Daily July 2025

daily@lists.cert.at

1 participants
15 discussions

Tageszusammenfassung - 07.07.2025
by Daily end-of-shift report 07 Jul '25

07 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-07-2025 18:00 − Montag 07-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers abuse leaked Shellter red team tool to deploy infostealers ∗∗∗ --------------------------------------------- Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-abuse-leaked-shellte… ∗∗∗ Umsetzung von NIS 2 in Europa: Nur vier Länder haben geliefert ∗∗∗ --------------------------------------------- NIS 2 hätte bis zum 17. Oktober 2024 in nationales Recht umgesetzt werden müssen. Das ist nur wenigen Ländern gelungen. Wie haben sie das gemacht? Eine Analyse von Thomas Hafen --------------------------------------------- https://www.golem.de/news/umsetzung-von-nis-2-in-europa-nur-vier-laender-ha… ∗∗∗ Auch Lücken und Bugs beseitigt: Neues 7-Zip komprimiert mit mehr als 64 CPU-Kernen ∗∗∗ --------------------------------------------- Wer 7-Zip im Einsatz hat, sollte das Packprogramm zeitnah aktualisieren. Version 25.00 verspricht mehr Leistung und behebt Bugs und Schwachstellen. --------------------------------------------- https://www.golem.de/news/jetzt-updaten-7-zip-schliesst-sicherheitsluecken-… ∗∗∗ Massive spike in use of .es domains for phishing abuse ∗∗∗ --------------------------------------------- ¡Cuidado! Time to double-check before entering your Microsoft creds Cybersecurity experts are reporting a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru. --------------------------------------------- https://www.theregister.com/2025/07/05/spain_domains_phishing/ ∗∗∗ Ingram Micro confirms ransomware behind multi-day outage ∗∗∗ --------------------------------------------- SafePay crew claims responsibility for intrusion at one of worlds largest tech distributors Ingram Micro, one of the world’s largest distributors, has confirmed it is trying to restore systems following a ransomware attack. --------------------------------------------- https://www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_beh… ∗∗∗ Antivirus: Comodo Internet Security lässt sich Schadcode unterschieben ∗∗∗ --------------------------------------------- Ein IT-Sicherheitsforscher hat mehrere Sicherheitslücken im Virenschutz Comodo Internet Security entdeckt, wodurch Angreifer Schadcode einschleusen können. --------------------------------------------- https://www.heise.de/news/Antivirus-Comodo-Internet-Security-laesst-sich-Sc… ∗∗∗ SSB-104599 V1.0: Increasing Cyber Threats to Industrial Control Systems ∗∗∗ --------------------------------------------- The current geopolitical situation has created increased cybersecurity risks across all industrial sectors. This challenging environment also impacts the operational technology (OT) landscape, where we observe an intensification of threat activities. --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssb-104599.html ∗∗∗ Fake-Europol-E-Mail mit dem Vorwurf der Verbreitung pornografischer Inhalte von Minderjährigen ∗∗∗ --------------------------------------------- Derzeit wird eine gefälschte E-Mail im Namen von Europol verbreitet. Darin wird den Empfänger:innen unterstellt, verbotene pornografische Darstellungen von Minderjährigen abgerufen oder verbreitet zu haben. Angeblich sei deshalb ein Strafverfahren eingeleitet worden. Die Betroffenen werden aufgefordert, per E-Mail eine Stellungnahme zu übermitteln. Antworten Sie nicht darauf, denn es handelt sich um einen Betrugsversuch! --------------------------------------------- https://www.watchlist-internet.at/news/europol-e-mail-mit-vorwurf-der-verbr… ∗∗∗ BERT Ransomware Group Targets Asia and Europe on Multiple Platforms ∗∗∗ --------------------------------------------- BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platforms. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-target… ∗∗∗ SatanLock Ransomware Ends Operations, Says Stolen Data Will Be Leaked ∗∗∗ --------------------------------------------- SatanLock ransomware gang shuts down after weeks of attacks and plans to leak stolen victim data. Group linked to Babuk-Bjorka and GD Lockersec families. --------------------------------------------- https://hackread.com/satanlock-ransomware-ends-operations-stolen-data-leak/ ∗∗∗ Isolated Recovery Environments: A Critical Layer in Modern Cyber Resilience ∗∗∗ --------------------------------------------- As adversaries grow faster, stealthier, and more destructive, traditional recovery strategies are increasingly insufficient. Mandiants M-Trends 2025 report reinforces this shift, highlighting that ransomware operators now routinely target not just production systems but also backups. This evolution demands that organizations re-evaluate their resilience posture. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/isolated-recovery-… ∗∗∗ How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) ∗∗∗ --------------------------------------------- Before you dive into our latest diatribe, indulge us and join us on a journey.Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, .. --------------------------------------------- https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-mem… ∗∗∗ Lets Encrypt stellt erstes IP-Zertifikat aus ∗∗∗ --------------------------------------------- Das Lets-Encrypt-Projekt hat in der vergangenen Woche das erste Zertifikat für eine IP-Adresse ausgestellt. --------------------------------------------- https://heise.de/-10476509 ∗∗∗ Sicherheitsupdate: Dell Data Protection Advisor über viele Lücken angreifbar ∗∗∗ --------------------------------------------- Angreifer können an Schwachstellen in Dells Backuplösung Data Protection Advisor ansetzen. Der Computerhersteller stuft das Risiko als kritisch ein. --------------------------------------------- https://heise.de/-10476481 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird and xmedcon), Fedora (darktable, mbedtls, sudo, and yarnpkg), Mageia (catdoc and php), Red Hat (java-1.8.0-ibm, kernel, python-setuptools, python3, python3.11, python3.12, python3.9, socat, sudo, tigervnc, webkit2gtk3, webkitgtk4, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (alloy, apache-commons-fileupload, apache2-mod_security2, assimp-devel, chromedriver, clamav, clustershell, corepack22, ctdb, curl, dpkg, --------------------------------------------- https://lwn.net/Articles/1029073/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2025
by Daily end-of-shift report 04 Jul '25

04 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-07-2025 18:00 − Freitag 04-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ingram Micro suffers global outage as internal systems inaccessible ∗∗∗ --------------------------------------------- IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ingram-micro-suffers-global-… ∗∗∗ Hacker leaks Telefónica data allegedly stolen in a new breach ∗∗∗ --------------------------------------------- A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacker-leaks-telef-nica-data… ∗∗∗ Rechnungshof warnt: Cybersicherheit der Bundes-IT unzureichend ∗∗∗ --------------------------------------------- Viele Rechenzentren des Bundes verfügen wohl nicht einmal über eine angemessene Notstromversorgung. Und auch an Redundanzen fehlt es häufig. --------------------------------------------- https://www.golem.de/news/rechnungshof-warnt-cybersicherheit-der-bundes-it-… ∗∗∗ The Breach Beyond the Runway: Cybercriminals Targeted Qantas Through a Trusted Partner ∗∗∗ --------------------------------------------- On July 3, 2025, Qantas confirmed in an update statement that a cyber incident had compromised data from one of its contact centers, following the detection of suspicious activity on June 30. The breach didn’t strike at the heart of .. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-breach-… ∗∗∗ Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects ∗∗∗ --------------------------------------------- Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world.The international effort, codenamed Operation Borrelli, was carried out by the .. --------------------------------------------- https://thehackernews.com/2025/06/europol-dismantles-540-million.html ∗∗∗ "FoxyWallet": Mehr als 40 bösartige Firefox-Add-ons entdeckt ∗∗∗ --------------------------------------------- IT-Sicherheitsforscher haben eine groß angelegte Kampagne mit bösartigen Firefox-Add-ons entdeckt. Die räumen Krypto-Wallets leer. --------------------------------------------- https://www.heise.de/news/FoxyWallet-Mehr-als-40-boesartige-Firefox-Add-ons… ∗∗∗ Pet microchip scams and data leaks in the UK ∗∗∗ --------------------------------------------- TL;DR We were recently on BBC Morning Live talking about issues with pet microchip data, helping some pet owners understand how they were being billed for services which they didn’t recall signing up for. There was so much more to this piece though, so we’ve written up our findings in more detail .. --------------------------------------------- https://www.pentestpartners.com/security-blog/pet-microchip-scams-and-data-… ∗∗∗ Das Facebook-Konto versendet unerwünschte Nachrichten? Phishing-Alarm & Abo-Falle! ∗∗∗ --------------------------------------------- Kriminelle nutzen die Angst vor „Account Hijacking“ – also der Übernahme eines Online-Kontos durch andere – für ihre Zwecke aus. Sie versenden E-Mail-Warnungen, laut denen über den Facebook-Account des Opfers „unerwünschte Nachrichten“ versendet werden. Die Lösung des vermeintlichen Problems führt direkt in eine Abo-Falle. --------------------------------------------- https://www.watchlist-internet.at/news/facebook-nachrichten-phishing-abo/ ∗∗∗ A message from Bruce the mechanical shark ∗∗∗ --------------------------------------------- This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing. --------------------------------------------- https://blog.talosintelligence.com/a-message-from-bruce-the-mechanical-shar… ∗∗∗ AI Dilemma: Emerging Tech as Cyber Risk Escalates ∗∗∗ --------------------------------------------- As AI adoption accelerates, businesses face mounting cyber threats—and urgent choices about secure implementation --------------------------------------------- https://www.trendmicro.com/en_us/research/25/g/ai-cyber-risks.html ∗∗∗ Taking over 60k spyware user accounts with SQL injection ∗∗∗ --------------------------------------------- Recently I was looking through a database of known stalkerware services and found one I wasn’t familiar with: Catwatchful. It seemed to be a full-featured Android spy app, to actually be its own service as opposed to a millionth FlexiSpy reseller, and to offer a 3-day free trial. Aside from a boilerplate disclaimer to only use it with consent .. --------------------------------------------- https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/ ∗∗∗ Identifying Ransomware Final Stage activities with KQL Queries ∗∗∗ --------------------------------------------- When ransomware strikes, it doesn’t just encrypt files — it often wraps up with a series of stealthy moves meant to lock you out, cover tracks, and make recovery a nightmare. That’s why it’s so important to spot these final-stage activities before the damage is permanent. --------------------------------------------- https://detect.fyi/identifying-ransomware-final-stage-activities-with-kql-q… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2025
by Daily end-of-shift report 03 Jul '25

03 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-07-2025 18:00 − Donnerstag 03-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DOJ investigates ex-ransomware negotiator over extortion kickbacks ∗∗∗ --------------------------------------------- An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. --------------------------------------------- https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomwa… ∗∗∗ Data Breach Reveals Catwatchful Stalkerware Is Spying On Thousands of Phones ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware apps full database of email addresses and plaintext passwords that .. --------------------------------------------- https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatc… ∗∗∗ Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection ∗∗∗ --------------------------------------------- During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting .. --------------------------------------------- https://blog.sucuri.net/2025/07/fake-spam-plugin-uses-victims-domain-name-t… ∗∗∗ CISA warns the Signal clone used by natsec staffers is being attacked, so patch now ∗∗∗ --------------------------------------------- Two flaws in TeleMessage are frequent attack vectors for malicious cyber actors The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22. --------------------------------------------- https://www.theregister.com/2025/07/02/cisa_telemessage_patch/ ∗∗∗ ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies ∗∗∗ --------------------------------------------- Crims have cottoned on to a new way to lead you astray AI-powered chatbots often deliver incorrect information when asked to name the address for major companies’ websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals. --------------------------------------------- https://www.theregister.com/2025/07/03/ai_phishing_websites/ ∗∗∗ Cisco entfernt SSH-Hintertür in Unified Communications Manager ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat Sicherheitslücken in verschiedenen Produkten geschlossen. Eine Lücke gilt als kritisch. --------------------------------------------- https://www.heise.de/news/Cisco-entfernt-SSH-Hintertuer-in-Unified-Communic… ∗∗∗ Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack ∗∗∗ --------------------------------------------- We analyze CVE-2025-24813 (Tomcat Partial PUT RCE), CVE-2025-27636 and CVE-2025-29891 (Camel Header Hijack RCE). --------------------------------------------- https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cv… ∗∗∗ Hunters International ransomware group claims to be shutting down ∗∗∗ --------------------------------------------- “After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the prolific cybercrime gang wrote on its darknet site. --------------------------------------------- https://therecord.media/hunters-international-ransomware-extortion-group-cl… ∗∗∗ Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure ∗∗∗ --------------------------------------------- Russian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure. --------------------------------------------- https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks ===================== = Vulnerabilities = ===================== ∗∗∗ Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-085 ∗∗∗ Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-086 ∗∗∗ Security Vulnerabilities fixed in Thunderbird 140 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 128.12 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2025
by Daily end-of-shift report 02 Jul '25

02 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-07-2025 18:00 − Mittwoch 02-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: DNS issue blocks delivery of Exchange Online OTP codes ∗∗∗ --------------------------------------------- Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-links-dns-issue-t… ∗∗∗ Kundenfang am Unfallort: Hacker verkauft Daten aus Notrufsystem an Bestatter ∗∗∗ --------------------------------------------- Die Notrufdaten sind in Echtzeit zur Verfügung gestellt worden. Die Bestatter konnten damit frühzeitig an Einsatzorten auftauchen, um neue Kunden zu gewinnen. --------------------------------------------- https://www.golem.de/news/kundenfang-am-unfallort-hacker-verkauft-daten-aus… ∗∗∗ C2 mit Dinosauriern ∗∗∗ --------------------------------------------- Angreifer nutzen gerne Programme, die als Open Source verfügbar sind und typischerweise als legitim sowie harmlos eingestuft werden (z. B. rclone .. --------------------------------------------- https://sec-consult.com/de/blog/detail/c2-mit-dinosauriern/ ∗∗∗ chwoot: Kritische Linux-Lücke macht Nutzer auf den meisten Systemen zu Root ∗∗∗ --------------------------------------------- Ein Beispielexploit steht im Netz und funktioniert auf vielen Standardystemen. Admins sollten schnell die bereitstehenden Updates einspielen. --------------------------------------------- https://www.heise.de/news/chwoot-Kritische-Linux-Luecke-macht-Nutzer-auf-de… ∗∗∗ Bericht: EU-Grenzsystem SIS II mit zahlreichen Sicherheitslücken ∗∗∗ --------------------------------------------- Vertrauliche Berichte sollen tausende Schwachstellen im EU-Grenzsystem SIS II monieren. Die Entwickler bessern sie zu langsam aus. --------------------------------------------- https://www.heise.de/news/Bericht-EU-Grenzsystem-SIS-II-mit-zahlreichen-Sic… ∗∗∗ 600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Forminator WordPress Plugin ∗∗∗ --------------------------------------------- On June 20th, 2025, we received a submission for an Arbitrary File Deletion vulnerability in Forminator, a WordPress plugin with more than 600,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in a form submission, and the file will be deleted when the submission is deleted. It can be .. --------------------------------------------- https://www.wordfence.com/blog/2025/07/600000-wordpress-sites-affected-by-a… ∗∗∗ Sinaloa-Kartell hackte das FBI, um geheime Informanten ausfindig zu machen ∗∗∗ --------------------------------------------- Ein Bericht des US-Justizministeriums übt Kritik am Umgang des FBI mit der Gefahr durch Überwachungstechnologien --------------------------------------------- https://www.derstandard.at/story/3000000277554/sinaloa-kartell-hackte-das-f… ∗∗∗ Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work ∗∗∗ --------------------------------------------- Support for ransomware, darknet drug markets and other cybercrime activity landed the Russian company Aeza Group on the U.S. governments sanctions list, the Treasury Department said. --------------------------------------------- https://therecord.media/russia-bulletproof-hosting-aeza-group-us-sanctions ∗∗∗ Ransomware gang attacks German charity that feeds starving children ∗∗∗ --------------------------------------------- Cybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay. --------------------------------------------- https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransom… ∗∗∗ Analysis of Attacks Targeting Linux SSH Servers for Proxy Installation ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large .. --------------------------------------------- https://asec.ahnlab.com/en/88749/ ∗∗∗ PDFs: Portable documents, or perfect deliveries for phish? ∗∗∗ --------------------------------------------- A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks. --------------------------------------------- https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliv… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2025
by Daily end-of-shift report 01 Jul '25

01 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Montag 30-06-2025 18:00 − Dienstag 01-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Root-Zugriff für alle: Kritische Sudo-Lücke gefährdet unzählige Linux-Systeme ∗∗∗ --------------------------------------------- Forscher haben eine gefährliche Sicherheitslücke im Kommandozeilentool Sudo entdeckt. Angreifer können mit wenig Aufwand Root-Rechte erlangen. --------------------------------------------- https://www.golem.de/news/root-zugriff-fuer-alle-kritische-sudo-luecke-gefa… ∗∗∗ Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations ∗∗∗ --------------------------------------------- Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north… ∗∗∗ Vulnerability & Patch Roundup — June 2025 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website .. --------------------------------------------- https://blog.sucuri.net/2025/06/vulnerability-patch-roundup-june-2025.html ∗∗∗ U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure ∗∗∗ --------------------------------------------- U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists .. --------------------------------------------- https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html ∗∗∗ OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors ∗∗∗ --------------------------------------------- Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsofts ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas .. --------------------------------------------- https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html ∗∗∗ Terrible tales of opsec oversights: How cybercrooks get themselves caught ∗∗∗ --------------------------------------------- The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that. --------------------------------------------- https://www.theregister.com/2025/07/01/terrible_tales_of_opsec_oversights/ ∗∗∗ Überwachungskameras aus China: Kanada ordnet Schließung von Hikvision Canada an ∗∗∗ --------------------------------------------- Hikvision kommt aus China und verkauft Überwachungstechnik. Seit Jahren gibt es Kritik an dem Konzern. Nun lässt Kanada den dortigen Ableger schließen. --------------------------------------------- https://www.heise.de/news/Ueberwachungskameras-aus-China-Kanada-ordnet-Schl… ∗∗∗ Webbrowser Chrome: Sicherheitslücke wird angegriffen ∗∗∗ --------------------------------------------- In der Nacht zum Dienstag hat Google den Chrome-Browser ungeplant aktualisiert. Eine Sicherheitslücke wird bereits attackiert. --------------------------------------------- https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitslueck… ∗∗∗ Viele Sicherheitslücken in Dell OpenManage Network Integration geschlossen ∗∗∗ --------------------------------------------- Angreifer können Dell OpenManage Network Integration über verschiedene Wege attackieren. Sicherheitsupdates stehen zur Verfügung. --------------------------------------------- https://www.heise.de/news/Viele-Sicherheitsluecken-in-Dell-OpenManage-Netwo… ∗∗∗ Britischer IT-Angestellter rächte sich an Ex-Arbeitgeber: Sieben Monate Haft ∗∗∗ --------------------------------------------- Nur wenige Stunden nach seiner Entlassung startete der junge Mann eine Cyberattacke und sorgte für Schäden in Höhe von 200.000 Pfund --------------------------------------------- https://www.derstandard.at/story/3000000277498/britischer-it-angestellter-r… ∗∗∗ 50 customers of French bank hit after insider helped SIM swap scammers ∗∗∗ --------------------------------------------- French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients. --------------------------------------------- https://www.bitdefender.com/en-us/blog/hotforsecurity/50-customers-of-frenc… ∗∗∗ Encryption vs. Lawful Interception: EU policy news ∗∗∗ --------------------------------------------- I’ve commented here on this blog (or its German twin) quite a few time already on various legislative proposals on how the law enforcement agencies can keep their traditional access to the communication of suspects. See Ein paar Thesen zu aktuellen Gesetzesentwürfen (2017) Ein paar Gedanken zur „Überwachung verschlüsselter Nachrichten" (2024) Roles in .. --------------------------------------------- https://www.cert.at/en/blog/2025/7/encryption-vs-lawful-interception-eu-pol… ∗∗∗ DOJ raids 29 ‘laptop farms’ in crackdown on N. Korean IT worker scheme ∗∗∗ --------------------------------------------- The Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies. --------------------------------------------- https://therecord.media/doj-raids-laptop-farms-crackdown ∗∗∗ International Criminal Court targeted by new ‘sophisticated’ attack ∗∗∗ --------------------------------------------- The ICC credited its “alert and response mechanisms” for “swiftly” discovering, confirming and containing a cyberattack. --------------------------------------------- https://therecord.media/international-criminal-court-cyberattack-2025 ∗∗∗ Malware in Apps: Godfather 2.0 für Android; SparkKitty in App-Stores ∗∗∗ --------------------------------------------- Kleiner Sammelbeitrag rund um das Thema Smartphone-Apps mit Malware an Bord. Aktuell feiert die Android-Malware Godfather 2.0 ihr Comeback bzw. Erfolge beim Raubzügen beim Online-Banking. Zudem haben Sicherheitsforscher .. --------------------------------------------- https://www.borncity.com/blog/2025/06/30/malware-in-apps-godfather-2-0-fuer… ∗∗∗ What the NULL?! Wing FTP Server RCE (CVE-2025-47812) ∗∗∗ --------------------------------------------- While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It was almost the only interesting thing exposed, but we still wanted to get a foothold into their perimeter and provide the customer with an impactful finding. So we .. --------------------------------------------- https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2… ∗∗∗ Django Joins curl in Pushing Back on AI Slop Security Reports ∗∗∗ --------------------------------------------- Django has updated its official security documentation with new guidance for AI-assisted vulnerability reports, responding to a rising number of submissions generated by large language models (LLMs) that cite fabricated code or non-existent features. The change was authored by Django Fellow Natalia Bidart, who helps maintain the project’s .. --------------------------------------------- https://socket.dev/blog/django-joins-curl-in-pushing-back-on-ai-slop-securi… ∗∗∗ How hacktivist cyber operations surged amid Israeli-Iranian conflict ∗∗∗ --------------------------------------------- In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the .. --------------------------------------------- https://outpost24.com/blog/hacktivist-cyber-operations-iran-israel/ ===================== = Vulnerabilities = ===================== ∗∗∗ XSA-470 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-470.html ∗∗∗ [R1] Nessus Version 10.8.5 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-13 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2025