Daily

daily@lists.cert.at

3284 discussions

Tageszusammenfassung - 17.10.2025
by Daily end-of-shift report 17 Oct '25

17 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-10-2025 18:00 − Freitag 17-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft: Office 2016 and Office 2019 have reached end of support ∗∗∗ --------------------------------------------- Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-o… ∗∗∗ Hackers exploit Cisco SNMP flaw to deploy rootkit on switches ∗∗∗ --------------------------------------------- Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-f… ∗∗∗ Post-exploitation framework now also delivered via npm ∗∗∗ --------------------------------------------- The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. --------------------------------------------- https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/ ∗∗∗ A Surprising Amount of Satellite Traffic Is Unencrypted ∗∗∗ --------------------------------------------- We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls .. --------------------------------------------- https://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satel… ∗∗∗ Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign ∗∗∗ --------------------------------------------- Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were "used in fake Teams setup files to .. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html ∗∗∗ Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code.The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is .. --------------------------------------------- https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.ht… ∗∗∗ Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks ∗∗∗ --------------------------------------------- Networking software company F5 disclosed a long-term breach of its systems this week. The fallout could be severe. --------------------------------------------- https://www.wired.com/story/f5-hack-networking-software-big-ip/ ∗∗∗ Cyberkriminelle erbeuten Kundendaten von Modekonzern Mango ∗∗∗ --------------------------------------------- Kundendaten von Mango geklaut – jetzt warnt der Modekonzern vor gefälschten E-Mails und Anrufen. Was Betroffene jetzt wissen müssen. --------------------------------------------- https://www.heise.de/news/Cyberkriminelle-erbeuten-Kundendaten-von-Modekonz… ∗∗∗ IP-Telefonie: Cisco und Ubiquiti stellen Sicherheits-Updates bereit ∗∗∗ --------------------------------------------- Aktualisierungen für Ubiquitis UniFi Talk sowie für mehrere IP-Telefonserien von Cisco schließen Sicherheitslücken mit "High"-Einstufung. --------------------------------------------- https://www.heise.de/news/IP-Telefonie-Cisco-und-Ubiquiti-stellen-Sicherhei… ∗∗∗ Email Bombs Exploit Lax Authentication in Zendesk ∗∗∗ --------------------------------------------- Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. --------------------------------------------- https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-… ∗∗∗ Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities ∗∗∗ --------------------------------------------- A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others. --------------------------------------------- https://unit42.paloaltonetworks.com/nation-state-threat-actor-steals-f5-sou… ∗∗∗ A review of the “Concluding report of the High-Level Group on access to data for effective law enforcement” ∗∗∗ --------------------------------------------- As I’ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a “High-Level Group on access to data for effective .. --------------------------------------------- https://www.cert.at/en/blog/2025/10/hlg-paper-review ∗∗∗ European police bust network selling thousands of phone numbers to scammers ∗∗∗ --------------------------------------------- Authorities raided a "SIM farm" operation that used tens of thousands of cards to enable fraud in several European countries, including Latvia and Austria. --------------------------------------------- https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia ∗∗∗ .NET Security Group: Partnerunternehmen erhalten frühzeitig Security-Patches ∗∗∗ --------------------------------------------- Unternehmen mit eigener .NET-Distribution können der bestehenden Sicherheitsgruppe beitreten und frühzeitig Patches für Sicherheitslücken einbinden. --------------------------------------------- https://heise.de/-10773932 ∗∗∗ How I Almost Got Hacked By A Job Interview ∗∗∗ --------------------------------------------- I was 30 seconds away from running malware on my machine. The attack vector? A fake coding interview from a "legitimate" blockchain company. Here's how a sophisticated scam operation almost got me, and why every developer needs to read this. --------------------------------------------- https://blog.daviddodda.com/how-i-almost-got-hacked-by-a-job-interview ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and libssh), Debian (firefox-esr and pgpool2), Mageia (varnish & lighttpd), Red Hat (python3, python3.11, python3.12, python3.9, and python39:3.9), SUSE (expat, gstreamer-plugins-rs, kernel, openssl1, pgadmin4, python311-ldap, and squid), and Ubuntu (dotnet8, dotnet9, dotnet10 and mupdf). --------------------------------------------- https://lwn.net/Articles/1042452/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 16.10.2025
by Daily end-of-shift report 16 Oct '25

16 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-10-2025 18:00 − Donnerstag 16-10-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Fake LastPass, Bitwarden breach alerts lead to PC hijacks ∗∗∗ --------------------------------------------- An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-brea… ∗∗∗ LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets ∗∗∗ --------------------------------------------- An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. --------------------------------------------- https://thehackernews.com/2025/10/linkpro-linux-rootkit-uses-ebpf-to-hide.h… ∗∗∗ Scammers are still sending us their fake Robinhood security alerts ∗∗∗ --------------------------------------------- A short while ago, our friends at Malwaretips wrote about a text scam impersonating Robinhood, a popular US-based investment app that lets people trade stocks and cryptocurrencies. The scam warns users about supposed “suspicious activity” on their accounts. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/10/scammers-are-still-sending-u… ∗∗∗ BeaverTail and OtterCookie evolve with a new Javascript module ∗∗∗ --------------------------------------------- Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea. --------------------------------------------- https://blog.talosintelligence.com/beavertail-and-ottercookie/ ∗∗∗ GreyNoise’s Recent Observations Around F5 ∗∗∗ --------------------------------------------- Amid the security incident involving F5 BIG-IP announced on 15 October 2025, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. --------------------------------------------- https://www.greynoise.io/blog/recent-observations-around-f5 ∗∗∗ DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains ∗∗∗ --------------------------------------------- Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and facilitate cryptocurrency theft, the first time GTIG has observed a nation-state actor adopting this method. This post is part of a two-part blog series on adversaries using EtherHiding, a technique that leverages transactions on public blockchains to store and retrieve malicious payloads—notable for its resilience against conventional takedown and blocklisting efforts. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherh… ∗∗∗ yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) ∗∗∗ --------------------------------------------- Today is the 8th of November 1996, and we’re thrilled to be exploring this new primitive we call Stack-based Buffer Overflows. It’s a great time to be alive, especially because we don’t have to deal with any of the pain of modern/not-so-modern mitigations. Oh no, wait, it’s 2025 and we are still seeing Stack-based Buffer Overflows in enterprise-grade appliances, and of course, lacking mainstream exploit mitigations. --------------------------------------------- https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds… ∗∗∗ US-Forscher belauschen unverschlüsselte Satellitenkommunikation ∗∗∗ --------------------------------------------- US-Forscher haben mit handelsüblicher Ausrüstung den Datenverkehr über Satelliten untersucht. Viele, auch sicherheitsrelevante Daten waren unverschlüsselt. --------------------------------------------- https://heise.de/-10767623 ∗∗∗ Handy-Spionage mit SS7: Tausende Opfer wurden wohl ausgespäht ∗∗∗ --------------------------------------------- Ein österreichisch-indonesisches Unternehmen bietet die Überwachung von Mobilfunkkunden an. Malware ist dafür nicht nötig, aber weitreichender Netzzugriff. --------------------------------------------- https://heise.de/-10767347 ===================== = Vulnerabilities = ===================== ∗∗∗ Gladinet fixes actively exploited zero-day in file-sharing software ∗∗∗ --------------------------------------------- Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gladinet-fixes-actively-expl… ∗∗∗ Chrome, Firefox und Thunderbird: Updates beseitigen potenzielle Einfallstore ∗∗∗ --------------------------------------------- Sowohl für Mozillas Firefox und Thunderbird als auch für Googles Chrome-Browser gibt es Aktualisierungen. Kritische Schwachstellen wurden nicht geschlossen – wohl aber einige Lücken mit "High"-Einstufung, die Cybergangster ausnutzen könnten. --------------------------------------------- https://www.heise.de/news/Chrome-Firefox-und-Thunderbird-Updates-beseitigen… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and libsoup3), Debian (chromium and firefox-esr), Fedora (httpd), Oracle (cups, ImageMagick, kernel, and vim), Red Hat (libssh), Slackware (samba), SUSE (alloy, exim, firefox-esr, ImageMagick, kernel, libcryptopp-devel, libQt6Svg6, libsoup-3_0-0, libtiff-devel-32bit, lsd, python3-gi-docgen, python311-Authlib, qt6-base, samba, and squid), and Ubuntu (ffmpeg, linux-oracle-6.8, redict, redis, samba, and subversion). --------------------------------------------- https://lwn.net/Articles/1042330/ ∗∗∗ CVE-2025-55315: Microsoft kills 9.9-rated ASP.NET Core bug – our highest ever score ∗∗∗ --------------------------------------------- Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/16/microsoft_as… ∗∗∗ Samba bei bestimmter Konfiguration über kritische Lücke angreifbar ∗∗∗ --------------------------------------------- Bei aktiviertem WINS-Support können Angreifer unter bestimmten Voraussetzungen Befehle aus der Ferne ausführen. Es gibt wichtige Patches und einen Workaround. --------------------------------------------- https://heise.de/-10773288 ∗∗∗ Open PLC and Planet vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. --------------------------------------------- https://blog.talosintelligence.com/open-plc-and-planet-vulnerabilities/ ∗∗∗ Phoenix Contact CHARX SEC-3xxx vulnerable to code injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN42282226/ ∗∗∗ Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco IOS XE Software Secure Boot Bypass Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ K000156944: Intel vulnerability CVE-2025-20093 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000156944 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 15.10.2025
by Daily end-of-shift report 15 Oct '25

15 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-10-2025 18:00 − Mittwoch 15-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ F5 says hackers stole undisclosed BIG-IP flaws, source code ∗∗∗ --------------------------------------------- U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-u… ∗∗∗ Exploit-as-a-Service Resurgence in 2025 – Broker Models, Bundles & Subscription Access ∗∗∗ --------------------------------------------- Exploit-as-a-Service in 2025: how exploit brokerages, subscription bundles, and underground access models are reshaping cyber crime economics. --------------------------------------------- https://www.darknet.org.uk/2025/10/exploit-as-a-service-resurgence-in-2025-… ∗∗∗ Microsoft: Exchange 2016 and 2019 have reached end of support ∗∗∗ --------------------------------------------- Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and… ∗∗∗ Microsoft signalisiert Windows 10 21H2 Enterprise LTSC als EOL ∗∗∗ --------------------------------------------- Kurze Information an Besitzer bzw. Administratoren von Windows 10 21H2 Enterprise LTSC (und natürlich der IoT-Version). Administratoren dieser Maschinen erhalten (fälschlich) die Information angezeigt, dass der Support für diese Version nun ende. --------------------------------------------- https://www.borncity.com/blog/2025/10/15/mega-pleite-microsoft-signalisiert… ∗∗∗ Oops! Its a kernel stack use-after-free: Exploiting NVIDIAs GPU Linux drivers ∗∗∗ --------------------------------------------- This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. [..] They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025. --------------------------------------------- http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html ∗∗∗ Credential Attacks Detected on SonicWall SSLVPN Devices ∗∗∗ --------------------------------------------- A managed security services provider has detected credential attacks on SonicWall SSLVPN devices. The attacks, reported by Huntress, involve “widespread compromise” of SonicWall SSLVPN devices. [..] The report follows a SonicWall advisory that an unauthorized party had accessed firewall configuration backup files for all SonicWall customers who have used the company’s cloud backup service. --------------------------------------------- https://thecyberexpress.com/credential-attacks-on-sonicwall-sslvpn-devices/ ∗∗∗ Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces ∗∗∗ --------------------------------------------- Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions. This occurred across both the VSCode and Open VSX marketplaces, the latter of which is used by AI-powered VSCode forks like Cursor and Windsurf. Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself. [..] An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base. --------------------------------------------- https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces ∗∗∗ LinkPro: eBPF rootkit analysis ∗∗∗ --------------------------------------------- eBPF (extended Berkeley Packet Filter) is a technology adopted in Linux for its numerous use cases (observability, security, networking, etc.) and its ability to run in the kernel context while being orchestrated from user space. Threat actors are increasingly abusing it to create sophisticated backdoors and evade traditional system monitoring tools. --------------------------------------------- https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis.html ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday XXL: Microsoft schließt teils aktiv attackierte Schwachstellen ∗∗∗ --------------------------------------------- Mit mehr als 170 geschlossenen Sicherheitslücken ist Microsofts Patchday diesen Monat überdurchschnittlich umfangreich ausgefallen. Gleich 17 Fixes für kritische Lücken stehen unter anderem für Azure, Copilot, Office sowie den Windows Server Update Service (WSUS) bereit. Überdies machen drei aktiv angegriffene Schwachstellen mit "Important"-Einstufung das (bestenfalls automatische) Einspielen der verfügbaren Updates besonders dringlich. --------------------------------------------- https://heise.de/-10764876 ∗∗∗ Patchday: Adobe schließt kritische Lücken in mehreren Produkten ∗∗∗ --------------------------------------------- Gefährliche Lücken stecken unter anderem in Substance 3D Stager, Connect, Dimension und Illustrator. Aktuelle Security-Fixes schließen sie. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-schliesst-kritische-Luecken-in-meh… ∗∗∗ Fortinet aktualisiert unter anderem FortiOS, FortiPAM und FortiSwitch Manager ∗∗∗ --------------------------------------------- Mit dem Schweregrad "High" bewertet wurden Schwachstellen in FortiOS, FortiPAM, FortiSwitch Manager, FortiDLP, Fortilsolator sowie im FortiClient Mac. [..] Zur unbefugten Ausführung von Systembefehlen per Kommandozeile könnten lokale, authentifizierte Angreifer die Schwachstelle CVE-2025-58325 ("Restricted CLI command bypass"; CVSS-Score 7.8) missbrauchen. --------------------------------------------- https://www.heise.de/news/Fortinet-aktualisiert-unter-anderem-FortiOS-Forti… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, vim, and webkit2gtk3), Debian (distro-info-data, https-everywhere, and php-horde-css-parser), Fedora (inih, mingw-exiv2, mirrorlist-server, rust-maxminddb, rust-monitord-exporter, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, and rust-protobuf-support), Mageia (fetchmail), Oracle (gnutls, kernel, vim, and webkit2gtk3), Red Hat (kernel, kernel-rt, and webkit2gtk3), Slackware (mozilla), SUSE (curl, libxslt, and net-tools), and Ubuntu (linux-azure-5.15, linux-azure-6.8, linux-azure-fips, linux-oracle, linux-oracle-6.14, and linux-raspi). --------------------------------------------- https://lwn.net/Articles/1042076/ ∗∗∗ Google Chrome: Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desk… ∗∗∗ Rockwell Automation 1715 EtherNet/IP Comms Module ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-287-01 ∗∗∗ F5: K000156572: Quarterly Security Notification (October 2025) ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000156572 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 14.10.2025
by Daily end-of-shift report 14 Oct '25

14 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Montag 13-10-2025 18:00 − Dienstag 14-10-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers can steal 2FA codes and private messages from Android phones ∗∗∗ --------------------------------------------- Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. --------------------------------------------- https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-ha… ∗∗∗ Chinese hackers abuse geo-mapping tool for year-long persistence ∗∗∗ --------------------------------------------- Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-ma… ∗∗∗ Secure Boot bypass risk on nearly 200,000 Linux Framework sytems ∗∗∗ --------------------------------------------- Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-n… ∗∗∗ Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. --------------------------------------------- https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html ∗∗∗ npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels ∗∗∗ --------------------------------------------- Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. --------------------------------------------- https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Weiterer Notfall-Patch für Oracle E-Business Suite ∗∗∗ --------------------------------------------- Oracle hat ein weiteres außerplanmäßiges Update für die E-Business Suite veröffentlicht. Einer Sicherheitswarnung zufolge lässt sich eine Sicherheitslücke mit der Kennung CVE-2025-61884(öffnet im neuen Fenster) aus der Ferne und ohne Authentifizierung ausnutzen. Angreifer erhalten unter Umständen Zugriff auf vertrauliche Ressourcen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-weiterer-notfall-patch-fuer-ora… ∗∗∗ SAP-Patchday im Oktober behebt mehrere kritische Schwachstellen ∗∗∗ --------------------------------------------- Jetzt updaten: Unter anderem stehen wichtige Sicherheitsupdates und -hinweise für NetWeaver, Print Service und Supplier Relationship Management bereit. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-im-Oktober-behebt-mehrere-kritische-… ∗∗∗ Jetzt patchen: Veeam Backup & Replication anfällig für Remote Code Execution ∗∗∗ --------------------------------------------- Ein frisch veröffentlichter Patch schützt Veeams Backup-Lösung gleich zweimal vor Codeausführung aus der Ferne. Auch der Agent für Windows wurde abgesichert. --------------------------------------------- https://www.heise.de/news/Jetzt-patchen-Veeam-Backup-Replication-anfaellig-… ∗∗∗ Totgeglaubter Internet Explorer wird zur Sicherheitslücke: Microsoft reagiert ∗∗∗ --------------------------------------------- Nach aktiven Angriffen hat Microsoft den Internet-Explorer-Modus in Edge drastisch eingeschränkt. Angreifer nutzten sogar Zero-Days für Systemübernahmen. --------------------------------------------- https://www.heise.de/news/Gefahr-aus-dem-Grab-Microsoft-verbuddelt-IE-noch-… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript and libfcgi), Fedora (qt5-qtsvg), Red Hat (kernel, perl-FCGI, perl-FCGI:0.78, and vim), SUSE (bluez, curl, podman, postgresql14, python-xmltodict, and udisks2), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-fips, linux-oracle, and subversion). --------------------------------------------- https://lwn.net/Articles/1041886/ ∗∗∗ Ivanti: October 2025 Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/october-2025-security-update -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 13.10.2025
by Daily end-of-shift report 13 Oct '25

13 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-10-2025 18:01 − Montag 13-10-2025 18:00 Handler: Felician Fuchs Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Oracle releases emergency patch for new E-Business Suite flaw ∗∗∗ --------------------------------------------- Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-pa… ∗∗∗ Windows 11 23H2 Home and Pro reach end of support in 30 days ∗∗∗ --------------------------------------------- Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pr… ∗∗∗ Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks ∗∗∗ --------------------------------------------- In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks. --------------------------------------------- https://www.darkreading.com/cybersecurity-operations/chinese-hackers-veloci… ∗∗∗ New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims PCs ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. --------------------------------------------- https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.h… ∗∗∗ Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. --------------------------------------------- https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html ∗∗∗ Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor ∗∗∗ --------------------------------------------- Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users devices. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html ∗∗∗ Invoicely Database Leak Exposes 180,000 Sensitive Records ∗∗∗ --------------------------------------------- Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide. --------------------------------------------- https://hackread.com/invoicely-database-leak-expose-sensitive-records/ ∗∗∗ 100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure ∗∗∗ --------------------------------------------- Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in the United States. --------------------------------------------- https://www.greynoise.io/blog/botnet-launches-coordinated-rdp-attack-wave ∗∗∗ Kundendaten von Qantas im Netz – auch die von Troy Hunt ∗∗∗ --------------------------------------------- Im Juli erbeuteten Angreifer wichtige Daten bei der australischen Airline. Noch ist nicht klar, was davon jetzt im Netz kursiert. --------------------------------------------- https://heise.de/-10750869 ∗∗∗ Critical GitHub Copilot Vulnerability Leaks Private Source Code ∗∗∗ --------------------------------------------- In June 2025, I found a critical vulnerability in GitHub Copilot Chat (CVSS 9.6) that allowed silent exfiltration of secrets and source code from private repos, and gave me full control over Copilot’s responses, including suggesting malicious code or links. --------------------------------------------- https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnera… ∗∗∗ North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads ∗∗∗ --------------------------------------------- The Contagious Interview operation continues to weaponize the npm registry with a repeatable playbook. Since our July 14, 2025 update, we have identified and analyzed more than 338 malicious packages with over 50,000 cumulative downloads. --------------------------------------------- https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malic… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#538470: Clevo UEFI firmware embedded BootGuard keys compromising Clevos implementation of BootGuard ∗∗∗ --------------------------------------------- Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot UEFI environment on systems where Clevo’s implementation has been adopted. --------------------------------------------- https://kb.cert.org/vuls/id/538470 ∗∗∗ Oracle Security Alert for CVE-2025-61884 - 11 October 2025 ∗∗∗ --------------------------------------------- This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources. --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (compat-libtiff3, iputils, kernel, open-vm-tools, and vim), Debian (asterisk, ghostscript, kernel, linux-6.1, and tiff), Fedora (cef, chromium, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildx, log4cxx, mingw-poppler, openssl, podman-tui, prometheus-podman-exporter, python-socketio, python3.10, python3.11, python3.12, python3.9, skopeo, and valkey), Mageia (open-vm-tools), Red Hat (compat-libtiff3, kernel, kernel-rt, vim, and webkit2gtk3), and SUSE (distrobuilder, docker-stable, expat, forgejo, forgejo-longterm, gitea-tea, go1.25, haproxy, headscale, open-vm-tools, openssl-3, podman, podofo, ruby3.4-rubygem-rack, and weblate). --------------------------------------------- https://lwn.net/Articles/1041779/ ∗∗∗ Two High Checkmk advisories released ∗∗∗ --------------------------------------------- SBAResearch published the following advisories for checkmk: SBA-ADV-20250724-01: Checkmk Agent Privilege Escalation via Insecure Temporary Files, SBA-ADV-20250730-01: Checkmk Path Traversal. --------------------------------------------- https://github.com/sbaresearch/advisories/commit/e84ca741ae34d372b4f7b294ad… ∗∗∗ Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit ∗∗∗ --------------------------------------------- An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately. --------------------------------------------- https://hackread.com/auth-bypass-service-finder-wordpress-plugin-exploit/ ∗∗∗ BigBlueButton: Update fürs Webkonferenz-System fixt Denial-of-Service-Lücken ∗∗∗ --------------------------------------------- Die Entwickler des quelloffenen Webkonferenz-Systems BigBlueButton (BBB) für Windows- und Linux-Server haben mit einem Update auf Version 3.0.13 mehrere Angriffsmöglichkeiten beseitigt. --------------------------------------------- https://heise.de/-10751398 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 10.10.2025
by Daily end-of-shift report 10 Oct '25

10 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-10-2025 18:01 − Freitag 10-10-2025 18:01 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Discord says hackers stole government IDs of 70,000 users ∗∗∗ --------------------------------------------- Discord says that hackers made off with images of 70,000 users’ government IDs that they were required to provide in order to use the site. --------------------------------------------- https://arstechnica.com/security/2025/10/discord-says-hackers-stole-governm… ∗∗∗ RondoDox botnet targets 56 n-day flaws in worldwide attacks ∗∗∗ --------------------------------------------- A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. The attacker focuses on a wide range of exposed devices, including DVRs, NVRs, CCTV systems, and web servers and have been active since June. --------------------------------------------- https://www.bleepingcomputer.com/news/security/rondodox-botnet-targets-56-n… ∗∗∗ GitHub Copilot CamoLeak AI Attack Exfiltrates Data ∗∗∗ --------------------------------------------- Every week or two nowadays, researchers come up with new ways of exploiting agentic AI tools built crudely into software platforms. Since companies are far more concerned with providing AI functionality than they are securing that functionality, there's been ample opportunity for mischief. --------------------------------------------- https://www.darkreading.com/application-security/github-copilot-camoleak-ai… ∗∗∗ From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability ∗∗∗ --------------------------------------------- Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and including 16.7.10368.56560. --------------------------------------------- https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html ∗∗∗ 175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy companies across the world, according to Socket. --------------------------------------------- https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html ∗∗∗ Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz ∗∗∗ --------------------------------------------- US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/10/cops_seize_b… ∗∗∗ Pro-Russian hackers caught bragging about attack on fake water utility ∗∗∗ --------------------------------------------- A pro-Russian hacker group has been caught boasting about a cyberattack that unfolded entirely inside a decoy system set up by researchers. --------------------------------------------- https://therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group ∗∗∗ More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600) ∗∗∗ --------------------------------------------- Welcome back. We’re excited to yet again publish memes under the guise of research and inevitably receive hate mail. But today, we’ll be doing something slightly different to normal. Today, instead of pulling apart “just one” enterprise-grade solution, we have inadvertently ripped apart a widely used ASP.NET library. --------------------------------------------- https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-aj… ∗∗∗ New Stealit Campaign Abuses Node.js Single Executable Application ∗∗∗ --------------------------------------------- FortiGuard Labs has encountered a new and active Stealit malware campaign that leverages Node.js’ Single Executable Application (SEA) feature to distribute its payloads. This campaign was uncovered following a spike in detections of a particular Visual Basic script, which was later determined to be a component for persistence. --------------------------------------------- https://feeds.fortinet.com/~/926060729/0/fortinet/blogs~New-Stealit-Campaig… ===================== = Vulnerabilities = ===================== ∗∗∗ Claroty Product Security Advisory: OIDC Configurations in Claroty Secure Access ∗∗∗ --------------------------------------------- This advisory provides important information regarding a security vulnerability affecting on-premise Claroty Secure Access (formerly known as Claroty Secure Remote Access or SRA) when configured with OpenID Connect (OIDC) authentication, either currently or previously. Fixes for affected products are available in the customer portal. There are no known public exploits or a public proof of concept (POC) of this vulnerability. --------------------------------------------- https://claroty.com/product-security/oidc-configurations-in-claroty-secure-… ∗∗∗ Monitoring-Software Checkmk: Rechteausweitungslücke in Windows-Version ∗∗∗ --------------------------------------------- Checkmk warnt vor Sicherheitslücken in der gleichnamigen Netzwerk-Überwachungssoftware. Eine betrifft den Windows-Agent und verpasst eine Einordnung als kritisches Sicherheitsrisiko nur knapp, eines der weiteren Lecks dürfte Admins hingegen keinen Schlaf rauben. --------------------------------------------- https://www.heise.de/news/Monitoring-Software-Checkmk-Rechteausweitungsluec… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (redis and valkey), Fedora (docker-buildkit, ibus-bamboo, pgadmin4, webkitgtk, and wordpress), Mageia (kernel-linus, kmod-virtualbox & kmod-xtables-addons, and microcode), Oracle (compat-libtiff3 and udisks2), Red Hat (rsync), Slackware (python3), SUSE (chromium, cJSON, digger-cli, glow, go1.24, go1.25, go1.25-openssl, grafana, libexslt0, libruby3_4-3_4, pgadmin4, python311-python-socketio, and squid), and Ubuntu (dpdk, libhtp, vim, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/1041564/ ∗∗∗ Ivanti Endpoint Manager: Zero Day Initiative veröffentlicht 13 Zero-Days ∗∗∗ --------------------------------------------- In Ivantis Endpoint Manager (EPM) steckten schwere Sicherheitslücken, die das Unternehmen seit Monaten kennt – und dennoch erst in einem halben Jahr beheben wollte. Das war Trend Micros Zero Day Initiative (ZDI) zu lang – sie veröffentlicht die Lücken nun als "Zero Days". Im Fehlerkatalog tummeln sich elf SQL Injections, eine Pfadlücke und einmal Deserialisierung nicht vertrauenswürdiger Daten. --------------------------------------------- https://heise.de/-10749054 ∗∗∗ Schadcode-Lücken in Nvidia-GPU-Treiber geschlossen ∗∗∗ --------------------------------------------- Nvidias Entwickler haben mehrere Sicherheitslücken in verschiedenen Grafikkartentreibern geschlossen. Im schlimmsten Fall kann Schadcode Systeme vollständig kompromittieren. Davon sind Linux- und Windows-Computer bedroht. --------------------------------------------- https://heise.de/-10749431 ∗∗∗ 7-Zip: Infos zu geschlossenen Sicherheitslücken verfügbar ∗∗∗ --------------------------------------------- Mit der Version 25.00 von 7-Zip hat der Entwickler im Juli einige Sicherheitslücken geschlossen. Bislang war jedoch unklar, welche. Die Zero-Day-Initiative (ZDI) von Trend Micro hat nun Informationen zu einigen der darin gestopften Sicherheitslecks veröffentlicht. --------------------------------------------- https://heise.de/-10749900 ∗∗∗ Juniper Security Director: Angreifer können Sicherheitsmechanismus umgehen ∗∗∗ --------------------------------------------- Mehrere Produkte des Netzwerkausrüsters Juniper sind verwundbar. Sind Attacken erfolgreich, können Angreifer etwa manipulierte Images installieren oder Hintertüren in Switches verankern. Sicherheitspatches stehen zum Download bereit. --------------------------------------------- https://heise.de/-10750030 ∗∗∗ DSA-6022-1 valkey - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2025/msg00188.html ∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog: CVE-2021-43798 Grafana Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/09/cisa-adds-one-known-expl… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 09.10.2025
by Daily end-of-shift report 09 Oct '25

09 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-10-2025 18:00 − Donnerstag 09-10-2025 18:01 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Crimson Collective hackers target AWS cloud instances for data theft ∗∗∗ --------------------------------------------- The Crimson Collective threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. --------------------------------------------- https://www.bleepingcomputer.com/news/security/crimson-collective-hackers-t… ∗∗∗ New FileFix attack uses cache smuggling to evade security software ∗∗∗ --------------------------------------------- A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victims system and bypassing security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-filefix-attack-uses-cach… ∗∗∗ Hacktivists target critical infrastructure, hit decoy plant ∗∗∗ --------------------------------------------- A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacktivists-target-critical-… ∗∗∗ SonicWall: Firewall configs stolen for all cloud backup customers ∗∗∗ --------------------------------------------- SonicWall has confirmed that all customers that used the companys cloud backup service are affected by last months security breach. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sonicwall-firewall-configs-s… ∗∗∗ Sicherheitsleck: Millionen Gästedaten in Hotelsoftware öffentlich einsehbar ∗∗∗ --------------------------------------------- In der Hotelsoftware Sihot ließen sich Millionen Gästedaten einsehen. Die Sicherheitslücken sind laut Hersteller aber bereits geschlossen. --------------------------------------------- https://www.golem.de/news/sicherheitsleck-millionen-gaestedaten-in-hotelsof… ∗∗∗ Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. --------------------------------------------- https://thehackernews.com/2025/10/hackers-exploit-wordpress-themes-to.html ∗∗∗ localmind.ai: KI-Sicherheitsvorfall, es ist noch nicht vorbei – Teil 3 ∗∗∗ --------------------------------------------- Der Sicherheitsvorfall beim KI-Anbieter localmind.ai scheint noch nicht ausgestanden. Der Anbieter schreibt zwar, dass die Kernsysteme der Localmind-Plattform selbst nicht kompromittiert wurden, und man glaubt, die Infrastruktur gesichert zu haben. Es hat aber den Anschein, dass dies nicht ganz zutreffend ist. --------------------------------------------- https://www.borncity.com/blog/2025/10/09/localmind-ai-ki-sicherheitsvorfall… ∗∗∗ Velociraptor leveraged in ransomware attacks ∗∗∗ --------------------------------------------- Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. --------------------------------------------- https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-att… ∗∗∗ Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick) ∗∗∗ --------------------------------------------- Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat. --------------------------------------------- https://hackread.com/fake-teams-installers-oyster-backdoor-broomstick/ ∗∗∗ New Chaos-C++ Ransomware Targets Windows by Wiping Data, Stealing Crypto ∗∗∗ --------------------------------------------- FortiGuard Labs reveals Chaos-C++, a new Chaos ransomware variant that deletes files over 1.3 GB instead of encrypting them and uses clipboard hijacking to steal cryptocurrency. --------------------------------------------- https://hackread.com/chaos-c-ransomware-windows-data-crypto/ ∗∗∗ Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign ∗∗∗ --------------------------------------------- Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. The actor began sending a high volume of emails to executives at numerous organizations, alleging the theft of sensitive data from the victims Oracle E-Business Suite (EBS) environments. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-s… ∗∗∗ SVG Phishing hits Ukraine with Amatera Stealer, PureMiner ∗∗∗ --------------------------------------------- FortiGuard Labs recently observed a phishing campaign designed to impersonate Ukrainian government agencies and deliver additional malware to targeted systems. The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments. --------------------------------------------- https://feeds.fortinet.com/~/925395818/0/fortinet/blogs~SVG-Phishing-hits-U… ===================== = Vulnerabilities = ===================== ∗∗∗ Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can send arbitrary system commands. --------------------------------------------- https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html ∗∗∗ Update: Schadcode-Lücke bedroht IBM Data Replication VSAM ∗∗∗ --------------------------------------------- Angreifer können IBM Data Replication VSAM for z/OS Remote Source attackieren. Nun wurde die Lücke geschlossen. --------------------------------------------- https://www.heise.de/news/Update-Schadcode-Luecke-bedroht-IBM-Data-Replicat… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rule-Perl), SUSE (expat, ImageMagick, matrix-synapse, python-xmltodict, redis, redis7, and valkey), and Ubuntu (fort-validator and imagemagick). --------------------------------------------- https://lwn.net/Articles/1041404/ ∗∗∗ A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk ∗∗∗ --------------------------------------------- We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/j/axis-plugin-flaw-autodesk-re… ∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025. ICSA-25-282-01 Hitachi Energy Asset Suite, ICSA-25-282-02 Rockwell Automation Lifecycle Services with Cisco, ICSA-25-282-03 Rockwell Automation Stratix and ICSA-25-128-03 Mitsubishi Electric Multiple FA Products. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/09/cisa-releases-four-indus… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 08.10.2025
by Daily end-of-shift report 08 Oct '25

08 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-10-2025 18:00 − Mittwoch 08-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug [..] The vulnerability has been addressed in version 0.6.3 of figma-developer-mcp, which was released on September 29, 2025. --------------------------------------------- https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html ∗∗∗ LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem ∗∗∗ --------------------------------------------- Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. --------------------------------------------- https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html ∗∗∗ Employees regularly paste company secrets into ChatGPT ∗∗∗ --------------------------------------------- Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if theyre using the bot without permission. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/07/gen_ai_shado… ∗∗∗ “Can you test my game?” Fake itch.io pages spread hidden malware to gamers ∗∗∗ --------------------------------------------- A convincing itch-style page can drop a stealthy stager instead of a game. Here’s how to spot it and what to do if you clicked. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2025/10/can-you-test-my-game… ∗∗∗ Is your computer mouse eavesdropping on you? ∗∗∗ --------------------------------------------- Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. [..] The method uses high-performance optical sensors in optical mice, combined with artificial intelligence, to filter out background noise and: “achieve intelligible reconstruction of user speech.” --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/10/is-your-computer-mouse-eaves… ∗∗∗ Der Klimabonus ist wieder da?! Nein, nur ein neuer Phishing-Versuch! ∗∗∗ --------------------------------------------- Betrügerische SMS-Nachrichten versuchen den Eindruck einer Rückkehr des Klimabonus zu erwecken. Eine frühzeitige Registrierung bringe Informationsvorteile und bessere Chancen für eine Auszahlung. Nichts davon ist wahr. Wir haben es vielmehr mit klassischem Phishing zu tun. --------------------------------------------- https://www.watchlist-internet.at/news/klimabonus-neuer-phishing-versuch/ ∗∗∗ Salesforce data breach: what you need to know ∗∗∗ --------------------------------------------- The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. [..] The hacker are demanding payment by this Friday, 10 October 2025. [..] Allen Tsai, a Salesforce spokesperson, said the company won’t engage, negotiate with or pay any extortion demand. --------------------------------------------- https://www.fortra.com/blog/salesforce-data-breach-what-need-know ∗∗∗ The ClickFix Factory: First Exposure of IUAM ClickFix Generator ∗∗∗ --------------------------------------------- Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals. --------------------------------------------- https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/ ∗∗∗ Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing ∗∗∗ --------------------------------------------- This article will be devoted to explaining how I reached arbitrary code execution from the crash point shown above. Of particular interest is the technique I used to achieve ROP execution. --------------------------------------------- https://www.thezdi.com/blog/2025/10/6/crafting-a-full-exploit-rce-from-a-cr… ∗∗∗ Windows 11-Setup: Microsoft blockiert künftig das Anlegen lokaler Konten ∗∗∗ --------------------------------------------- Es deutet sich an, dass lokale Benutzerkonten in Windows 11 zukünftig nicht, oder nur noch mit großen Tricks beim Setup eingerichtet werden können. In der neuesten Insider Preview Build 26220.6772 (KB5065797) vom 06. Oktober 2025 gab Microsoft bekannt, dass die Befehle, um beim Setup doch noch lokale Benutzerkonten einzurichten, gestrichen werden. --------------------------------------------- https://www.borncity.com/blog/2025/10/08/windows-11-setup-microsoft-blockie… ∗∗∗ Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research ∗∗∗ --------------------------------------------- HoneyBee takes popular cloud-deployed applications such as databases, storage services, and web apps, and automatically generates intentionally insecure Dockerfiles and Docker Compose manifests. [..] We know we aren't the only ones working on these challenges, which is why we’re open-sourcing HoneyBee with the hope that it can be just as useful to others in the security community. --------------------------------------------- https://www.wiz.io/blog/honeybee-threat-research ===================== = Vulnerabilities = ===================== ∗∗∗ Ivanti Endpoint Manager Multible 0Day Vulnerabilities ∗∗∗ --------------------------------------------- (ZDI-25-934 - ZDI-25-947) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product. --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra-igx, and --------------------------------------------- https://lwn.net/Articles/1041243/ ∗∗∗ Windows und Android: Google schließt schwerwiegende Lücken in Chrome ∗∗∗ --------------------------------------------- https://www.golem.de/news/windows-und-android-google-schliesst-schwerwiegen… ∗∗∗ ZDI-25-895: (0Day) Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-895/ ∗∗∗ B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) CVE ID: CVE-2025-3450 ∗∗∗ --------------------------------------------- https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf ∗∗∗ B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) CVE ID: CVE-2025-3449, CVE-2025-3448 ∗∗∗ --------------------------------------------- https://www.br-automation.com/fileadmin/SA25P003-178b6a20.pdf ∗∗∗ ABB: LVS MConfig Insecure memory handling CVE ID: CVE-2025-9970 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006008&Lang… ∗∗∗ Tenable: [R1] Security Center Version 6.7.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-21 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 07.10.2025
by Daily end-of-shift report 07 Oct '25

07 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Montag 06-10-2025 18:00 − Dienstag 07-10-2025 18:30 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Kritische Redis Sicherheitslücke (CVE-2025-49844) erlaubt Authenticated Remote Code Execution ∗∗∗ --------------------------------------------- Die kritische Redis Sicherheitslücke erlaubt Remote Code Execution, wenn LUA-Scripting aktiviert ist und ein speziell präpariertes Script im Kontext eines authentifiziertem Benutzer ausgeführt wird. --------------------------------------------- https://www.cert.at/de/aktuelles/2025/10/kritische-redis-sicherheitslucke-c… ∗∗∗ Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail ∗∗∗ --------------------------------------------- Last week, a little known extortion group called Crimson Collective caught my attention. At the time they only had 22 followers on Telegram. Red Hat confirmed the breach later that day, and started notifying impacted customers. Red Hat Consulting are consultants who come in to large enterprises to deal with complex technology problems. It is pretty clear their documentation and source code around customers has been stolen. --------------------------------------------- https://doublepulsar.com/red-hat-consulting-breach-puts-over-5000-high-prof… ∗∗∗ Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware ∗∗∗ --------------------------------------------- Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html ∗∗∗ Das passiert, wenn der KI-Betreiber die Sicherheit vernachlässigt ∗∗∗ --------------------------------------------- Verträge, Rechnungen und weitere sensible Daten erreichten uns via E-Mail. Die Quelle: eine österreichische KI-Firma, die demnach bei der Sicherheit schlampte. --------------------------------------------- https://www.heise.de/news/Sensible-Unternehmensdaten-ueber-Sicherheitsprobl… ∗∗∗ Phishers target 1Password users with convincing fake breach alert ∗∗∗ --------------------------------------------- Attackers are using realistic-looking 1Password emails to trick users into handing over their vault logins. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/10/phishers-target-1password-us… ∗∗∗ Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) ∗∗∗ --------------------------------------------- We bet you thought you’d be allowed to sit there, breathe, and savour the few moments of peace you’d earned after a painful week in cyber security. Obviously, you were horribly wrong, and you need to wake up now. --------------------------------------------- https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium), Red Hat (kernel, open-vm-tools, and postgresql), SUSE (chromedriver and chromium), and Ubuntu (haproxy and pam-u2f). --------------------------------------------- https://lwn.net/Articles/1041069/ ∗∗∗ CISA Releases Two Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. ICSA-25-280-01 Delta Electronics DIAScreen and ICSA-25-226-31 Rockwell Automation 1756-EN4TR, 1756-EN4TRXT. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/07/cisa-releases-two-indust… ∗∗∗ Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration ∗∗∗ --------------------------------------------- A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the flaw originates from the way these agents handle the OpenSSL configuration file on Windows systems. --------------------------------------------- https://thecyberexpress.com/zabbix-agent-cve-2025-27237/ ∗∗∗ Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin ∗∗∗ --------------------------------------------- On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers. This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts with the ‘administrator’ role. --------------------------------------------- https://www.wordfence.com/blog/2025/10/attackers-actively-exploiting-critic… ∗∗∗ ABB Security Advisory: EIBPORT Reflected XSS (CVE-2021-22291) ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A7808&Lan… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 06.10.2025
by Daily end-of-shift report 06 Oct '25

06 Oct '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-10-2025 18:00 − Montag 06-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Schwerwiegende Sicherheitslücke in Oracle E-Business Suite - aktiv ausgenutzt - Updates verfügbar ∗∗∗ --------------------------------------------- Oracle hat einen Security Alert zu einer schwerwiegenden Schwachstelle, CVE-2025-61882, in Oracle E-Business Suite veröffentlicht. Die Sicherheitslücke erlaubt es Angreifer:innen auf betroffenen Systemen ohne jedwede Authentifizierung Code auszuführen. Laut Oracle wird die Lücke bereits aktiv durch Bedrohungsakteure missbraucht. --------------------------------------------- https://www.cert.at/de/warnungen/2025/10/schwerwiegende-sicherheitslucke-in… ∗∗∗ Hackers exploited Zimbra flaw as zero-day using iCalendar files ∗∗∗ --------------------------------------------- Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploited-zimbra-fla… ∗∗∗ XWorm malware resurfaces with ransomware module, over 35 plugins ∗∗∗ --------------------------------------------- New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-wit… ∗∗∗ Scattered Lapsus$ Hunters Returns With Salesforce Leak Site ∗∗∗ --------------------------------------------- After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met. --------------------------------------------- https://www.darkreading.com/cyberattacks-data-breaches/scattered-lapsus-hun… ∗∗∗ Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads ∗∗∗ --------------------------------------------- The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. --------------------------------------------- https://thehackernews.com/2025/10/rhadamanthys-stealer-evolves-adds.html ∗∗∗ Angreifer kopierten Kundendaten von Red-Hat-GitLab-Instanz ∗∗∗ --------------------------------------------- Beim Softwarehersteller Red Hat kam es zu einem IT-Sicherheitsvorfall. Die Angreifer geben an, 570 GB an Daten kopiert zu haben. --------------------------------------------- https://www.heise.de/news/Angreifer-kopierten-Kundendaten-von-Red-Hat-GitLa… ∗∗∗ Datenleck bei Discord: Support-Dienstleister erfolgreich attackiert ∗∗∗ --------------------------------------------- Kriminelle konnten persönliche Daten von bestimmten Discord-Nutzern erbeuten. Diese könnten für Phishing-Attacken missbraucht werden. --------------------------------------------- https://www.heise.de/news/Datenleck-bei-Discord-Support-Dienstleister-erfol… ∗∗∗ Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High ∗∗∗ --------------------------------------------- On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved multiple, potentially coordinated scanning clusters. --------------------------------------------- https://www.greynoise.io/blog/palo-alto-scanning-surges ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Security Alert for CVE-2025-61882 - 4 October 2025 ∗∗∗ --------------------------------------------- This Security Alert addresses vulnerability CVE-2025-61882 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution. --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ∗∗∗ Redis warns of critical flaw impacting thousands of instances ∗∗∗ --------------------------------------------- The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. --------------------------------------------- https://www.bleepingcomputer.com/news/security/redis-warns-of-max-severity-… ∗∗∗ ZDI-25-932: MLflow Weak Password Requirements Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-11200. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-932/ ∗∗∗ ZDI-25-930: win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-11202. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-930/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, git, log4cxx, and openssl), Fedora (containernetworking-plugins, firebird, firefox, jupyterlab, mupdf, and thunderbird), Oracle (ipa), Red Hat (container-tools:rhel8, firefox, gnutls, kernel, kernel-rt, multiple packages, mysql, mysql:8.0, nginx, podman, and thunderbird), Slackware (fetchmail), SUSE (afterburn, chromium, firefox, haproxy, libvmtools-devel, logback, python311-Django, python311-Django4, and redis), and Ubuntu (linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-nvidia-tegra-igx, linux-oracle, mysql-8.0, poppler, and squid). --------------------------------------------- https://lwn.net/Articles/1040991/ ∗∗∗ Unzählige Sicherheitslücken in Dell PowerProtect Data Domain geschlossen ∗∗∗ --------------------------------------------- Stimmen die Voraussetzungen, können Angreifer Dell PowerProtect Data Domain attackieren und Systeme als Root kompromittieren. Sicherheitspatches stehen zum Download bereit. --------------------------------------------- https://heise.de/-10712169 ∗∗∗ Spiele-Engine Unity: Lücke bedroht Android, Linux, macOS und Windows ∗∗∗ --------------------------------------------- Die Laufzeitumgebung für die Spiele-Engine Unity steckt in diversen populären Spielen. Microsoft meldet nun eine schwerwiegende Sicherheitslücke darin, die Angreifern das Ausführen von Schadcode erlaubt. Bis zur Verfügbarkeit von Updates sollen Nutzerinnen und Nutzer betroffene Software deinstallieren, rät der Hersteller. --------------------------------------------- https://heise.de/-10713427 ∗∗∗ Multiple Vulnerabilities in Qsync Central ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-25-35 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily