch-… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript and libfcgi), Fedora (qt5-qtsvg), Red Hat (kernel, perl-FCGI, perl-FCGI:0.78, and vim), SUSE (bluez, curl, podman, postgresql14, python-xmltodict, and udisks2), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-fips, linux-oracle, and subversion). --------------------------------------------- https://lwn.net/Articles/1041886/ ∗∗∗ Ivanti: October 2025 Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/october-2025-security-update -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 13.10.2025
by Daily end-of-shift report 13 Oct '25

13 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-10-2025 18:01 − Montag 13-10-2025 18:00 Handler: Felician Fuchs Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Oracle releases emergency patch for new E-Business Suite flaw ∗∗∗ --------------------------------------------- Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-pa… ∗∗∗ Windows 11 23H2 Home and Pro reach end of support in 30 days ∗∗∗ --------------------------------------------- Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pr… ∗∗∗ Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks ∗∗∗ --------------------------------------------- In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks. --------------------------------------------- https://www.darkreading.com/cybersecurity-operations/chinese-hackers-veloci… ∗∗∗ New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims PCs ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. --------------------------------------------- https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.h… ∗∗∗ Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. --------------------------------------------- https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html ∗∗∗ Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor ∗∗∗ --------------------------------------------- Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users devices. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html ∗∗∗ Invoicely Database Leak Exposes 180,000 Sensitive Records ∗∗∗ --------------------------------------------- Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide. --------------------------------------------- https://hackread.com/invoicely-database-leak-expose-sensitive-records/ ∗∗∗ 100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure ∗∗∗ --------------------------------------------- Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in the United States. --------------------------------------------- https://www.greynoise.io/blog/botnet-launches-coordinated-rdp-attack-wave ∗∗∗ Kundendaten von Qantas im Netz – auch die von Troy Hunt ∗∗∗ --------------------------------------------- Im Juli erbeuteten Angreifer wichtige Daten bei der australischen Airline. Noch ist nicht klar, was davon jetzt im Netz kursiert. --------------------------------------------- https://heise.de/-10750869 ∗∗∗ Critical GitHub Copilot Vulnerability Leaks Private Source Code ∗∗∗ --------------------------------------------- In June 2025, I found a critical vulnerability in GitHub Copilot Chat (CVSS 9.6) that allowed silent exfiltration of secrets and source code from private repos, and gave me full control over Copilot’s responses, including suggesting malicious code or links. --------------------------------------------- https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnera… ∗∗∗ North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads ∗∗∗ --------------------------------------------- The Contagious Interview operation continues to weaponize the npm registry with a repeatable playbook. Since our July 14, 2025 update, we have identified and analyzed more than 338 malicious packages with over 50,000 cumulative downloads. --------------------------------------------- https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malic… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#538470: Clevo UEFI firmware embedded BootGuard keys compromising Clevos implementation of BootGuard ∗∗∗ --------------------------------------------- Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot UEFI environment on systems where Clevo’s implementation has been adopted. --------------------------------------------- https://kb.cert.org/vuls/id/538470 ∗∗∗ Oracle Security Alert for CVE-2025-61884 - 11 October 2025 ∗∗∗ --------------------------------------------- This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources. --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (compat-libtiff3, iputils, kernel, open-vm-tools, and vim), Debian (asterisk, ghostscript, kernel, linux-6.1, and tiff), Fedora (cef, chromium, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildx, log4cxx, mingw-poppler, openssl, podman-tui, prometheus-podman-exporter, python-socketio, python3.10, python3.11, python3.12, python3.9, skopeo, and valkey), Mageia (open-vm-tools), Red Hat (compat-libtiff3, kernel, kernel-rt, vim, and webkit2gtk3), and SUSE (distrobuilder, docker-stable, expat, forgejo, forgejo-longterm, gitea-tea, go1.25, haproxy, headscale, open-vm-tools, openssl-3, podman, podofo, ruby3.4-rubygem-rack, and weblate). --------------------------------------------- https://lwn.net/Articles/1041779/ ∗∗∗ Two High Checkmk advisories released ∗∗∗ --------------------------------------------- SBAResearch published the following advisories for checkmk: SBA-ADV-20250724-01: Checkmk Agent Privilege Escalation via Insecure Temporary Files, SBA-ADV-20250730-01: Checkmk Path Traversal. --------------------------------------------- https://github.com/sbaresearch/advisories/commit/e84ca741ae34d372b4f7b294ad… ∗∗∗ Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit ∗∗∗ --------------------------------------------- An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately. --------------------------------------------- https://hackread.com/auth-bypass-service-finder-wordpress-plugin-exploit/ ∗∗∗ BigBlueButton: Update fürs Webkonferenz-System fixt Denial-of-Service-Lücken ∗∗∗ --------------------------------------------- Die Entwickler des quelloffenen Webkonferenz-Systems BigBlueButton (BBB) für Windows- und Linux-Server haben mit einem Update auf Version 3.0.13 mehrere Angriffsmöglichkeiten beseitigt. --------------------------------------------- https://heise.de/-10751398 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 10.10.2025
by Daily end-of-shift report 10 Oct '25

10 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-10-2025 18:01 − Freitag 10-10-2025 18:01 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Discord says hackers stole government IDs of 70,000 users ∗∗∗ --------------------------------------------- Discord says that hackers made off with images of 70,000 users’ government IDs that they were required to provide in order to use the site. --------------------------------------------- https://arstechnica.com/security/2025/10/discord-says-hackers-stole-governm… ∗∗∗ RondoDox botnet targets 56 n-day flaws in worldwide attacks ∗∗∗ --------------------------------------------- A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. The attacker focuses on a wide range of exposed devices, including DVRs, NVRs, CCTV systems, and web servers and have been active since June. --------------------------------------------- https://www.bleepingcomputer.com/news/security/rondodox-botnet-targets-56-n… ∗∗∗ GitHub Copilot CamoLeak AI Attack Exfiltrates Data ∗∗∗ --------------------------------------------- Every week or two nowadays, researchers come up with new ways of exploiting agentic AI tools built crudely into software platforms. Since companies are far more concerned with providing AI functionality than they are securing that functionality, there's been ample opportunity for mischief. --------------------------------------------- https://www.darkreading.com/application-security/github-copilot-camoleak-ai… ∗∗∗ From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability ∗∗∗ --------------------------------------------- Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and including 16.7.10368.56560. --------------------------------------------- https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html ∗∗∗ 175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy companies across the world, according to Socket. --------------------------------------------- https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html ∗∗∗ Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz ∗∗∗ --------------------------------------------- US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/10/cops_seize_b… ∗∗∗ Pro-Russian hackers caught bragging about attack on fake water utility ∗∗∗ --------------------------------------------- A pro-Russian hacker group has been caught boasting about a cyberattack that unfolded entirely inside a decoy system set up by researchers. --------------------------------------------- https://therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group ∗∗∗ More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600) ∗∗∗ --------------------------------------------- Welcome back. We’re excited to yet again publish memes under the guise of research and inevitably receive hate mail. But today, we’ll be doing something slightly different to normal. Today, instead of pulling apart “just one” enterprise-grade solution, we have inadvertently ripped apart a widely used ASP.NET library. --------------------------------------------- https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-aj… ∗∗∗ New Stealit Campaign Abuses Node.js Single Executable Application ∗∗∗ --------------------------------------------- FortiGuard Labs has encountered a new and active Stealit malware campaign that leverages Node.js’ Single Executable Application (SEA) feature to distribute its payloads. This campaign was uncovered following a spike in detections of a particular Visual Basic script, which was later determined to be a component for persistence. --------------------------------------------- https://feeds.fortinet.com/~/926060729/0/fortinet/blogs~New-Stealit-Campaig… ===================== = Vulnerabilities = ===================== ∗∗∗ Claroty Product Security Advisory: OIDC Configurations in Claroty Secure Access ∗∗∗ --------------------------------------------- This advisory provides important information regarding a security vulnerability affecting on-premise Claroty Secure Access (formerly known as Claroty Secure Remote Access or SRA) when configured with OpenID Connect (OIDC) authentication, either currently or previously. Fixes for affected products are available in the customer portal. There are no known public exploits or a public proof of concept (POC) of this vulnerability. --------------------------------------------- https://claroty.com/product-security/oidc-configurations-in-claroty-secure-… ∗∗∗ Monitoring-Software Checkmk: Rechteausweitungslücke in Windows-Version ∗∗∗ --------------------------------------------- Checkmk warnt vor Sicherheitslücken in der gleichnamigen Netzwerk-Überwachungssoftware. Eine betrifft den Windows-Agent und verpasst eine Einordnung als kritisches Sicherheitsrisiko nur knapp, eines der weiteren Lecks dürfte Admins hingegen keinen Schlaf rauben. --------------------------------------------- https://www.heise.de/news/Monitoring-Software-Checkmk-Rechteausweitungsluec… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (redis and valkey), Fedora (docker-buildkit, ibus-bamboo, pgadmin4, webkitgtk, and wordpress), Mageia (kernel-linus, kmod-virtualbox & kmod-xtables-addons, and microcode), Oracle (compat-libtiff3 and udisks2), Red Hat (rsync), Slackware (python3), SUSE (chromium, cJSON, digger-cli, glow, go1.24, go1.25, go1.25-openssl, grafana, libexslt0, libruby3_4-3_4, pgadmin4, python311-python-socketio, and squid), and Ubuntu (dpdk, libhtp, vim, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/1041564/ ∗∗∗ Ivanti Endpoint Manager: Zero Day Initiative veröffentlicht 13 Zero-Days ∗∗∗ --------------------------------------------- In Ivantis Endpoint Manager (EPM) steckten schwere Sicherheitslücken, die das Unternehmen seit Monaten kennt – und dennoch erst in einem halben Jahr beheben wollte. Das war Trend Micros Zero Day Initiative (ZDI) zu lang – sie veröffentlicht die Lücken nun als "Zero Days". Im Fehlerkatalog tummeln sich elf SQL Injections, eine Pfadlücke und einmal Deserialisierung nicht vertrauenswürdiger Daten. --------------------------------------------- https://heise.de/-10749054 ∗∗∗ Schadcode-Lücken in Nvidia-GPU-Treiber geschlossen ∗∗∗ --------------------------------------------- Nvidias Entwickler haben mehrere Sicherheitslücken in verschiedenen Grafikkartentreibern geschlossen. Im schlimmsten Fall kann Schadcode Systeme vollständig kompromittieren. Davon sind Linux- und Windows-Computer bedroht. --------------------------------------------- https://heise.de/-10749431 ∗∗∗ 7-Zip: Infos zu geschlossenen Sicherheitslücken verfügbar ∗∗∗ --------------------------------------------- Mit der Version 25.00 von 7-Zip hat der Entwickler im Juli einige Sicherheitslücken geschlossen. Bislang war jedoch unklar, welche. Die Zero-Day-Initiative (ZDI) von Trend Micro hat nun Informationen zu einigen der darin gestopften Sicherheitslecks veröffentlicht. --------------------------------------------- https://heise.de/-10749900 ∗∗∗ Juniper Security Director: Angreifer können Sicherheitsmechanismus umgehen ∗∗∗ --------------------------------------------- Mehrere Produkte des Netzwerkausrüsters Juniper sind verwundbar. Sind Attacken erfolgreich, können Angreifer etwa manipulierte Images installieren oder Hintertüren in Switches verankern. Sicherheitspatches stehen zum Download bereit. --------------------------------------------- https://heise.de/-10750030 ∗∗∗ DSA-6022-1 valkey - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2025/msg00188.html ∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog: CVE-2021-43798 Grafana Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/09/cisa-adds-one-known-expl… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 09.10.2025
by Daily end-of-shift report 09 Oct '25

09 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-10-2025 18:00 − Donnerstag 09-10-2025 18:01 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Crimson Collective hackers target AWS cloud instances for data theft ∗∗∗ --------------------------------------------- The Crimson Collective threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. --------------------------------------------- https://www.bleepingcomputer.com/news/security/crimson-collective-hackers-t… ∗∗∗ New FileFix attack uses cache smuggling to evade security software ∗∗∗ --------------------------------------------- A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victims system and bypassing security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-filefix-attack-uses-cach… ∗∗∗ Hacktivists target critical infrastructure, hit decoy plant ∗∗∗ --------------------------------------------- A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacktivists-target-critical-… ∗∗∗ SonicWall: Firewall configs stolen for all cloud backup customers ∗∗∗ --------------------------------------------- SonicWall has confirmed that all customers that used the companys cloud backup service are affected by last months security breach. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sonicwall-firewall-configs-s… ∗∗∗ Sicherheitsleck: Millionen Gästedaten in Hotelsoftware öffentlich einsehbar ∗∗∗ --------------------------------------------- In der Hotelsoftware Sihot ließen sich Millionen Gästedaten einsehen. Die Sicherheitslücken sind laut Hersteller aber bereits geschlossen. --------------------------------------------- https://www.golem.de/news/sicherheitsleck-millionen-gaestedaten-in-hotelsof… ∗∗∗ Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. --------------------------------------------- https://thehackernews.com/2025/10/hackers-exploit-wordpress-themes-to.html ∗∗∗ localmind.ai: KI-Sicherheitsvorfall, es ist noch nicht vorbei – Teil 3 ∗∗∗ --------------------------------------------- Der Sicherheitsvorfall beim KI-Anbieter localmind.ai scheint noch nicht ausgestanden. Der Anbieter schreibt zwar, dass die Kernsysteme der Localmind-Plattform selbst nicht kompromittiert wurden, und man glaubt, die Infrastruktur gesichert zu haben. Es hat aber den Anschein, dass dies nicht ganz zutreffend ist. --------------------------------------------- https://www.borncity.com/blog/2025/10/09/localmind-ai-ki-sicherheitsvorfall… ∗∗∗ Velociraptor leveraged in ransomware attacks ∗∗∗ --------------------------------------------- Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. --------------------------------------------- https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-att… ∗∗∗ Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick) ∗∗∗ --------------------------------------------- Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. --------------------------------------------- https://hackread.com/fake-teams-installers-oyster-backdoor-broomstick/ ∗∗∗ New Chaos-C++ Ransomware Targets Windows by Wiping Data, Stealing Crypto ∗∗∗ --------------------------------------------- FortiGuard Labs reveals Chaos-C++, a new Chaos ransomware variant that deletes files over 1.3 GB instead of encrypting them and uses clipboard hijacking to steal cryptocurrency. --------------------------------------------- https://hackread.com/chaos-c-ransomware-windows-data-crypto/ ∗∗∗ Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign ∗∗∗ --------------------------------------------- Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. The actor began sending a high volume of emails to executives at numerous organizations, alleging the theft of sensitive data from the victims Oracle E-Business Suite (EBS) environments. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-s… ∗∗∗ SVG Phishing hits Ukraine with Amatera Stealer, PureMiner ∗∗∗ --------------------------------------------- FortiGuard Labs recently observed a phishing campaign designed to impersonate Ukrainian government agencies and deliver additional malware to targeted systems. The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments. --------------------------------------------- https://feeds.fortinet.com/~/925395818/0/fortinet/blogs~SVG-Phishing-hits-U… ===================== = Vulnerabilities = ===================== ∗∗∗ Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can send arbitrary system commands. --------------------------------------------- https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html ∗∗∗ Update: Schadcode-Lücke bedroht IBM Data Replication VSAM ∗∗∗ --------------------------------------------- Angreifer können IBM Data Replication VSAM for z/OS Remote Source attackieren. Nun wurde die Lücke geschlossen. --------------------------------------------- https://www.heise.de/news/Update-Schadcode-Luecke-bedroht-IBM-Data-Replicat… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rule-Perl), SUSE (expat, ImageMagick, matrix-synapse, python-xmltodict, redis, redis7, and valkey), and Ubuntu (fort-validator and imagemagick). --------------------------------------------- https://lwn.net/Articles/1041404/ ∗∗∗ A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk ∗∗∗ --------------------------------------------- We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/j/axis-plugin-flaw-autodesk-re… ∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025. ICSA-25-282-01 Hitachi Energy Asset Suite, ICSA-25-282-02 Rockwell Automation Lifecycle Services with Cisco, ICSA-25-282-03 Rockwell Automation Stratix and ICSA-25-128-03 Mitsubishi Electric Multiple FA Products. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/09/cisa-releases-four-indus… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 08.10.2025
by Daily end-of-shift report 08 Oct '25

08 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-10-2025 18:00 − Mittwoch 08-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug [..] The vulnerability has been addressed in version 0.6.3 of figma-developer-mcp, which was released on September 29, 2025. --------------------------------------------- https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html ∗∗∗ LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem ∗∗∗ --------------------------------------------- Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. --------------------------------------------- https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html ∗∗∗ Employees regularly paste company secrets into ChatGPT ∗∗∗ --------------------------------------------- Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if theyre using the bot without permission. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/07/gen_ai_shado… ∗∗∗ “Can you test my game?” Fake itch.io pages spread hidden malware to gamers ∗∗∗ --------------------------------------------- A convincing itch-style page can drop a stealthy stager instead of a game. Here’s how to spot it and what to do if you clicked. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2025/10/can-you-test-my-game… ∗∗∗ Is your computer mouse eavesdropping on you? ∗∗∗ --------------------------------------------- Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. [..] The method uses high-performance optical sensors in optical mice, combined with artificial intelligence, to filter out background noise and: “achieve intelligible reconstruction of user speech.” --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/10/is-your-computer-mouse-eaves… ∗∗∗ Der Klimabonus ist wieder da?! Nein, nur ein neuer Phishing-Versuch! ∗∗∗ --------------------------------------------- Betrügerische SMS-Nachrichten versuchen den Eindruck einer Rückkehr des Klimabonus zu erwecken. Eine frühzeitige Registrierung bringe Informationsvorteile und bessere Chancen für eine Auszahlung. Nichts davon ist wahr. Wir haben es vielmehr mit klassischem Phishing zu tun. --------------------------------------------- https://www.watchlist-internet.at/news/klimabonus-neuer-phishing-versuch/ ∗∗∗ Salesforce data breach: what you need to know ∗∗∗ --------------------------------------------- The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. [..] The hacker are demanding payment by this Friday, 10 October 2025. [..] Allen Tsai, a Salesforce spokesperson, said the company won’t engage, negotiate with or pay any extortion demand. --------------------------------------------- https://www.fortra.com/blog/salesforce-data-breach-what-need-know ∗∗∗ The ClickFix Factory: First Exposure of IUAM ClickFix Generator ∗∗∗ --------------------------------------------- Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals. --------------------------------------------- https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/ ∗∗∗ Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing ∗∗∗ --------------------------------------------- This article will be devoted to explaining how I reached arbitrary code execution from the crash point shown above. Of particular interest is the technique I used to achieve ROP execution. --------------------------------------------- https://www.thezdi.com/blog/2025/10/6/crafting-a-full-exploit-rce-from-a-cr… ∗∗∗ Windows 11-Setup: Microsoft blockiert künftig das Anlegen lokaler Konten ∗∗∗ --------------------------------------------- Es deutet sich an, dass lokale Benutzerkonten in Windows 11 zukünftig nicht, oder nur noch mit großen Tricks beim Setup eingerichtet werden können. In der neuesten Insider Preview Build 26220.6772 (KB5065797) vom 06. Oktober 2025 gab Microsoft bekannt, dass die Befehle, um beim Setup doch noch lokale Benutzerkonten einzurichten, gestrichen werden. --------------------------------------------- https://www.borncity.com/blog/2025/10/08/windows-11-setup-microsoft-blockie… ∗∗∗ Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research ∗∗∗ --------------------------------------------- HoneyBee takes popular cloud-deployed applications such as databases, storage services, and web apps, and automatically generates intentionally insecure Dockerfiles and Docker Compose manifests. [..] We know we aren't the only ones working on these challenges, which is why we’re open-sourcing HoneyBee with the hope that it can be just as useful to others in the security community. --------------------------------------------- https://www.wiz.io/blog/honeybee-threat-research ===================== = Vulnerabilities = ===================== ∗∗∗ Ivanti Endpoint Manager Multible 0Day Vulnerabilities ∗∗∗ --------------------------------------------- (ZDI-25-934 - ZDI-25-947) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product. --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra-igx, and --------------------------------------------- https://lwn.net/Articles/1041243/ ∗∗∗ Windows und Android: Google schließt schwerwiegende Lücken in Chrome ∗∗∗ --------------------------------------------- https://www.golem.de/news/windows-und-android-google-schliesst-schwerwiegen… ∗∗∗ ZDI-25-895: (0Day) Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-895/ ∗∗∗ B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) CVE ID: CVE-2025-3450 ∗∗∗ --------------------------------------------- https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf ∗∗∗ B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) CVE ID: CVE-2025-3449, CVE-2025-3448 ∗∗∗ --------------------------------------------- https://www.br-automation.com/fileadmin/SA25P003-178b6a20.pdf ∗∗∗ ABB: LVS MConfig Insecure memory handling CVE ID: CVE-2025-9970 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006008&Lang… ∗∗∗ Tenable: [R1] Security Center Version 6.7.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-21 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 07.10.2025
by Daily end-of-shift report 07 Oct '25

07 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Montag 06-10-2025 18:00 − Dienstag 07-10-2025 18:30 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Kritische Redis Sicherheitslücke (CVE-2025-49844) erlaubt Authenticated Remote Code Execution ∗∗∗ --------------------------------------------- Die kritische Redis Sicherheitslücke erlaubt Remote Code Execution, wenn LUA-Scripting aktiviert ist und ein speziell präpariertes Script im Kontext eines authentifiziertem Benutzer ausgeführt wird. --------------------------------------------- https://www.cert.at/de/aktuelles/2025/10/kritische-redis-sicherheitslucke-c… ∗∗∗ Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail ∗∗∗ --------------------------------------------- Last week, a little known extortion group called Crimson Collective caught my attention. At the time they only had 22 followers on Telegram. Red Hat confirmed the breach later that day, and started notifying impacted customers. Red Hat Consulting are consultants who come in to large enterprises to deal with complex technology problems. It is pretty clear their documentation and source code around customers has been stolen. --------------------------------------------- https://doublepulsar.com/red-hat-consulting-breach-puts-over-5000-high-prof… ∗∗∗ Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware ∗∗∗ --------------------------------------------- Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html ∗∗∗ Das passiert, wenn der KI-Betreiber die Sicherheit vernachlässigt ∗∗∗ --------------------------------------------- Verträge, Rechnungen und weitere sensible Daten erreichten uns via E-Mail. Die Quelle: eine österreichische KI-Firma, die demnach bei der Sicherheit schlampte. --------------------------------------------- https://www.heise.de/news/Sensible-Unternehmensdaten-ueber-Sicherheitsprobl… ∗∗∗ Phishers target 1Password users with convincing fake breach alert ∗∗∗ --------------------------------------------- Attackers are using realistic-looking 1Password emails to trick users into handing over their vault logins. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/10/phishers-target-1password-us… ∗∗∗ Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) ∗∗∗ --------------------------------------------- We bet you thought you’d be allowed to sit there, breathe, and savour the few moments of peace you’d earned after a painful week in cyber security. Obviously, you were horribly wrong, and you need to wake up now. --------------------------------------------- https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium), Red Hat (kernel, open-vm-tools, and postgresql), SUSE (chromedriver and chromium), and Ubuntu (haproxy and pam-u2f). --------------------------------------------- https://lwn.net/Articles/1041069/ ∗∗∗ CISA Releases Two Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. ICSA-25-280-01 Delta Electronics DIAScreen and ICSA-25-226-31 Rockwell Automation 1756-EN4TR, 1756-EN4TRXT. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/07/cisa-releases-two-indust… ∗∗∗ Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration ∗∗∗ --------------------------------------------- A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the flaw originates from the way these agents handle the OpenSSL configuration file on Windows systems. --------------------------------------------- https://thecyberexpress.com/zabbix-agent-cve-2025-27237/ ∗∗∗ Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin ∗∗∗ --------------------------------------------- On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers. This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts with the ‘administrator’ role. --------------------------------------------- https://www.wordfence.com/blog/2025/10/attackers-actively-exploiting-critic… ∗∗∗ ABB Security Advisory: EIBPORT Reflected XSS (CVE-2021-22291) ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A7808&Lan… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 06.10.2025
by Daily end-of-shift report 06 Oct '25

06 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-10-2025 18:00 − Montag 06-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Schwerwiegende Sicherheitslücke in Oracle E-Business Suite - aktiv ausgenutzt - Updates verfügbar ∗∗∗ --------------------------------------------- Oracle hat einen Security Alert zu einer schwerwiegenden Schwachstelle, CVE-2025-61882, in Oracle E-Business Suite veröffentlicht. Die Sicherheitslücke erlaubt es Angreifer:innen auf betroffenen Systemen ohne jedwede Authentifizierung Code auszuführen. Laut Oracle wird die Lücke bereits aktiv durch Bedrohungsakteure missbraucht. --------------------------------------------- https://www.cert.at/de/warnungen/2025/10/schwerwiegende-sicherheitslucke-in… ∗∗∗ Hackers exploited Zimbra flaw as zero-day using iCalendar files ∗∗∗ --------------------------------------------- Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploited-zimbra-fla… ∗∗∗ XWorm malware resurfaces with ransomware module, over 35 plugins ∗∗∗ --------------------------------------------- New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-wit… ∗∗∗ Scattered Lapsus$ Hunters Returns With Salesforce Leak Site ∗∗∗ --------------------------------------------- After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met. --------------------------------------------- https://www.darkreading.com/cyberattacks-data-breaches/scattered-lapsus-hun… ∗∗∗ Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads ∗∗∗ --------------------------------------------- The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. --------------------------------------------- https://thehackernews.com/2025/10/rhadamanthys-stealer-evolves-adds.html ∗∗∗ Angreifer kopierten Kundendaten von Red-Hat-GitLab-Instanz ∗∗∗ --------------------------------------------- Beim Softwarehersteller Red Hat kam es zu einem IT-Sicherheitsvorfall. Die Angreifer geben an, 570 GB an Daten kopiert zu haben. --------------------------------------------- https://www.heise.de/news/Angreifer-kopierten-Kundendaten-von-Red-Hat-GitLa… ∗∗∗ Datenleck bei Discord: Support-Dienstleister erfolgreich attackiert ∗∗∗ --------------------------------------------- Kriminelle konnten persönliche Daten von bestimmten Discord-Nutzern erbeuten. Diese könnten für Phishing-Attacken missbraucht werden. --------------------------------------------- https://www.heise.de/news/Datenleck-bei-Discord-Support-Dienstleister-erfol… ∗∗∗ Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High ∗∗∗ --------------------------------------------- On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved multiple, potentially coordinated scanning clusters. --------------------------------------------- https://www.greynoise.io/blog/palo-alto-scanning-surges ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Security Alert for CVE-2025-61882 - 4 October 2025 ∗∗∗ --------------------------------------------- This Security Alert addresses vulnerability CVE-2025-61882 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution. --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ∗∗∗ Redis warns of critical flaw impacting thousands of instances ∗∗∗ --------------------------------------------- The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. --------------------------------------------- https://www.bleepingcomputer.com/news/security/redis-warns-of-max-severity-… ∗∗∗ ZDI-25-932: MLflow Weak Password Requirements Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-11200. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-932/ ∗∗∗ ZDI-25-930: win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-11202. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-930/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, git, log4cxx, and openssl), Fedora (containernetworking-plugins, firebird, firefox, jupyterlab, mupdf, and thunderbird), Oracle (ipa), Red Hat (container-tools:rhel8, firefox, gnutls, kernel, kernel-rt, multiple packages, mysql, mysql:8.0, nginx, podman, and thunderbird), Slackware (fetchmail), SUSE (afterburn, chromium, firefox, haproxy, libvmtools-devel, logback, python311-Django, python311-Django4, and redis), and Ubuntu (linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-nvidia-tegra-igx, linux-oracle, mysql-8.0, poppler, and squid). --------------------------------------------- https://lwn.net/Articles/1040991/ ∗∗∗ Unzählige Sicherheitslücken in Dell PowerProtect Data Domain geschlossen ∗∗∗ --------------------------------------------- Stimmen die Voraussetzungen, können Angreifer Dell PowerProtect Data Domain attackieren und Systeme als Root kompromittieren. Sicherheitspatches stehen zum Download bereit. --------------------------------------------- https://heise.de/-10712169 ∗∗∗ Spiele-Engine Unity: Lücke bedroht Android, Linux, macOS und Windows ∗∗∗ --------------------------------------------- Die Laufzeitumgebung für die Spiele-Engine Unity steckt in diversen populären Spielen. Microsoft meldet nun eine schwerwiegende Sicherheitslücke darin, die Angreifern das Ausführen von Schadcode erlaubt. Bis zur Verfügbarkeit von Updates sollen Nutzerinnen und Nutzer betroffene Software deinstallieren, rät der Hersteller. --------------------------------------------- https://heise.de/-10713427 ∗∗∗ Multiple Vulnerabilities in Qsync Central ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-25-35 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 03.10.2025
by Daily end-of-shift report 03 Oct '25

03 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-10-2025 18:00 − Freitag 03-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Oracle links Clop extortion attacks to July 2025 vulnerabilities ∗∗∗ --------------------------------------------- Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. --------------------------------------------- https://www.bleepingcomputer.com/news/security/oracle-links-clop-extortion-… ∗∗∗ CommetJacking attack tricks Comet browser into stealing emails ∗∗∗ --------------------------------------------- A new attack called CometJacking exploits URL parameters to pass to Perplexitys Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. --------------------------------------------- https://www.bleepingcomputer.com/news/security/commetjacking-attack-tricks-… ∗∗∗ Sicherheitslücke in Zahnarztpraxen-System ∗∗∗ --------------------------------------------- Bei einem von einigen Zahnarztpraxen eingesetzten Praxisverwaltungssystem hat es gravierende Schwachstellen gegeben - dadurch hätten Patientendaten gelesen und verändert werden können. --------------------------------------------- https://www.golem.de/news/security-sicherheitsluecke-in-zahnarztpraxen-syst… ∗∗∗ Coordinated Grafana Exploitation Attempts on 28 September ∗∗∗ --------------------------------------------- GreyNoise observed a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 — a Grafana path traversal vulnerability that enables arbitrary file reads. All observed IPs are classified as malicious. --------------------------------------------- https://www.greynoise.io/blog/coordinated-grafana-exploitation-attempts ∗∗∗ Its Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604) ∗∗∗ --------------------------------------------- Welcome back, and what a week! We’re glad that happened for you and/or sorry that happened to you. It will get better and/or worse, and you will likely survive. Today, we’re walking down the garden path and digging into the archives, publishing our analysis of a vulnerability we discovered and disclosed to Dell in March 2025 within their UnityVSA solution. --------------------------------------------- https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-a… ===================== = Vulnerabilities = ===================== ∗∗∗ DrayTek warns of remote code execution bug in Vigor routers ∗∗∗ --------------------------------------------- Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/draytek-warns-of-remote-code… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (idm:DL1), Debian (gegl and haproxy), Fedora (ffmpeg, firefox, freeipa, python-pip, rust-astral-tokio-tar, sqlite, uv, webkitgtk, and xen), Oracle (idm:DL1, ipa, kernel, perl-JSON-XS, and python3), Red Hat (git), SUSE (curl, frr, jupyter-jupyterlab, and libsuricata8_0_1), and Ubuntu (linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-6.8, linux-fips, linux-gcp-fips, and linux-intel-iot-realtime, linux-realtime). --------------------------------------------- https://lwn.net/Articles/1040729/ ∗∗∗ CISA Releases Two Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025: ICSA-25-275-01 Raise3D Pro2 Series 3D Printers and ICSA-25-275-02 Hitachi Energy MSM Product. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/02/cisa-releases-two-indust… ∗∗∗ Critical Splunk Vulnerabilities Expose Platforms to Remote JavaScript Injection and More ∗∗∗ --------------------------------------------- Splunk has disclosed six critical security vulnerabilities impacting multiple versions of both Splunk Enterprise and Splunk Cloud Platform. These Splunk vulnerabilities, collectively highlighting serious weaknesses in Splunk’s web components, could allow attackers to execute unauthorized JavaScript code remotely, access sensitive information, and perform server-side request forgery (SSRF) attacks. --------------------------------------------- https://thecyberexpress.com/critical-splunk-vulnerabilities/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 02.10.2025
by Daily end-of-shift report 02 Oct '25

02 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-10-2025 18:00 − Donnerstag 02-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ That annoying SMS phish you just got may have come from a box like this ∗∗∗ --------------------------------------------- Smishers looking for new infrastructure are getting creative. --------------------------------------------- https://arstechnica.com/security/2025/10/that-annoying-sms-phish-you-just-g… ∗∗∗ Adobe Analytics bug leaked customer tracking data to other tenants ∗∗∗ --------------------------------------------- Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adobe-analytics-bug-leaked-c… ∗∗∗ Clop extortion emails claim theft of Oracle E-Business Suite data ∗∗∗ --------------------------------------------- Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/clop-extortion-emails-claim-… ∗∗∗ Android spyware campaigns impersonate Signal and ToTok messengers ∗∗∗ --------------------------------------------- Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-spyware-campaigns-im… ∗∗∗ Shutdown Threatens US Intel Sharing, Cyber Defense ∗∗∗ --------------------------------------------- Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns. --------------------------------------------- https://www.darkreading.com/cyber-risk/shutdown-us-intel-sharing-cyber-defe… ∗∗∗ Datenleck: Schufa-Tochter Bonify bestätigt Sicherheitsvorfall ∗∗∗ --------------------------------------------- Unbekannte erbeuten Identifizierungsdaten von Bonify-Nutzern. Darunter sind auch Ausweisdaten und Fotos. --------------------------------------------- https://www.golem.de/news/datenleck-schufa-tochter-bonify-bestaetigt-sicher… ∗∗∗ 570 GByte Github-Daten: Red Hat meldet Sicherheitsvorfall ∗∗∗ --------------------------------------------- Die Erpressergruppe Crimson Collective ist angeblich im Besitz vertraulicher Kundendaten von Red Hat - und verlangt ein Lösegeld. --------------------------------------------- https://www.golem.de/news/570-gbyte-github-daten-red-hat-meldet-sicherheits… ∗∗∗ New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer ∗∗∗ --------------------------------------------- In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intels Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. --------------------------------------------- https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html ∗∗∗ Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. --------------------------------------------- https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.ht… ∗∗∗ EU funds are flowing into spyware companies, and politicians are demanding answers ∗∗∗ --------------------------------------------- Experts say Commission is ‘fanning the flames’ of the continent’s own Watergate. An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/02/eu_spyware_f… ∗∗∗ ENISA Threat Landscape 2025 ∗∗∗ --------------------------------------------- Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. --------------------------------------------- https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025 ∗∗∗ Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks. --------------------------------------------- https://hackread.com/spamgpt-matrixpdf-ai-toolkits-malware-attacks/ ∗∗∗ Malicious ZIP Files Use Windows Shortcuts to Drop Malware ∗∗∗ --------------------------------------------- Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging living off the land tactics, and a unique Anti-Virus check to deliver a custom payload. --------------------------------------------- https://hackread.com/malicious-zip-files-windows-shortcuts-malware/ ∗∗∗ $20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk ∗∗∗ --------------------------------------------- Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now. --------------------------------------------- https://hackread.com/20-yolink-iot-gateway-vulnerabilities-home-security/ ∗∗∗ Confucius Espionage: From Stealer to Backdoor ∗∗∗ --------------------------------------------- The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region. --------------------------------------------- https://feeds.fortinet.com/~/925674278/0/fortinet/blogs~Confucius-Espionage… ===================== = Vulnerabilities = ===================== ∗∗∗ Chrome 141: Google schließt schwerwiegende Sicherheitslücken ∗∗∗ --------------------------------------------- Google hat seinen Browser Chrome auf die Version 141 aktualisiert. Das Update beinhaltet den Versionshinweisen zufolge Patches für 21 Sicherheitslücken. Von mindestens zwei Anfälligkeiten geht demnach ein hohes Risiko aus. Sie erlauben unter Umständen das Einschleusen und Ausführen von Schadcode aus der Ferne und innerhalb der Sandbox des Browsers. --------------------------------------------- https://www.golem.de/news/chrome-141-google-schliesst-schwerwiegende-sicher… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-hwe-6.14, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux, linux-kvm, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-hwe-6.8, linux-kvm, linux-oracle-5.15, linux-oracle-6.14, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux-realtime-6.14, and python-django). --------------------------------------------- https://lwn.net/Articles/1040591/ ∗∗∗ Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0 ∗∗∗ --------------------------------------------- Tenable has released Security Center Patch SC-202509.2.1 to address these issues. --------------------------------------------- https://www.tenable.com/security/tns-2025-20 ∗∗∗ Sicherheitspatches: OpenSSL für Schadcode-Attacken anfällig ∗∗∗ --------------------------------------------- In aktuellen OpenSSL-Versionen haben die Entwickler drei Sicherheitslücken geschlossen. Bislang gibt es keine Berichte zu Attacken. --------------------------------------------- https://www.heise.de/news/OpenSSL-Angreifer-koennen-auf-ARM-Systemen-privat… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 01.10.2025
by Daily end-of-shift report 01 Oct '25

01 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-09-2025 18:00 − Mittwoch 01-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ China Imposes One-Hour Reporting Rule for Major Cyber Incidents ∗∗∗ --------------------------------------------- The sweeping new regulations show that Chinas serious about hardening its own networks after launching widespread attacks on global networks. --------------------------------------------- https://www.darkreading.com/cybersecurity-operations/china-one-hour-reporti… ∗∗∗ MatrixPDF: Neues Hacker-Tool macht PDF-Dateien zu Phishing-Ködern ∗∗∗ --------------------------------------------- Schädliche PDF-Dateien lassen sich damit so gestalten, dass sie den Phishing-Filter von Gmail umgehen. --------------------------------------------- https://www.golem.de/news/matrixpdf-neues-hacker-tool-macht-pdf-dateien-zu-… ∗∗∗ New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones ∗∗∗ --------------------------------------------- A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy.Italian fraud prevention firm Cleafy, which discovered the sophisticated malware .. --------------------------------------------- https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html ∗∗∗ Hackers Exploit Milesight Routers to Send Phishing SMS to European Users ∗∗∗ --------------------------------------------- Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022.French cybersecurity company SEKOIA said the attackers are exploiting .. --------------------------------------------- https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html ∗∗∗ Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover ∗∗∗ --------------------------------------------- A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions.OpenShift AI is a platform for managing the lifecycle .. --------------------------------------------- https://thehackernews.com/2025/10/critical-red-hat-openshift-ai-flaw.html ∗∗∗ OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps ∗∗∗ --------------------------------------------- A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain .. --------------------------------------------- https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.h… ∗∗∗ Neue Phishing-Wellen im Namen der WKO ∗∗∗ --------------------------------------------- Kriminelle versuchen aktuell über zwei Maschen im Namen der Wirtschaftskammer Österreich für Schaden zu sorgen. Dabei geht es um die Aktualisierung von Unternehmensdaten und Zahlungsinformationen zum Mitgliedsbeitrag. Besonders gefährlich: Für .. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-wellen-wko/ ∗∗∗ TOTOLINK X6000R: Three New Vulnerabilities Uncovered ∗∗∗ --------------------------------------------- Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact. --------------------------------------------- https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ ∗∗∗ North Korea IT worker scheme expanding to more industries, countries outside of US tech sector ∗∗∗ --------------------------------------------- Okta said their new research into the scheme revealed that North Korea has honed its skills on U.S.-based companies and has expanded into dozens of different countries and industries. --------------------------------------------- https://therecord.media/north-korea-it-worker-scheme-expands-outisde-us-tech ∗∗∗ Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer ∗∗∗ --------------------------------------------- Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware. --------------------------------------------- https://hackread.com/detour-dog-dns-hijacking-websites-strela-stealer/ ∗∗∗ Sicherheitsupdate: Schadcode-Lücke bedroht NAS-Modelle von Western Digital ∗∗∗ --------------------------------------------- Angreifer können bestimmte Netzwerkspeicher von Western Digital mit My Cloud OS attackieren. --------------------------------------------- https://heise.de/-10696726 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), .. --------------------------------------------- https://lwn.net/Articles/1040375/ ∗∗∗ CISA Releases Ten Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-273-01 MegaSys Enterprises Telenium Online Web ApplicationICSA-25-273-02 Festo SBRD-Q/SBOC-Q/SBOI-QICSA-25-273-03 Festo CPX-CEC-C1 and .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/09/30/cisa-releases-ten-indust… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily October 2025