=====================
= End-of-Day report =
=====================
Timeframe: Montag 07-07-2025 18:00 − Dienstag 08-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ “No honor among thieves”: M&S hacking group starts turf war ∗∗∗
---------------------------------------------
A clash between criminal ransomware groups could result in victims being extorted twice.
---------------------------------------------
https://arstechnica.com/security/2025/07/no-honor-among-thieves-ms-hacking-…
∗∗∗ Qantas is being extorted in recent data-theft cyberattack ∗∗∗
---------------------------------------------
Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qantas-is-being-extorted-in-…
∗∗∗ Atomic macOS infostealer adds backdoor for persistent attacks ∗∗∗
---------------------------------------------
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as AMOS) that comes with a backdoor, to attackers persistent access to compromised systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/atomic-macos-infostealer-add…
∗∗∗ Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage ∗∗∗
---------------------------------------------
A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-…
∗∗∗ Approach to mainframe penetration testing on z/OS. Deep dive into RACF ∗∗∗
---------------------------------------------
We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.
---------------------------------------------
https://securelist.com/zos-mainframe-pentesting-resource-access-control-fac…
∗∗∗ Android Patchday fällt im Juli aus ∗∗∗
---------------------------------------------
Admins können sich zumindest in Bezug auf Android und Pixel-Smartphones zurücklehnen: Im Juli gibt es nichts zu patchen.
---------------------------------------------
https://www.heise.de/news/Android-Patchday-faellt-im-Juli-aus-10478020.html
∗∗∗ Patchday SAP: NetWeaver-Produkte sind für Schadcode-Attacken anfällig ∗∗∗
---------------------------------------------
Angreifer können unter anderem SAP NetWeaver-Produkte und Business Objects attackieren. Sicherheitsupdates stehen zum Download bereit.
---------------------------------------------
https://www.heise.de/news/Patchday-SAP-NetWeaver-Produkte-sind-fuer-Schadco…
∗∗∗ How to conduct a Password Audit in Active Directory (AD) ∗∗∗
---------------------------------------------
Weak or compromised passwords are still one of the most common ways attackers get into an organisation’s network. That’s why running password audits in Active Directory is so important. But smaller companies often don’t have the time, budget, or resources to do them regularly.
---------------------------------------------
https://www.pentestpartners.com/security-blog/how-to-conduct-a-password-aud…
∗∗∗ „Hallo Mama, das ist meine neue Nummer“ – Ein Blick hinter die Kulissen des Evergreens ∗∗∗
---------------------------------------------
Die "Hallo Mama"-Nachricht zählt zu den absoluten Phishing-Klassikern. Trotz der mittlerweile recht großen Bekanntheit versuchen Kriminelle weiterhin beharrlich, damit an Geld zu kommen. Für alle, die schon immer einmal wissen wollten, wie es im Fall einer Antwort eigentlich weitergeht, haben wir uns den Ablauf etwas näher angesehen.
---------------------------------------------
https://www.watchlist-internet.at/news/hallo-mama-hinter-den-kulissen/
∗∗∗ GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed ∗∗∗
---------------------------------------------
An IAB campaign exploited leaked ASP.NET Machine Keys. We dissect the attackers infrastructure, campaign and offer takeaways for blue teams.
---------------------------------------------
https://unit42.paloaltonetworks.com/initial-access-broker-exploits-leaked-m…
∗∗∗ Aktiv ausgenutzte Schwachstellen in Citrix NetScaler ADC und NetScaler Gateway ∗∗∗
---------------------------------------------
In den vergangenen Wochen hat Citrix mehrere Sicherheitsaktualisierungen für insgesamt drei Sicherheitslücken in seinen Produkten NetScaler ADC und NetScaler Gateway veröffentlicht: CVE-2025-6543, CVSS-Score 9.2 CVE-2025-5349, CVSS-Score 8.7 CVE-2025-5777, CVSS-Score 9.3, auch bekannt als "CitrixBleed 2" Zum Zeitpunkt der Veröffentlichung der Advisories sowie der dazugehörigen Aktualisierungen gab es laut Citrix keine aktive Ausnutzung der Schwachstellen, ..
---------------------------------------------
https://www.cert.at/de/aktuelles/2025/7/aktiv-ausgenutzte-schwachstellen-in…
∗∗∗ New spyware strain steals data from Russian industrial companies ∗∗∗
---------------------------------------------
Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets.
---------------------------------------------
https://therecord.media/spyware-strain-steals-data-russian-industrial-sector
∗∗∗ Detection Engineering: Practicing Detection-as-Code – Introduction – Part 1 ∗∗∗
---------------------------------------------
This is going to be a multipart blog series revolving around Detection Engineering and more specifically practicing Detection-as-Code in Detection Engineering. Throughout this series, we’ll dive deep into concepts, strategies, and practical blueprints that you can adapt to fit your own workflows. From building a detection engineering repository to validating ..
---------------------------------------------
https://blog.nviso.eu/2025/07/08/detection-engineering-practicing-detection…
∗∗∗ From cheap IoT toy to your smartphone: Getting RCE by leveraging a companion app ∗∗∗
---------------------------------------------
As IoT adoption continues to grow, we explored the idea that instead of directly compromising IoT devices, an attacker could target the applications controlling them. This approach could potentially allow remote code execution on a user’s smartphone.
---------------------------------------------
https://www.synacktiv.com/en/publications/from-cheap-iot-toy-to-your-smartp…
∗∗∗ New CVE Forecasting Tool Predicts 47,000 Disclosures in 2025 ∗∗∗
---------------------------------------------
Security engineer Jerry Gamblin, founder of RogoLabs, has released a new open source forecasting tool that aims to predict the growing volume of software vulnerability disclosures. The tool, CVEForecast.org, uses historical CVE data and machine learning models to generate short-term projections of how many new vulnerabilities are likely to be published.
---------------------------------------------
https://socket.dev/blog/new-cve-forecasting-tool-predicts-47-000-disclosure…
=====================
= Vulnerabilities =
=====================
∗∗∗ July Security Update ∗∗∗
---------------------------------------------
Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of ..
---------------------------------------------
https://www.ivanti.com/blog/july-security-update-2025
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 04-07-2025 18:00 − Montag 07-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Hackers abuse leaked Shellter red team tool to deploy infostealers ∗∗∗
---------------------------------------------
Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-abuse-leaked-shellte…
∗∗∗ Umsetzung von NIS 2 in Europa: Nur vier Länder haben geliefert ∗∗∗
---------------------------------------------
NIS 2 hätte bis zum 17. Oktober 2024 in nationales Recht umgesetzt werden müssen. Das ist nur wenigen Ländern gelungen. Wie haben sie das gemacht? Eine Analyse von Thomas Hafen
---------------------------------------------
https://www.golem.de/news/umsetzung-von-nis-2-in-europa-nur-vier-laender-ha…
∗∗∗ Auch Lücken und Bugs beseitigt: Neues 7-Zip komprimiert mit mehr als 64 CPU-Kernen ∗∗∗
---------------------------------------------
Wer 7-Zip im Einsatz hat, sollte das Packprogramm zeitnah aktualisieren. Version 25.00 verspricht mehr Leistung und behebt Bugs und Schwachstellen.
---------------------------------------------
https://www.golem.de/news/jetzt-updaten-7-zip-schliesst-sicherheitsluecken-…
∗∗∗ Massive spike in use of .es domains for phishing abuse ∗∗∗
---------------------------------------------
¡Cuidado! Time to double-check before entering your Microsoft creds Cybersecurity experts are reporting a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.
---------------------------------------------
https://www.theregister.com/2025/07/05/spain_domains_phishing/
∗∗∗ Ingram Micro confirms ransomware behind multi-day outage ∗∗∗
---------------------------------------------
SafePay crew claims responsibility for intrusion at one of worlds largest tech distributors Ingram Micro, one of the world’s largest distributors, has confirmed it is trying to restore systems following a ransomware attack.
---------------------------------------------
https://www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_beh…
∗∗∗ Antivirus: Comodo Internet Security lässt sich Schadcode unterschieben ∗∗∗
---------------------------------------------
Ein IT-Sicherheitsforscher hat mehrere Sicherheitslücken im Virenschutz Comodo Internet Security entdeckt, wodurch Angreifer Schadcode einschleusen können.
---------------------------------------------
https://www.heise.de/news/Antivirus-Comodo-Internet-Security-laesst-sich-Sc…
∗∗∗ SSB-104599 V1.0: Increasing Cyber Threats to Industrial Control Systems ∗∗∗
---------------------------------------------
The current geopolitical situation has created increased cybersecurity risks across all industrial sectors. This challenging environment also impacts the operational technology (OT) landscape, where we observe an intensification of threat activities.
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssb-104599.html
∗∗∗ Fake-Europol-E-Mail mit dem Vorwurf der Verbreitung pornografischer Inhalte von Minderjährigen ∗∗∗
---------------------------------------------
Derzeit wird eine gefälschte E-Mail im Namen von Europol verbreitet. Darin wird den Empfänger:innen unterstellt, verbotene pornografische Darstellungen von Minderjährigen abgerufen oder verbreitet zu haben. Angeblich sei deshalb ein Strafverfahren eingeleitet worden. Die Betroffenen werden aufgefordert, per E-Mail eine Stellungnahme zu übermitteln. Antworten Sie nicht darauf, denn es handelt sich um einen Betrugsversuch!
---------------------------------------------
https://www.watchlist-internet.at/news/europol-e-mail-mit-vorwurf-der-verbr…
∗∗∗ BERT Ransomware Group Targets Asia and Europe on Multiple Platforms ∗∗∗
---------------------------------------------
BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platforms.
---------------------------------------------
https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-target…
∗∗∗ SatanLock Ransomware Ends Operations, Says Stolen Data Will Be Leaked ∗∗∗
---------------------------------------------
SatanLock ransomware gang shuts down after weeks of attacks and plans to leak stolen victim data. Group linked to Babuk-Bjorka and GD Lockersec families.
---------------------------------------------
https://hackread.com/satanlock-ransomware-ends-operations-stolen-data-leak/
∗∗∗ Isolated Recovery Environments: A Critical Layer in Modern Cyber Resilience ∗∗∗
---------------------------------------------
As adversaries grow faster, stealthier, and more destructive, traditional recovery strategies are increasingly insufficient. Mandiants M-Trends 2025 report reinforces this shift, highlighting that ransomware operators now routinely target not just production systems but also backups. This evolution demands that organizations re-evaluate their resilience posture.
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/isolated-recovery-…
∗∗∗ How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) ∗∗∗
---------------------------------------------
Before you dive into our latest diatribe, indulge us and join us on a journey.Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, ..
---------------------------------------------
https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-mem…
∗∗∗ Lets Encrypt stellt erstes IP-Zertifikat aus ∗∗∗
---------------------------------------------
Das Lets-Encrypt-Projekt hat in der vergangenen Woche das erste Zertifikat für eine IP-Adresse ausgestellt.
---------------------------------------------
https://heise.de/-10476509
∗∗∗ Sicherheitsupdate: Dell Data Protection Advisor über viele Lücken angreifbar ∗∗∗
---------------------------------------------
Angreifer können an Schwachstellen in Dells Backuplösung Data Protection Advisor ansetzen. Der Computerhersteller stuft das Risiko als kritisch ein.
---------------------------------------------
https://heise.de/-10476481
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (thunderbird and xmedcon), Fedora (darktable, mbedtls, sudo, and yarnpkg), Mageia (catdoc and php), Red Hat (java-1.8.0-ibm, kernel, python-setuptools, python3, python3.11, python3.12, python3.9, socat, sudo, tigervnc, webkit2gtk3, webkitgtk4, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (alloy, apache-commons-fileupload, apache2-mod_security2, assimp-devel, chromedriver, clamav, clustershell, corepack22, ctdb, curl, dpkg,
---------------------------------------------
https://lwn.net/Articles/1029073/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 03-07-2025 18:00 − Freitag 04-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Ingram Micro suffers global outage as internal systems inaccessible ∗∗∗
---------------------------------------------
IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ingram-micro-suffers-global-…
∗∗∗ Hacker leaks Telefónica data allegedly stolen in a new breach ∗∗∗
---------------------------------------------
A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hacker-leaks-telef-nica-data…
∗∗∗ Rechnungshof warnt: Cybersicherheit der Bundes-IT unzureichend ∗∗∗
---------------------------------------------
Viele Rechenzentren des Bundes verfügen wohl nicht einmal über eine angemessene Notstromversorgung. Und auch an Redundanzen fehlt es häufig.
---------------------------------------------
https://www.golem.de/news/rechnungshof-warnt-cybersicherheit-der-bundes-it-…
∗∗∗ The Breach Beyond the Runway: Cybercriminals Targeted Qantas Through a Trusted Partner ∗∗∗
---------------------------------------------
On July 3, 2025, Qantas confirmed in an update statement that a cyber incident had compromised data from one of its contact centers, following the detection of suspicious activity on June 30. The breach didn’t strike at the heart of ..
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-breach-…
∗∗∗ Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects ∗∗∗
---------------------------------------------
Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world.The international effort, codenamed Operation Borrelli, was carried out by the ..
---------------------------------------------
https://thehackernews.com/2025/06/europol-dismantles-540-million.html
∗∗∗ "FoxyWallet": Mehr als 40 bösartige Firefox-Add-ons entdeckt ∗∗∗
---------------------------------------------
IT-Sicherheitsforscher haben eine groß angelegte Kampagne mit bösartigen Firefox-Add-ons entdeckt. Die räumen Krypto-Wallets leer.
---------------------------------------------
https://www.heise.de/news/FoxyWallet-Mehr-als-40-boesartige-Firefox-Add-ons…
∗∗∗ Pet microchip scams and data leaks in the UK ∗∗∗
---------------------------------------------
TL;DR We were recently on BBC Morning Live talking about issues with pet microchip data, helping some pet owners understand how they were being billed for services which they didn’t recall signing up for. There was so much more to this piece though, so we’ve written up our findings in more detail ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/pet-microchip-scams-and-data-…
∗∗∗ Das Facebook-Konto versendet unerwünschte Nachrichten? Phishing-Alarm & Abo-Falle! ∗∗∗
---------------------------------------------
Kriminelle nutzen die Angst vor „Account Hijacking“ – also der Übernahme eines Online-Kontos durch andere – für ihre Zwecke aus. Sie versenden E-Mail-Warnungen, laut denen über den Facebook-Account des Opfers „unerwünschte Nachrichten“ versendet werden. Die Lösung des vermeintlichen Problems führt direkt in eine Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/facebook-nachrichten-phishing-abo/
∗∗∗ A message from Bruce the mechanical shark ∗∗∗
---------------------------------------------
This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing.
---------------------------------------------
https://blog.talosintelligence.com/a-message-from-bruce-the-mechanical-shar…
∗∗∗ AI Dilemma: Emerging Tech as Cyber Risk Escalates ∗∗∗
---------------------------------------------
As AI adoption accelerates, businesses face mounting cyber threats—and urgent choices about secure implementation
---------------------------------------------
https://www.trendmicro.com/en_us/research/25/g/ai-cyber-risks.html
∗∗∗ Taking over 60k spyware user accounts with SQL injection ∗∗∗
---------------------------------------------
Recently I was looking through a database of known stalkerware services and found one I wasn’t familiar with: Catwatchful. It seemed to be a full-featured Android spy app, to actually be its own service as opposed to a millionth FlexiSpy reseller, and to offer a 3-day free trial. Aside from a boilerplate disclaimer to only use it with consent ..
---------------------------------------------
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
∗∗∗ Identifying Ransomware Final Stage activities with KQL Queries ∗∗∗
---------------------------------------------
When ransomware strikes, it doesn’t just encrypt files — it often wraps up with a series of stealthy moves meant to lock you out, cover tracks, and make recovery a nightmare. That’s why it’s so important to spot these final-stage activities before the damage is permanent.
---------------------------------------------
https://detect.fyi/identifying-ransomware-final-stage-activities-with-kql-q…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 02-07-2025 18:00 − Donnerstag 03-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ DOJ investigates ex-ransomware negotiator over extortion kickbacks ∗∗∗
---------------------------------------------
An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomwa…
∗∗∗ Data Breach Reveals Catwatchful Stalkerware Is Spying On Thousands of Phones ∗∗∗
---------------------------------------------
An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware apps full database of email addresses and plaintext passwords that ..
---------------------------------------------
https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatc…
∗∗∗ Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection ∗∗∗
---------------------------------------------
During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting ..
---------------------------------------------
https://blog.sucuri.net/2025/07/fake-spam-plugin-uses-victims-domain-name-t…
∗∗∗ CISA warns the Signal clone used by natsec staffers is being attacked, so patch now ∗∗∗
---------------------------------------------
Two flaws in TeleMessage are frequent attack vectors for malicious cyber actors The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.
---------------------------------------------
https://www.theregister.com/2025/07/02/cisa_telemessage_patch/
∗∗∗ ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies ∗∗∗
---------------------------------------------
Crims have cottoned on to a new way to lead you astray AI-powered chatbots often deliver incorrect information when asked to name the address for major companies’ websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.
---------------------------------------------
https://www.theregister.com/2025/07/03/ai_phishing_websites/
∗∗∗ Cisco entfernt SSH-Hintertür in Unified Communications Manager ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat Sicherheitslücken in verschiedenen Produkten geschlossen. Eine Lücke gilt als kritisch.
---------------------------------------------
https://www.heise.de/news/Cisco-entfernt-SSH-Hintertuer-in-Unified-Communic…
∗∗∗ Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack ∗∗∗
---------------------------------------------
We analyze CVE-2025-24813 (Tomcat Partial PUT RCE), CVE-2025-27636 and CVE-2025-29891 (Camel Header Hijack RCE).
---------------------------------------------
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cv…
∗∗∗ Hunters International ransomware group claims to be shutting down ∗∗∗
---------------------------------------------
“After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the prolific cybercrime gang wrote on its darknet site.
---------------------------------------------
https://therecord.media/hunters-international-ransomware-extortion-group-cl…
∗∗∗ Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure ∗∗∗
---------------------------------------------
Russian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure.
---------------------------------------------
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
=====================
= Vulnerabilities =
=====================
∗∗∗ Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2025-085
∗∗∗ Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2025-086
∗∗∗ Security Vulnerabilities fixed in Thunderbird 140 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/
∗∗∗ Security Vulnerabilities fixed in Thunderbird 128.12 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 01-07-2025 18:00 − Mittwoch 02-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft: DNS issue blocks delivery of Exchange Online OTP codes ∗∗∗
---------------------------------------------
Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-links-dns-issue-t…
∗∗∗ Kundenfang am Unfallort: Hacker verkauft Daten aus Notrufsystem an Bestatter ∗∗∗
---------------------------------------------
Die Notrufdaten sind in Echtzeit zur Verfügung gestellt worden. Die Bestatter konnten damit frühzeitig an Einsatzorten auftauchen, um neue Kunden zu gewinnen.
---------------------------------------------
https://www.golem.de/news/kundenfang-am-unfallort-hacker-verkauft-daten-aus…
∗∗∗ C2 mit Dinosauriern ∗∗∗
---------------------------------------------
Angreifer nutzen gerne Programme, die als Open Source verfügbar sind und typischerweise als legitim sowie harmlos eingestuft werden (z. B. rclone ..
---------------------------------------------
https://sec-consult.com/de/blog/detail/c2-mit-dinosauriern/
∗∗∗ chwoot: Kritische Linux-Lücke macht Nutzer auf den meisten Systemen zu Root ∗∗∗
---------------------------------------------
Ein Beispielexploit steht im Netz und funktioniert auf vielen Standardystemen. Admins sollten schnell die bereitstehenden Updates einspielen.
---------------------------------------------
https://www.heise.de/news/chwoot-Kritische-Linux-Luecke-macht-Nutzer-auf-de…
∗∗∗ Bericht: EU-Grenzsystem SIS II mit zahlreichen Sicherheitslücken ∗∗∗
---------------------------------------------
Vertrauliche Berichte sollen tausende Schwachstellen im EU-Grenzsystem SIS II monieren. Die Entwickler bessern sie zu langsam aus.
---------------------------------------------
https://www.heise.de/news/Bericht-EU-Grenzsystem-SIS-II-mit-zahlreichen-Sic…
∗∗∗ 600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Forminator WordPress Plugin ∗∗∗
---------------------------------------------
On June 20th, 2025, we received a submission for an Arbitrary File Deletion vulnerability in Forminator, a WordPress plugin with more than 600,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in a form submission, and the file will be deleted when the submission is deleted. It can be ..
---------------------------------------------
https://www.wordfence.com/blog/2025/07/600000-wordpress-sites-affected-by-a…
∗∗∗ Sinaloa-Kartell hackte das FBI, um geheime Informanten ausfindig zu machen ∗∗∗
---------------------------------------------
Ein Bericht des US-Justizministeriums übt Kritik am Umgang des FBI mit der Gefahr durch Überwachungstechnologien
---------------------------------------------
https://www.derstandard.at/story/3000000277554/sinaloa-kartell-hackte-das-f…
∗∗∗ Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work ∗∗∗
---------------------------------------------
Support for ransomware, darknet drug markets and other cybercrime activity landed the Russian company Aeza Group on the U.S. governments sanctions list, the Treasury Department said.
---------------------------------------------
https://therecord.media/russia-bulletproof-hosting-aeza-group-us-sanctions
∗∗∗ Ransomware gang attacks German charity that feeds starving children ∗∗∗
---------------------------------------------
Cybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay.
---------------------------------------------
https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransom…
∗∗∗ Analysis of Attacks Targeting Linux SSH Servers for Proxy Installation ∗∗∗
---------------------------------------------
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large ..
---------------------------------------------
https://asec.ahnlab.com/en/88749/
∗∗∗ PDFs: Portable documents, or perfect deliveries for phish? ∗∗∗
---------------------------------------------
A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks.
---------------------------------------------
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliv…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 30-06-2025 18:00 − Dienstag 01-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Root-Zugriff für alle: Kritische Sudo-Lücke gefährdet unzählige Linux-Systeme ∗∗∗
---------------------------------------------
Forscher haben eine gefährliche Sicherheitslücke im Kommandozeilentool Sudo entdeckt. Angreifer können mit wenig Aufwand Root-Rechte erlangen.
---------------------------------------------
https://www.golem.de/news/root-zugriff-fuer-alle-kritische-sudo-luecke-gefa…
∗∗∗ Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations ∗∗∗
---------------------------------------------
Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north…
∗∗∗ Vulnerability & Patch Roundup — June 2025 ∗∗∗
---------------------------------------------
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website ..
---------------------------------------------
https://blog.sucuri.net/2025/06/vulnerability-patch-roundup-june-2025.html
∗∗∗ U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure ∗∗∗
---------------------------------------------
U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists ..
---------------------------------------------
https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html
∗∗∗ OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsofts ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas ..
---------------------------------------------
https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html
∗∗∗ Terrible tales of opsec oversights: How cybercrooks get themselves caught ∗∗∗
---------------------------------------------
The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that.
---------------------------------------------
https://www.theregister.com/2025/07/01/terrible_tales_of_opsec_oversights/
∗∗∗ Überwachungskameras aus China: Kanada ordnet Schließung von Hikvision Canada an ∗∗∗
---------------------------------------------
Hikvision kommt aus China und verkauft Überwachungstechnik. Seit Jahren gibt es Kritik an dem Konzern. Nun lässt Kanada den dortigen Ableger schließen.
---------------------------------------------
https://www.heise.de/news/Ueberwachungskameras-aus-China-Kanada-ordnet-Schl…
∗∗∗ Webbrowser Chrome: Sicherheitslücke wird angegriffen ∗∗∗
---------------------------------------------
In der Nacht zum Dienstag hat Google den Chrome-Browser ungeplant aktualisiert. Eine Sicherheitslücke wird bereits attackiert.
---------------------------------------------
https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitslueck…
∗∗∗ Viele Sicherheitslücken in Dell OpenManage Network Integration geschlossen ∗∗∗
---------------------------------------------
Angreifer können Dell OpenManage Network Integration über verschiedene Wege attackieren. Sicherheitsupdates stehen zur Verfügung.
---------------------------------------------
https://www.heise.de/news/Viele-Sicherheitsluecken-in-Dell-OpenManage-Netwo…
∗∗∗ Britischer IT-Angestellter rächte sich an Ex-Arbeitgeber: Sieben Monate Haft ∗∗∗
---------------------------------------------
Nur wenige Stunden nach seiner Entlassung startete der junge Mann eine Cyberattacke und sorgte für Schäden in Höhe von 200.000 Pfund
---------------------------------------------
https://www.derstandard.at/story/3000000277498/britischer-it-angestellter-r…
∗∗∗ 50 customers of French bank hit after insider helped SIM swap scammers ∗∗∗
---------------------------------------------
French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients.
---------------------------------------------
https://www.bitdefender.com/en-us/blog/hotforsecurity/50-customers-of-frenc…
∗∗∗ Encryption vs. Lawful Interception: EU policy news ∗∗∗
---------------------------------------------
I’ve commented here on this blog (or its German twin) quite a few time already on various legislative proposals on how the law enforcement agencies can keep their traditional access to the communication of suspects. See Ein paar Thesen zu aktuellen Gesetzesentwürfen (2017) Ein paar Gedanken zur „Überwachung verschlüsselter Nachrichten" (2024) Roles in ..
---------------------------------------------
https://www.cert.at/en/blog/2025/7/encryption-vs-lawful-interception-eu-pol…
∗∗∗ DOJ raids 29 ‘laptop farms’ in crackdown on N. Korean IT worker scheme ∗∗∗
---------------------------------------------
The Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies.
---------------------------------------------
https://therecord.media/doj-raids-laptop-farms-crackdown
∗∗∗ International Criminal Court targeted by new ‘sophisticated’ attack ∗∗∗
---------------------------------------------
The ICC credited its “alert and response mechanisms” for “swiftly” discovering, confirming and containing a cyberattack.
---------------------------------------------
https://therecord.media/international-criminal-court-cyberattack-2025
∗∗∗ Malware in Apps: Godfather 2.0 für Android; SparkKitty in App-Stores ∗∗∗
---------------------------------------------
Kleiner Sammelbeitrag rund um das Thema Smartphone-Apps mit Malware an Bord. Aktuell feiert die Android-Malware Godfather 2.0 ihr Comeback bzw. Erfolge beim Raubzügen beim Online-Banking. Zudem haben Sicherheitsforscher ..
---------------------------------------------
https://www.borncity.com/blog/2025/06/30/malware-in-apps-godfather-2-0-fuer…
∗∗∗ What the NULL?! Wing FTP Server RCE (CVE-2025-47812) ∗∗∗
---------------------------------------------
While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It was almost the only interesting thing exposed, but we still wanted to get a foothold into their perimeter and provide the customer with an impactful finding. So we ..
---------------------------------------------
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2…
∗∗∗ Django Joins curl in Pushing Back on AI Slop Security Reports ∗∗∗
---------------------------------------------
Django has updated its official security documentation with new guidance for AI-assisted vulnerability reports, responding to a rising number of submissions generated by large language models (LLMs) that cite fabricated code or non-existent features. The change was authored by Django Fellow Natalia Bidart, who helps maintain the project’s ..
---------------------------------------------
https://socket.dev/blog/django-joins-curl-in-pushing-back-on-ai-slop-securi…
∗∗∗ How hacktivist cyber operations surged amid Israeli-Iranian conflict ∗∗∗
---------------------------------------------
In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the ..
---------------------------------------------
https://outpost24.com/blog/hacktivist-cyber-operations-iran-israel/
=====================
= Vulnerabilities =
=====================
∗∗∗ XSA-470 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-470.html
∗∗∗ [R1] Nessus Version 10.8.5 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2025-13
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 27-06-2025 18:00 − Montag 30-06-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Scattered Spider hackers shift focus to aviation, transportation firms ∗∗∗
---------------------------------------------
Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-shi…
∗∗∗ Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy ∗∗∗
---------------------------------------------
Lets Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lets-encrypt-ends-certificat…
∗∗∗ Unveiling RIFT: Enhancing Rust malware analysis through pattern matching ∗∗∗
---------------------------------------------
As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enh…
∗∗∗ Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor ∗∗∗
---------------------------------------------
Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked clean, no visible signs of defacement, no malicious redirects, and nothing suspicious in the plugin list. But beneath the surface, a hidden infection chain was ..
---------------------------------------------
https://blog.sucuri.net/2025/06/stealthy-wordpress-malware-drops-windows-tr…
∗∗∗ GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool ∗∗∗
---------------------------------------------
The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool."Recent campaigns in June 2025 demonstrate GIFTEDCROOKs enhanced ..
---------------------------------------------
https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html
∗∗∗ IGF25: Diktatoren und Demokraten im globalen Süden als Kunden von Spyware ∗∗∗
---------------------------------------------
Spyware wie Pegasus von der NSO-Group wird zunehmend ein politisches Problem. Das war eine der Erkenntnisse des Internet Governance Forums in Norwegen.
---------------------------------------------
https://www.heise.de/news/IGF25-Diktatoren-und-Demokraten-im-globalen-Suede…
∗∗∗ "CitrixBleed 2": Indizien für laufende Angriffe auf Sicherheitsleck ∗∗∗
---------------------------------------------
Eine Citrix-Netscaler-Lücke mit dem Spitznamen "CitrixBleed 2" ist gravierend. Nun wird sie offenbar attackiert.
---------------------------------------------
https://www.heise.de/news/CitrixBleed-2-Indizien-fuer-laufende-Angriffe-auf…
∗∗∗ Cybergang erpresst Welthungerhilfe um 1,8 Millionen Euro ∗∗∗
---------------------------------------------
Die Cybergang Rhysida ist bei der Welthungerhilfe eingebrochen und hat Daten kopiert. Nun wollen die Täter 20 Bitcoins dafür.
---------------------------------------------
https://www.heise.de/news/Ransomwareattacke-auf-Welthungerhilfe-10464644.ht…
∗∗∗ Dubiose Inkassoforderungen: Was tun bei plötzlichen Mahnschreiben? ∗∗∗
---------------------------------------------
Sie öffnen Ihr E-Mail-Postfach oder Ihren Briefkasten und finden ein Schreiben eines Inkassounternehmens. Angeblich haben Sie eine Rechnung nicht bezahlt, können sich aber nicht daran erinnern, etwas bestellt zu haben. Dieses Szenario ist leider keine Seltenheit. Immer mehr Verbraucher:innen berichten über solche dubiosen Zahlungsaufforderungen. Wir zeigen Ihnen, wie Sie reagieren können.
---------------------------------------------
https://www.watchlist-internet.at/news/dubiose-inkassoschreiben-was-tun-bei…
∗∗∗ ESET Threat Report H1 2025 ∗∗∗
---------------------------------------------
A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/
∗∗∗ Hide Your RDP: Password Spray Leads to RansomHub Deployment ∗∗∗
---------------------------------------------
This intrusion began in November 2024 with a password spray attack targeting an internet-facing RDP server. Over the course of several hours, the threat actor ..
---------------------------------------------
https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-…
∗∗∗ How 2 Ransomware Attacks on 2 Hospitals Led to 2 Deaths in Europe ∗∗∗
---------------------------------------------
Two deadly Ransomware Attacks on European hospitals show cybercrime now risks lives not just data with patients dying after treatment delays.
---------------------------------------------
https://hackread.com/how-ransomware-attacks-hospitals-2-deaths-in-europe/
∗∗∗ Protecting the Core: Securing Protection Relays in Modern Substations ∗∗∗
---------------------------------------------
Substations are critical nexus points in the power grid, transforming high-voltage electricity to ensure its safe and efficient delivery from power plants to millions of end-users. At the core of a modern substation lies the protection relay: an intelligent electronic device (IED) that plays a critical role in ..
---------------------------------------------
https://cloud.google.com/blog/topics/threat-intelligence/securing-protectio…
∗∗∗ GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them ∗∗∗
---------------------------------------------
Use these insights to automate software security (where possible) to keep your projects safe.
---------------------------------------------
https://github.blog/security/github-advisory-database-by-the-numbers-known-…
∗∗∗ Ultimate Guide to API Pentesting: Hacking APIs for better Security ∗∗∗
---------------------------------------------
API Pentesting, or Application Programming Interface Penetration Testing, is the process of simulating real-world attacks against APIs to uncover vulnerabilities, misconfigurations, and flaws that could be exploited by malicious actors. Unlike traditional web applications, APIs are designed to be consumed by machines—often exposing ..
---------------------------------------------
https://fortbridge.co.uk/research/ultimate-guide-to-api-pentesting-hacking-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by AlmaLinux (mod_proxy_cluster), Debian (catdoc, chromium, nagvis, and sudo), Fedora (chromium, gum, kubernetes1.32, moodle, podman, python3-docs, python3.13, salt, and tigervnc), Mageia (x11-server, x11-server-xwayland & tigervnc), Oracle (apache-commons-beanutils, exiv2, expat, firefox, git, git-lfs, gstreamer1-plugins-bad-free, ipa, java-21-openjdk, kea, kernel, libarchive, libblockdev, libsoup3, libvpx, libxslt, mod_auth_openidc, nodejs22, ..
---------------------------------------------
https://lwn.net/Articles/1027769/
∗∗∗ Marvell QConvergeConsole: Multible 0Day Vulnerabilities ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 26-06-2025 18:00 − Freitag 27-06-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. [..] Following responsible disclosure on May 4, 2025, multiple rounds of fixes were proposed by the maintainers, before a final patch was deployed on June 25.
---------------------------------------------
https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.h…
∗∗∗ What if Microsoft just turned you off? Security pro counts the cost of dependency ∗∗∗
---------------------------------------------
Czech developer and pen-tester Miloslav Homer has an interesting take on reducing an organization's exposure to security risks. In an article headlined "Microsoft dependency has risks," he extends the now familiar arguments in favor of improving digital sovereignty, and reducing dependence on American cloud services. The argument is quite long but closely reasoned.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2025/06/26/cost_of_micr…
∗∗∗ Act now: Secure Boot certificates expire in June 2026 ∗∗∗
---------------------------------------------
Prepare for the first global large-scale certificate update to Secure Boot. The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. The way to automatically get timely updates to new certificates for supported Windows systems is to let Microsoft manage your Windows updates, which include Secure Boot. [..] If you haven't yet, begin evaluating options and start preparing for the rollout of updated certificates across your organization in the coming months.
---------------------------------------------
https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-…
∗∗∗ Fake DocuSign email hides tricky phishing attempt ∗∗∗
---------------------------------------------
On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2025/06/fake-docusign-email-hides-tr…
∗∗∗ Die Miete ist ausständig? Vorsicht: Phishing E-Mail ∗∗∗
---------------------------------------------
Kriminelle fordern über E-Mails angeblich noch ausstehende Mietzahlungen ein. Gleichzeitig wollen sie eine Änderung des Zielkontos für zukünftige Überweisungen erwirken. Wir zeigen, wie man am besten auf eine derartige Phishing-Nachricht reagiert.
---------------------------------------------
https://www.watchlist-internet.at/news/miete-ausstaendig-phishing/
∗∗∗ SafePay ransomware: What you need to know ∗∗∗
---------------------------------------------
SafePay is a relatively new ransomware threat that was first observed around September 2024. [..] A recently published threat report released by security experts at NCC Group revealed that SafePay was currently the most active ransomware group. In the month of May 2025 alone, 70 ransomware attacks were linked to Safepay, accounting for 18% of the total.
---------------------------------------------
https://www.fortra.com/blog/safepay-ransomware-what-you-need-know
∗∗∗ Attacken auf Fernwartungslücke in Servern von HPE, Lenovo und Co. ∗∗∗
---------------------------------------------
Angreifer attackieren mehrere Sicherheitslücken in freier Wildbahn, warnt die US-amerikanische IT-Sicherheitsbehörde CISA. Am gefährlichsten sind laufende Angriffe auf die Fernwartungsfirmware in AMI MegaRAC, die etwa in Servern von Asus, Asrock Rack, HPE oder Lenovo steckt. [..] Die bereits attackierte Sicherheitslücke in der Fernwartungsfirmware AMI MegaRAC wurde Mitte März bekannt.
---------------------------------------------
https://heise.de/-10461788
∗∗∗ Phishing-Welle: Betrüger geben sich als Paypal aus ∗∗∗
---------------------------------------------
Kriminelle geben sich am Telefon derzeit wieder als PayPal aus und behaupten, es stünden hohe Überweisungen bevor.
---------------------------------------------
https://heise.de/-10462478
∗∗∗ Microsoft wirft Antivirensoftware aus dem Windows-Kernel ∗∗∗
---------------------------------------------
Ein CrowdStrike-Erlebnis will Microsoft nicht noch einmal haben. Nun fliegt deswegen Antivirensoftware aus dem Windows-Kernel. [..] Im kommenden Monat will Microsoft eine Vorschau der Windows-Endpoint-Security-Plattform an einige MVI-Partner verteilen. Die ermöglicht es ihnen, ihre IT-Sicherheitslösungen so zu bauen, dass sie außerhalb des Windows-Kernels laufen. Software wie Antivirus und Endgeräteschutz befinden sich dann im User Mode, wie normale Apps auch.
---------------------------------------------
https://heise.de/-10462538
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (freeradius and icu), Fedora (clamav, glow, libssh, perl-Crypt-OpenSSL-RSA, perl-CryptX, podman, trafficserver, and xorg-x11-server), Mageia (gdk-pixbuf2.0 and thunderbird), Red Hat (osbuild-composer and weldr-client), SUSE (afterburn, google-osconfig-agent, libblockdev, pam, python-tornado6, screen, and yelp-xsl), and Ubuntu (libxslt and python-pip).
---------------------------------------------
https://lwn.net/Articles/1027251/
∗∗∗ Mitsubishi Electric Air Conditioning Systems ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01
∗∗∗ TrendMakers Sight Bulb Pro ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02
∗∗∗ f5: K000152189: Intel BIOS vulnerability CVE-2022-21233 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000152189
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 25-06-2025 18:00 − Donnerstag 26-06-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Guenes Holler
=====================
= News =
=====================
∗∗∗ Ubuntu disables Intel GPU security mitigations, promises 20% performance boost ∗∗∗
---------------------------------------------
Spectre, you may recall, came to public notice in 2018. Spectre attacks are based on the observation that performance enhancements built into modern CPUs open a side channel that can leak secrets a CPU is processing. The performance enhancement, known as speculative execution, predicts future instructions a CPU might receive and then performs the corresponding tasks before they are even called. If the instructions never come, the CPU discards the work it performed. When the prediction is correct, the CPU has already completed the task.
---------------------------------------------
https://arstechnica.com/security/2025/06/ubuntu-disables-intel-gpu-security…
∗∗∗ New wave of ‘fake interviews’ use 35 npm packages to spread malware ∗∗∗
---------------------------------------------
A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-…
∗∗∗ Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks ∗∗∗
---------------------------------------------
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsof…
∗∗∗ Hackers turn ScreenConnect into malware using Authenticode stuffing ∗∗∗
---------------------------------------------
Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-i…
∗∗∗ CISA is Shrinking: What Does it Mean for Cyber? ∗∗∗
---------------------------------------------
Today we are going to focus on the slimmed down profile of the Cybersecurity and Infrastructure Security Agency (CISA) under the new administration. We want to know what that means practically to cybersecurity teams. We want to explore the cost of having less coming out of CISA, and any opportunities the federal government shakeup might present for business.
---------------------------------------------
https://www.darkreading.com/cybersecurity-operations/cisa-is-shrinking-what…
∗∗∗ Taming Agentic AI Risks Requires Securing Non-Human Identities ∗∗∗
---------------------------------------------
>From service accounts and Web application programming interfaces (APIs) to serverless applications and now artificial intelligence (AI) agents, the landscape of non-human identities is quickly becoming more complex. Companies are struggling to monitor and manage machine identities with security controls.
---------------------------------------------
https://www.darkreading.com/cybersecurity-operations/taming-agentic-ai-risk…
∗∗∗ RedirectionGuard: Mitigating unsafe junction traversal in Windows ∗∗∗
---------------------------------------------
As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In response, we’ve developed and deployed a new mitigation in Windows 11 called RedirectionGuard. This blog outlines how RedirectionGuard proactively closes off a major attack surface by preventing unsafe junction traversal, reinforcing our commitment to secure-by-design-principles and reducing the burden on developers and defenders.
---------------------------------------------
https://msrc.microsoft.com/blog/2025/06/redirectionguard-mitigating-unsafe-…
∗∗∗ The Case of Hidden Spam Pages ∗∗∗
---------------------------------------------
Spammy posts and pages being placed on WordPress websites is one of the most common infections that we come across. The reason being is that the attack is very low-level in terms of sophistication: All that is required of the attacker is to brute force their way into the wp-admin panel; from there they just have their scripts/bots post spam posts and pages effectively achieving a blackhat SEO attack. Since an out-of-the-box WordPress website contains no protection on admin access other than a password (with no limit on the number of failed login attempts), and the admin users can often be discovered via enumeration, this remains a very popular type of spam infection on the platform.
---------------------------------------------
https://blog.sucuri.net/2025/06/the-case-of-hidden-spam-pages.html
∗∗∗ nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery ∗∗∗
---------------------------------------------
New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.
---------------------------------------------
https://thehackernews.com/2025/06/noauth-vulnerability-still-affects-9-of.h…
∗∗∗ Sextortion: Inflationsgebeutelte Betrüger erhöhen Forderungen ∗∗∗
---------------------------------------------
IT-Sicherheitsforscher beobachten Preissteigerungen bei aktuellen Betrugsmaschen mit Sextortion-E-Mails. Offenbar sind auch die Betrüger inflationsgebeutelt und brauchen mehr Geld.
---------------------------------------------
https://www.heise.de/news/Sextortion-Inflationsgebeutelte-Betrueger-erhoehe…
∗∗∗ Outdated Routers: The Hidden Threat to Network Security, FBI Warns ∗∗∗
---------------------------------------------
The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing.
---------------------------------------------
https://www.tripwire.com/state-of-security/outdated-routers-hidden-threat-n…
∗∗∗ How we turned a real car into a Mario Kart controller by intercepting CAN data ∗∗∗
---------------------------------------------
The PTP hack car is a second-hand 2016 Renault Clio that was bought because it was relatively cheap, was recent enough to feature an ‘eCall’ telematics module, small enough to fit in the garage attached to our lab and was local. It is used by our team to experiment and mess around with automotive testing on a real vehicle. It also uses a mixture of CAN and LIN for different components.
---------------------------------------------
https://www.pentestpartners.com/security-blog/how-we-turned-a-real-car-into…
∗∗∗ Gefälschte Anfragen zur Änderung des Gehaltskontos im Namen von Mitarbeitenden! ∗∗∗
---------------------------------------------
Wer eine unerwartete E-Mail von einem Mitarbeitenden erhält, in der um die Änderung der Bankverbindung für das Gehaltskonto gebeten wird, sollte besonders aufmerksam sein. Denn dahinter können Kriminelle stecken, die sich als echte Mitarbeitende ausgeben, um Gehaltszahlungen auf ihr eigenes Konto umzuleiten.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-anfragen-zur-aenderung-d…
∗∗∗ Common SCCM Misconfigurations Leading to Privilege Escalation ∗∗∗
---------------------------------------------
We often find that in environments which has a tiered model, where SCCM is used, there are plenty of misconfigurations which can be exploited. System Center Configuration Manager (SCCM), now known as Microsoft Configuration Manager (ConfigMgr), is a systems management platform used for deploying software, managing updates, and enforcing configuration settings across large numbers of Windows devices.
---------------------------------------------
https://www.truesec.com/hub/blog/sccm-tier-killer
∗∗∗ Decrement by one to rule them all: AsIO3.sys driver exploitation ∗∗∗
---------------------------------------------
Armory Crate and AI Suite are applications used to manage and monitor ASUS motherboards and related components such as the processor, RAM or the increasingly popular RGB lighting. These types of applications often install drivers in the system, which are necessary for direct communication with hardware to configure settings or retrieve critical parameters such as CPU temperature, fan speeds and firmware updates. Therefore, it is critical to ensure that drivers are well-written with security in mind and designed such that access to the driver interfaces are limited only to certain services and administrators.
---------------------------------------------
https://blog.talosintelligence.com/decrement-by-one-to-rule-them-all/
=====================
= Vulnerabilities =
=====================
∗∗∗ WinRAR patches bug letting malware launch from extracted archives ∗∗∗
---------------------------------------------
WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/winrar-patches-bug-letting-m…
∗∗∗ Hunderte Modelle betroffen: Teils unpatchbare Lücken in Brother-Druckern entdeckt ∗∗∗
---------------------------------------------
Sicherheitsforscher von Rapid7 haben zahlreiche Multifunktionsdrucker auf mögliche Sicherheitslücken untersucht. Dabei fanden sie insgesamt acht Schwachstellen in 748 verschiedenen Scanner- und Druckermodellen. 689 dieser Modelle entfallen allein auf den Hersteller Brother, der im Fokus der Untersuchung stand. Aber auch von Fujifilm (46), Konica Minolta (6), Ricoh (5) und Toshiba (2) sind einige Geräte betroffen. Zumindest eine der acht Lücken kann wohl nicht ohne Weiteres über die Firmware gepatcht werden.
---------------------------------------------
https://www.golem.de/news/hunderte-modelle-betroffen-teils-unpatchbare-luec…
∗∗∗ Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC ∗∗∗
---------------------------------------------
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.
---------------------------------------------
https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html
∗∗∗ ZDI-25-424: Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The following CVEs are assigned: CVE-2025-6443.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-25-424/
∗∗∗ Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities ∗∗∗
---------------------------------------------
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Notepad++ Vulnerability Allows Full System Takeover — PoC Released ∗∗∗
---------------------------------------------
A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privileges to NT AUTHORITY\SYSTEM with minimal user interaction. This marks one of the most severe vulnerabilities discovered in the popular text editor, with proof-of-concept (PoC) exploitation materials now publicly available.
---------------------------------------------
https://gbhackers.com/notepad-vulnerability/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and libxml2), Fedora (firefox, libtpms, and tigervnc), Mageia (chromium-browser-stable and nss & firefox), Oracle (emacs, iputils, kernel, krb5, libarchive, mod_proxy_cluster, pam, perl-File-Find-Rule, perl-YAML-LibYAML, and qt5-qtbase), Red Hat (opentelemetry-collector, osbuild-composer, and weldr-client), SUSE (clamav, firefox, go1.24-openssl, and helm), and Ubuntu (libarchive, linux-azure, linux-azure-5.4, linux-azure-fips, linux-fips, linux-azure-nvidia, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-xilinx-zynqmp, and python-urllib3).
---------------------------------------------
https://lwn.net/Articles/1027082/
∗∗∗ Security Advisory: Airoha-based Bluetooth Headphones and Earbuds ∗∗∗
---------------------------------------------
During our research on Bluetooth headphones and earbuds, we identified several vulnerabilities in devices that incorporate Airoha Systems on a Chip (SoCs). In this blog post, we briefly want to describe the vulnerabilities, point out their impact and provide some context to currently running patch delivery processes as described at this year’s TROOPERS Conference. Airoha is a vendor that, amongst other things, builds Bluetooth SoCs and offers reference designs and implementations incorporating these chips. They have become a large supplier in the Bluetooth audio space, especially in the area of True Wireless Stereo (TWS) earbuds. Several reputable headphone and earbud vendors have built products based on Airoha’s SoCs and reference implementations using Airoha’s Software Development Kit (SDK).
---------------------------------------------
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
∗∗∗ Drupal Security Advisories 2025-June-25 ∗∗∗
---------------------------------------------
https://www.drupal.org/security
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 24-06-2025 18:00 − Mittwoch 25-06-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Sonicwall warnt vor mit Schadcode verseuchter Fake-NetExtender-App ∗∗∗
---------------------------------------------
Derzeit ist eine von Cyberkriminellen manipulierte Ausgabe der VPN-Anwendung NetExtender in Umlauf. [..] Um zu erkennen, ob man die Fake-Version installiert hat, muss man die Eigenschaften der ausführbaren NetExtender-Datei öffnen und die "Digitale Signatur" prüfen. Steht dort "CITYLIGHT MEDIA PRIVATE LIMITED", handelt es sich um die verseuchte Version und Admins sollten sie umgehend löschen.
---------------------------------------------
https://www.heise.de/news/Sonicwall-warnt-vor-mit-Schadcode-verseuchter-Fak…
∗∗∗ Microsoft: Update-Verlängerung für Windows 10 für Privatkunden konkretisiert ∗∗∗
---------------------------------------------
Microsoft hatte Support-Verlängerung für Windows-10-Privatkunden angekündigt. Jetzt gibt es Infos dazu – es geht sogar kostenlos. [..] Ob die Windows-Backup-Option wirklich als kostenlos gelten kann, hängt stark davon ab, wie viele Daten Microsoft auf den Cloud-Speicher schiebt. [..] Hier zahlen Interessierte mit ihren Daten.
---------------------------------------------
https://heise.de/-10458519
∗∗∗ Citrix Bleed Teil 2: Schwachstelle CVE-2025–5777 weitet sich aus ∗∗∗
---------------------------------------------
Zum 23. Juni 2025 gab es wohl eine Aktualisierung der Beschreibung zu CVE-2025-5777. Hieß es zum 17. Juni 2025 noch, dass man das "Netscaler Management Interface" wegen der Schwachstelle nicht dem Internet aussetzen sollte. Der Verweis auf das Netscaler Management Interface ist zum 23. Juni 2025 entfallen (lässt sich unter CVE-2025-5777 nachschlagen, wenn man am Seitenende unter "Change History" auf den Link "show changes" klickt.
---------------------------------------------
https://www.borncity.com/blog/2025/06/25/citrix-bleed-teil-2-schwachstelle-…
∗∗∗ Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity ∗∗∗
---------------------------------------------
GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025.
---------------------------------------------
https://www.greynoise.io/blog/surge-moveit-transfer-scanning-activity
∗∗∗ Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors ∗∗∗
---------------------------------------------
Dire Wolf is a newly emerged ransomware group first observed in May 2025 and Trustwave SpiderLabs recently uncovered a Dire Wolf ransomware sample that revealed for the first time key details about how the ransomware operates.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/dire-wolf-s…
∗∗∗ Cybercriminal abuse of large language models ∗∗∗
---------------------------------------------
Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs. [..] As AI technology continues to develop, Cisco Talos expects cybercriminals to continue adopting LLMs to help streamline their processes, write tools/scripts that can be used to compromise users and generate content that can more easily bypass defenses. This new technology doesn’t necessarily arm cybercriminals with completely novel cyber weapons, but it does act as a force multiplier, enhancing and improving familiar attacks.
---------------------------------------------
https://blog.talosintelligence.com/cybercriminal-abuse-of-large-language-mo…
∗∗∗ What LLMs Know About Their Users ∗∗∗
---------------------------------------------
Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users.
---------------------------------------------
https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-u…
∗∗∗ Kleine Figuren, großer Hype: Kriminelle locken vermehrt in Labubu Fake-Shops ∗∗∗
---------------------------------------------
Ihr weltweiter Siegeszug ruft immer mehr Betrüger:innen auf den Plan. Die Rede ist von Labubu Figuren. Fake-Shops locken mit vermeintlichen Schnäppchen, dienen den Kriminellen in Wahrheit aber nur als Vehikel, um sensible Daten ihrer Opfer abzugreifen und ihnen das Geld aus der Tasche zu ziehen.
---------------------------------------------
https://www.watchlist-internet.at/news/labubu-fake-shops/
∗∗∗ Post-Quantum Cryptography Implementation Enterprise-Readiness Analysis ∗∗∗
---------------------------------------------
Explore how enterprises are adopting post-quantum cryptography (PQC) using OpenSSL 3.5, hybrid TLS, and NIST-approved algorithms like Kyber and Dilithium. Learn about PQC implementation strategies, compliance timelines, tooling, and real-world deployments by Microsoft, Meta, Red Hat, and others preparing for quantum-safe encryption.
---------------------------------------------
https://www.darknet.org.uk/2025/06/post-quantum-cryptography-implementation…
∗∗∗ The Anatomy of a Business Email Compromise Attack ∗∗∗
---------------------------------------------
BEC attacks almost always start with an Email Account Compromise (EAC) – in other words, an attacker gets control of someone’s email inbox.
---------------------------------------------
https://www.truesec.com/hub/blog/the-anatomy-of-a-business-email-compromise…
=====================
= Vulnerabilities =
=====================
∗∗∗ Admin-Attacken auf HPE OneView für VMware vCenter möglich ∗∗∗
---------------------------------------------
Die in einer Warnmeldung aufgeführte Schwachstelle (CVE-2025-37101 "hoch") kann Angreifer mit Leserechten dazu befähigen, Befehle als Admins auszuführen. Wie ein solcher Angriff im Detail ablaufen könnte und ob Angreifer die Lücke bereits ausnutzen, ist derzeit nicht bekannt.
---------------------------------------------
https://www.heise.de/news/Admin-Attacken-auf-HPE-OneView-fuer-VMware-vCente…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (commons-beanutils, dcmtk, nginx, trafficserver, and xorg-server), Fedora (atuin, awatcher, dotnet8.0, firefox, glibc, gotify-desktop, keylime-agent-rust, libtpms, mirrorlist-server, qt6-qtbase, qt6-qtimageformats, udisks2, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (apache-mod_security, clamav, docker, python-django, tomcat, udisks2, and yarnpkg), Oracle (firefox, libblockdev, mod_auth_openidc, perl-FCGI, perl-YAML-LibYAML, tigervnc, and xorg-x11-server and xorg-x11-server-Xwayland), Slackware (libssh and mozilla), SUSE (gimp, gstreamer-plugins-good, icu, ignition, kernel, pam-config, perl-File-Find-Rule, python311, and webkit2gtk3), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux, linux-gcp, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure, linux-azure-6.8, linux-azure-5.15, linux-azure-fips, and linux-realtime).
---------------------------------------------
https://lwn.net/Articles/1026848/
∗∗∗ TeamViewer: Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management ∗∗∗
---------------------------------------------
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 (and additional versions listed below) on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. To exploit this vulnerability, an attacker needs local access to the Windows system. CVE-2025-36537
---------------------------------------------
https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-…
∗∗∗ Parsons AccuWeather Widget ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-06
∗∗∗ Kaleris Navis N4 Terminal Operating System ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-01
∗∗∗ Delta Electronics CNCSoft ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-02
∗∗∗ MICROSENS NMP Web+ ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07
∗∗∗ ControlID iDSecure On-Premises ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05
∗∗∗ f5: K000152048: Dnsmasq vulnerability CVE-2019-14834 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000152048
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily