=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 31-07-2025 18:00 − Freitag 01-08-2025 18:00
Handler: Guenes Holler
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Microsoft to disable Excel workbook links to blocked file types ∗∗∗
---------------------------------------------
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [..] After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not limited to, phishing attacks that utilize workbooks to redirect targets to malicious payloads.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-extern…
∗∗∗ Kali Linux can now run in Apple containers on macOS systems ∗∗∗
---------------------------------------------
Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apples new containerization framework.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/kali-linux-can-now-run-in-ap…
∗∗∗ Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses.
---------------------------------------------
https://thehackernews.com/2025/07/experts-detect-multi-layer-redirect.html
∗∗∗ Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report.
---------------------------------------------
https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html
∗∗∗ Huawei, at the heart of the Post outage ∗∗∗
---------------------------------------------
The cyberattack that hit Post (and Luxembourg) last week is believed to have targeted Huawei routers and their operating software. The presence of the Chinese giant at the heart of the infrastructure raises questions. The public company says it is reserving its answers for the MPs and ministers who will meet this Thursday at 10am in parliament.
---------------------------------------------
https://en.paperjam.lu/article/huawei-at-the-heart-of-the-post-outage
∗∗∗ CISA Releases Open-Source Eviction Strategies Tool for Cyber Incident Response ∗∗∗
---------------------------------------------
“How an organization approaches remediation and eviction of an incident is critically important to a successful response effort. Over the years, we have seen organizations struggle with identifying the right steps to take and the correct sequencing of actions to properly evict advanced adversaries from their enterprises,” said Jermaine Roebuck, Associate Director for Threat Hunting, CISA. “This tool will level the playing field by making it easier for IT staff and cyber defenders to coordinate efforts and achieve a successful eviction. I encourage public and private sector organizations to incorporate this capability into their incident response plans.”
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-releases-open-source-eviction-st…
∗∗∗ CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure ∗∗∗
---------------------------------------------
CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. [..] CISA and USCG are sharing their findings and associated mitigations to assist other critical infrastructure organizations identify potential similar issues and take proactive measures to improve their cybersecurity posture. The mitigations include best practices such as not storing passwords or credentials in plaintext, avoiding sharing local administrator account credentials, and implementing comprehensive logging.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2025/07/31/cisa-and-uscg-issue-join…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (firefox and thunderbird), Debian (libcommons-lang-java, node-form-data, redis, and sope), Fedora (chromium), Mageia (slurm), Oracle (apache-commons-beanutils, firefox, kernel, redis:6, and thunderbird), Red Hat (kernel, kernel-rt, libxml2, and redis), SUSE (chromium, docker, ffmpeg-7, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libgcrypt, rav1e, and sccache), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8).
---------------------------------------------
https://lwn.net/Articles/1032174/
∗∗∗ WordPress Vulnerability & Patch Roundup — July 2025 ∗∗∗
---------------------------------------------
https://blog.sucuri.net/2025/07/wordpress-vulnerability-patch-roundup-july-…
∗∗∗ Rockwell Automation Lifecycle Services with VMware ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily