Daily

daily@lists.cert.at

3284 discussions

Tageszusammenfassung - 07.08.2025
by Daily end-of-shift report 07 Aug '25

07 Aug '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-08-2025 18:00 − Donnerstag 07-08-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations ∗∗∗ --------------------------------------------- A new post-exploitation command-and-control (C2) evasion method called Ghost Calls abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ghost-calls-tactic-abuse… ∗∗∗ Wave of 150 crypto-draining extensions hits Firefox add-on store ∗∗∗ --------------------------------------------- A malicious campaign dubbed GreedyBear has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-… ∗∗∗ Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults ∗∗∗ --------------------------------------------- Secrets managers hold all the keys to an enterprises kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities. --------------------------------------------- https://www.darkreading.com/cybersecurity-operations/critical-zero-day-bugs… ∗∗∗ Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft ∗∗∗ --------------------------------------------- Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. --------------------------------------------- https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html ∗∗∗ How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes ∗∗∗ --------------------------------------------- SQL Injection (SQLi), a vulnerability almost as old as database-driven web applications themselves (CWE-89), persists as a classic example of failing to neutralize user-supplied input before its used in a SQL query. So why does this well-understood vulnerability type continue to exist? --------------------------------------------- https://www.wordfence.com/blog/2025/08/how-to-find-sql-injection-vulnerabil… ∗∗∗ New Promptware Attack Hijacks User’s Gemini AI Via Google Calendar Invite ∗∗∗ --------------------------------------------- Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances. --------------------------------------------- https://hackread.com/promptware-attack-hijack-gemini-ai-google-calendar-inv… ∗∗∗ Unveiling a New Variant of the DarkCloud Campaign ∗∗∗ --------------------------------------------- In early July 2025, a new DarkCloud campaign was observed in the wild by Fortinet’s FortiGuard Labs team. It began with a phishing email containing an attached RAR archive. I subsequently investigated this campaign and conducted a step-by-step analysis. --------------------------------------------- https://feeds.fortinet.com/~/922857380/0/fortinet/blogs~Unveiling-a-New-Var… ∗∗∗ HTTP/1.1 must die: the desync endgame ∗∗∗ --------------------------------------------- Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This paper introduces several novel classes of HTTP desync attack capable of mass compromise of user credentials. --------------------------------------------- https://portswigger.net/research/http1-must-die ∗∗∗ Malicious npm Packages Target WhatsApp Developers with Remote Kill Switch ∗∗∗ --------------------------------------------- Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted. --------------------------------------------- https://socket.dev/blog/malicious-npm-packages-target-whatsapp-developers-w… ===================== = Vulnerabilities = ===================== ∗∗∗ 6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. --------------------------------------------- https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (glibc, kernel, libxml2, python-requests, and python-setuptools), Debian (chromium), Fedora (chromium, firefox, gdk-pixbuf2, iputils, libsoup3, libssh, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, and poppler), Gentoo (Composer and Spreadsheet-ParseExcel), Oracle (glibc, kernel, libxml2, python-setuptools, sqlite, and virt:rhel and virt-devel:rhel), Red Hat (libxml2), SUSE (grub2, libarchive, libgcrypt, and python311), and Ubuntu (cifs-utils and poppler). --------------------------------------------- https://lwn.net/Articles/1032861/ ∗∗∗ Erhöhte Bedrohungsaktivität gegen SonicWall Gen 7 Firewalls mit SSLVPN - Sofortmaßnahmen empfohlen ∗∗∗ --------------------------------------------- Update: 07. August 2025 Ergänzung von technischen Indikatoren für eine forensische Untersuchung möglicherweise betroffener Geräte sowie Informationen zu der angeblich relevanten Schwachstelle. --------------------------------------------- https://www.cert.at/de/warnungen/2025/8/erhohte-bedrohungsaktivitat-gegen-s… ∗∗∗ Sicherheitslücken: Angreifer können IBM Tivoli Monitoring crashen lassen ∗∗∗ --------------------------------------------- IBMs IT-Verwaltungssoftware Tivoli Monitoring ist verwundbar und Angreifer können an zwei Sicherheitslücken ansetzen. Ein Update zum Schließen der Lücken steht zum Download bereit. --------------------------------------------- https://heise.de/-10513072 ∗∗∗ EG4 Electronics EG4 Inverters ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07 ∗∗∗ Dreame Technology iOS and Android Mobile Applications ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-06 ∗∗∗ Packet Power EMX and EG ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-05 ∗∗∗ Rockwell Automation Arena ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-04 ∗∗∗ Burk Technology ARC Solo ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-03 ∗∗∗ Johnson Controls FX80 and FX90 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02 ∗∗∗ Delta Electronics DIAView ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.08.2025
by Daily end-of-shift report 06 Aug '25

06 Aug '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-08-2025 18:00 − Mittwoch 06-08-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Driver of destruction: How a legitimate driver is being used to take down AV processes ∗∗∗ --------------------------------------------- In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. --------------------------------------------- https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/ ∗∗∗ CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. --------------------------------------------- https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.ht… ∗∗∗ CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures ∗∗∗ --------------------------------------------- The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. --------------------------------------------- https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html ∗∗∗ GenAI Used For Phishing Websites Impersonating Brazil’s Government ∗∗∗ --------------------------------------------- In this blog post, ThreatLabz explores a campaign that uses generative AI tools like DeepSite AI and BlackBox AI to create malicious replicas of Brazil's State Department of Traffic and Ministry of Education. --------------------------------------------- https://www.zscaler.com/blogs/security-research/genai-used-phishing-website… ∗∗∗ Kriminelle versenden gefälschte Zahlungsaufforderungen im Namen der WKO ∗∗∗ --------------------------------------------- Die Wirtschatfskammer Österreich (WKO) ist erneut Ziel einer Phishing-Attacke geworden. Aktuell kursiert eine betrügerische E-Mail, die vorgibt, von der WKO zu stammen. In der E-Mail wird der Eindruck erweckt, dass eine ausstehende Mitgliedsrechnung bezahlt werden müsse. Das Ziel der Attacke ist es, an persönliche Informationen und Log-in-Daten zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versenden-gefaelschte-zah… ∗∗∗ Makop Ransomware Identified in Attacks in South Korea ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by disguising as resumes or emails related to copyrights for several years. Recently, it has been reported that the ransomware is exploiting RDP for attacks. --------------------------------------------- https://asec.ahnlab.com/en/89397/ ∗∗∗ The Cost of a Call: From Voice Phishing to Data Extortion ∗∗∗ --------------------------------------------- In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations. The instance was used to store contact information and related notes for small and medium businesses. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-dat… ===================== = Vulnerabilities = ===================== ∗∗∗ Experience Manager: Adobe patcht 90 Tage nicht und bringt nun Notfallupdate ∗∗∗ --------------------------------------------- Da Proof-of-Concept-Code im Umlauf ist, könnten Angriffe auf Adobe Experience Manager bevorstehen. Angreifer können an zwei Sicherheitslücken [..] ansetzen, um Systeme zu attackieren. Die Schwachstellen sind seit April dieses Jahres bekannt, Sicherheitspatches gibt es aber erst jetzt. --------------------------------------------- https://www.heise.de/news/Experience-Manager-Adobe-patcht-90-Tage-nicht-und… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi). --------------------------------------------- https://lwn.net/Articles/1032700/ ∗∗∗ Docker: Sicherheitsalptraum MCP – sechs Lücken identifiziert ∗∗∗ --------------------------------------------- Die Containerplattform Docker warnt vor Sicherheitsrisiken, die sich durch die Nutzung von MCP-Quellen ergeben und Angreifern leichten Zugriff auf Dateien, Datenbanken, Netzwerk und Secrets eröffnen. Außerdem können die Täter weitreichend Befehle absetzen und schädlichen Code einschleusen. --------------------------------------------- https://heise.de/-10510262 ∗∗∗ Sicherheitsupdates: Root-Attacken auf Dell PowerProtect und Unity möglich ∗∗∗ --------------------------------------------- Um möglichen Attacken vorzubeugen, sollten Admins Dell PowerProtect Data Domain und Unity, UnityVSA sowie Unity XT auf den aktuellen Stand bringen. Geschieht das nicht, können Angreifer unter anderem mit Root-Rechten auf Instanzen zugreifen und diese kompromittieren. --------------------------------------------- https://heise.de/-10511706 ∗∗∗ JVN: Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN16547726/ ∗∗∗ ZDI-25-771: Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-771/ ∗∗∗ ZDI-25-807: (0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-807/ ∗∗∗ Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desk… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.08.2025
by Daily end-of-shift report 05 Aug '25

05 Aug '25

===================== = End-of-Day report = ===================== Timeframe: Montag 04-08-2025 18:00 − Dienstag 05-08-2025 18:00 Handler: Felician Fuchs Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Android gets patches for Qualcomm flaws exploited in attacks ∗∗∗ --------------------------------------------- Google has released security patches for six vulnerabilities in Androids August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-gets-patches-for-qua… ∗∗∗ Stealing Machine Keys for fun and profit (or riding the SharePoint wave) ∗∗∗ --------------------------------------------- About 10 days ago exploits for Microsoft SharePoint (CVE-2025-53770, CVE-2025-53771) started being publicly abused .. --------------------------------------------- https://isc.sans.edu/diary/Stealing+Machine+Keys+for+fun+and+profit+or+ridi… ∗∗∗ Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor ∗∗∗ --------------------------------------------- Plague malware has been around for months without tripping alarms Updated Researchers at German infosec services company Nextron Threat have spotted malware that creates a highly-persistent Linux backdoor and say antivirus engines do not flag the code as malicious. --------------------------------------------- https://www.theregister.com/2025/08/05/plague_linux_backdoor/ ∗∗∗ CrowdStrike investigated 320 North Korean IT worker cases in the past year ∗∗∗ --------------------------------------------- Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report. --------------------------------------------- https://cyberscoop.com/crowdstrike-north-korean-operatives/ ∗∗∗ Mozilla: Phishing-Attacken auf Add-on-Entwickler beobachtet ∗∗∗ --------------------------------------------- Zurzeit haben es Kriminelle auf Add-on-Entwickler abgesehen, die Erweiterungen für Firefox erstellen. --------------------------------------------- https://www.heise.de/news/Mozilla-warnt-vor-Phishing-Attacken-auf-Add-on-En… ∗∗∗ From code to stolen wallets: How hackers are trapping AI development tools ∗∗∗ --------------------------------------------- When AI becomes a target At a time when AI technology is developing rapidly, AI has been increasingly integrated into our daily lives. However, due .. --------------------------------------------- https://blog.360totalsecurity.com/en/from-code-to-stolen-wallets-how-hacker… ∗∗∗ Achtung Fake-Shop: vorwerk-deutschland.de ∗∗∗ --------------------------------------------- Auf vorwerk-deutschland.de freuen sich viele Kund:innen über ein Schnäppchen. Der neue Thermomix TM7 wird dort zu einem günstigeren Preis angeboten. Doch Vorsicht: Es handelt sich um einen Fake-Shop, der nur Zahlung per Vorkasse akzeptiert. Wer hier bestellt, verliert sein Geld und erhält keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-shop-vorwerk-deutschlan… ∗∗∗ Ukrainische Hacker erbeuteten Geheimdokumente über das neueste russische Atom-U-Boot ∗∗∗ --------------------------------------------- Die erbeuteten Daten umfassen Besatzungslisten, Einsatzdaten und Baupläne. Laut dem ukrainischen Geheimdienst wurden auch die Schwächen des U-Boots offengelegt --------------------------------------------- https://www.derstandard.at/story/3000000282244/ukrainische-hacker-erbeutete… ∗∗∗ Erhöhte Bedrohungsaktivität gegen SonicWall Gen 7 Firewalls mit SSLVPN - Sofortmaßnahmen empfohlen ∗∗∗ --------------------------------------------- SonicWall berichtet über eine deutliche Zunahme von Sicherheitsvorfällen in den letzten 96 Stunden, die Gen 7 SonicWall Firewalls mit aktiviertem SSLVPN betreffen. Die Bedrohungsaktivität wurde sowohl intern als auch von externen Organisationen und Unternehmen wie Arctic Wolf, Google Mandiant und Huntress gemeldet. Es ist noch nicht .. --------------------------------------------- https://www.cert.at/de/warnungen/2025/8/erhohte-bedrohungsaktivitat-gegen-s… ∗∗∗ From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira ∗∗∗ --------------------------------------------- Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery .. --------------------------------------------- https://thedfirreport.com/2025/08/05/from-bing-search-to-ransomware-bumbleb… ∗∗∗ Cursor IDE: Persistent Code Execution via MCP Trust Bypass ∗∗∗ --------------------------------------------- Check Point Research uncovered a persistent remote code execution vulnerability in Cursor, a fast-growing AI-powered coding platform trusted by developers worldwide. MCP Vulnerability Cursor allows attackers to gain long-term, silent access to .. --------------------------------------------- https://blog.checkpoint.com/research/cursor-ide-persistent-code-execution-v… ∗∗∗ Vietnamese-speaking hackers appear to be running global data theft operation through Telegram ∗∗∗ --------------------------------------------- A combination of phishing lures, a previously spotted infostealer and Telegram bots are fueling a campaign by apparent Vietnamese-speaking hackers to capture and sell sensitive data globally. --------------------------------------------- https://therecord.media/pxa-infostealer-telegram-bots-vietnamese-speaking-h… ∗∗∗ Neue Insights zum SharePoint-Gate: Mitarbeiter aus China für die Wartung ∗∗∗ --------------------------------------------- Seit dem SharePoint-Desaster im Juli 2025, bei dem Schwachstellen angegriffen wurden, gibt es fast jeden Tag neue Enthüllungen. Es wurde spekuliert, dass mutmaßlich chinesische Hacker vorab auf interne .. --------------------------------------------- https://www.borncity.com/blog/2025/08/05/neue-insights-zum-sharepoint-gate-… ∗∗∗ Microsoft Recall erfasst weiterhin (Juli 2025) Kreditkartendaten und Passwörter ∗∗∗ --------------------------------------------- Ist es eine Überraschung? Nein, keine Überraschung, sondern zu erwarten. Die Spionagefunktion Recall, die Microsoft auf die Windows-Systeme drückt, erfasst weiterhin Sensitives wie Kreditkartendaten und Passwörter. Und dies, .. --------------------------------------------- https://www.borncity.com/blog/2025/08/05/microsoft-recall-erfasst-weiterhin… ∗∗∗ Detection Engineering: Practicing Detection-as-Code – Validation – Part 3 ∗∗∗ --------------------------------------------- In this part, we focus on implementing validation checks to improve consistency and ensure a minimum level of quality within the detection repository. Setting up validation pipelines is a key step, as it helps enforce the defined standards, reduce errors, and ensure that detections are reliable and consistent. --------------------------------------------- https://blog.nviso.eu/2025/08/05/detection-engineering-practicing-detection… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.08.2025
by Daily end-of-shift report 04 Aug '25

04 Aug '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-08-2025 18:00 − Montag 04-08-2025 18:00 Handler: Felician Fuchs Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Pi-hole discloses data breach triggered by WordPress plugin flaw ∗∗∗ --------------------------------------------- Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pi-hole-discloses-data-breac… ∗∗∗ Mozilla warns of phishing attacks targeting add-on developers ∗∗∗ --------------------------------------------- Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mozilla-warns-of-phishing-at… ∗∗∗ New Plague Linux malware stealthily maintains SSH access ∗∗∗ --------------------------------------------- A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors… ∗∗∗ Exchange: China wirft den USA Militär-Hacking vor ∗∗∗ --------------------------------------------- China beschuldigt US-Geheimdienste, über ein Jahr lang Microsoft Exchange-Schwachstellen ausgenutzt zu haben, um Militärdaten zu stehlen. --------------------------------------------- https://www.golem.de/news/exchange-china-wirft-den-usa-militaer-hacking-vor… ∗∗∗ CISA roasts unnamed critical national infrastructure body for shoddy security hygiene ∗∗∗ --------------------------------------------- Plaintext passwords, shared admin accounts, and insufficient logging rampant at mystery org CISA is using the findings from a recent probe of an unidentified critical infrastructure organization to warn about the dangers of getting cybersecurity seriously wrong. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/08/02/cisa_coast_g… ∗∗∗ Lazarus Group rises again, this time with malware-laden fake FOSS ∗∗∗ --------------------------------------------- Software supply chain management vendor Sonatype last week published research in which it claimed that Lazarus Group has created hundreds of “shadow downloads” that appear to be popular open source software development tools but are full of malware. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/08/04/infosec_in_b… ∗∗∗ Gefälschte Rückerstattungs-Mails im Namen der WKO ∗∗∗ --------------------------------------------- Derzeit werden E-Mails mit dem Betreff „Ihr möglicher Erstattungsbetrag von bis zu 476 Euro“ an zahlreiche Mitglieder der Wirtschaftskammer Österreich (WKO) versendet. Darin wird behauptet, dass möglicherweise ein Rückerstattungsanspruch der Mitgliederbeiträge besteht, den man über einen Link prüfen kann. Achtung: Der Link führt zu einer betrügerischen Website, auf der persönliche Daten gestohlen werden. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-e-mails-zu-rueckersta… ∗∗∗ Akira Ransomware Exploiting Potential Zero-Day in SonicWall SSL VPN ∗∗∗ --------------------------------------------- Artic Wolf also suggest that the attacks could be exploiting an undetermined security flaw in the appliances, meaning a Zero-Day vulnerability, given that some of the incidents affected SonicWall devices which were fully patched. --------------------------------------------- https://www.truesec.com/hub/blog/akira-ransomware-exploiting-potential-zero… ∗∗∗ Doch Sicherheitsvorfall bei Logitech-Partnerliste ∗∗∗ --------------------------------------------- Es hat einen Sicherheitsvorfall bei einem Dienstleister gegeben, der für die Firma Logitech die Logitech-Partner betreut. Logitech-Partner erhielten die Tage eine Betrugs-Mail, die vor dem Risiko eines Angriffs auf eine MetaMask-Wallet warnte, aber einen Phishing-Link enthielt. --------------------------------------------- https://www.borncity.com/blog/2025/08/03/doch-sicherheitsvorfall-bei-logite… ∗∗∗ New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor ∗∗∗ --------------------------------------------- Security firm Point Wild has exposed a new malware campaign using malicious LNK files to install the REMCOS backdoor. This report details how attackers disguise files to gain full system control. --------------------------------------------- https://hackread.com/attack-windows-shortcut-files-install-remcos-backdoor/ ∗∗∗ When Flatpak’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal ∗∗∗ --------------------------------------------- Flatpak’s sandbox model is robust in design, but imperfect in deployment. Sandboxes dissolved through misconfiguration, vulnerabilities like CVE‑2024‑32462, and symlink exploits illustrate the friction between ideal and actual protection. --------------------------------------------- https://www.linuxjournal.com/content/when-flatpaks-sandbox-cracks-real-life… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Phishingangriffe auf IBM Operational Decision Manager möglich ∗∗∗ --------------------------------------------- IBMs Businesstool Operational Decision Manager ist verwundbar. In aktuellen Versionen haben die Entwickler zwei Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdate-Phishingangriffe-auf-IBM-Operat… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (java-21-openjdk, kernel, libxml2, and lz4), Debian (exempi, ruby-graphql, and sope), Fedora (binutils, chromium, gdk-pixbuf2, libsoup3, poppler, and reposurgeon), Mageia (glib2.0 and wxgtk), Oracle (jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base and libxml2), Red Hat (kernel, pandoc, pcs, qemu-kvm, redis, and rsync), SUSE (chromedriver, coreutils, cosign, docker, gdk-pixbuf-devel, glib2, gnutls, grub2, gstreamer-plugins-base, helm, ignition, java-21-openjdk, jbigkit, jq, kernel, kubernetes1.28, kwctl, libxml2, nvidia-open-driver-G06-signed, opensc, pam-config, protobuf, python310, tgt, and valkey), and Ubuntu (linux-iot). --------------------------------------------- https://lwn.net/Articles/1032371/ ∗∗∗ Breaking NVIDIA Triton: CVE-2025-23319 - A Vulnerability Chain Leading to AI Server Takeover ∗∗∗ --------------------------------------------- Wiz Research discovers a critical vulnerability chain allowing unauthenticated attackers to take over NVIDIAs Triton Inference Server. --------------------------------------------- https://www.wiz.io/blog/nvidia-triton-cve-2025-23319-vuln-chain-to-ai-server ∗∗∗ Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape ∗∗∗ --------------------------------------------- A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE). --------------------------------------------- https://socket.dev/blog/nestjs-rce-vuln ∗∗∗ VU#317469: Partner Software/Partner Web does not sanitize Report files and Note content, allowing for XSS and RCE ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/317469 ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2025-0005.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.08.2025
by Daily end-of-shift report 01 Aug '25

01 Aug '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 31-07-2025 18:00 − Freitag 01-08-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Microsoft to disable Excel workbook links to blocked file types ∗∗∗ --------------------------------------------- Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [..] After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not limited to, phishing attacks that utilize workbooks to redirect targets to malicious payloads. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-extern… ∗∗∗ Kali Linux can now run in Apple containers on macOS systems ∗∗∗ --------------------------------------------- Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apples new containerization framework. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kali-linux-can-now-run-in-ap… ∗∗∗ Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. --------------------------------------------- https://thehackernews.com/2025/07/experts-detect-multi-layer-redirect.html ∗∗∗ Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts ∗∗∗ --------------------------------------------- Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. --------------------------------------------- https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html ∗∗∗ Huawei, at the heart of the Post outage ∗∗∗ --------------------------------------------- The cyberattack that hit Post (and Luxembourg) last week is believed to have targeted Huawei routers and their operating software. The presence of the Chinese giant at the heart of the infrastructure raises questions. The public company says it is reserving its answers for the MPs and ministers who will meet this Thursday at 10am in parliament. --------------------------------------------- https://en.paperjam.lu/article/huawei-at-the-heart-of-the-post-outage ∗∗∗ CISA Releases Open-Source Eviction Strategies Tool for Cyber Incident Response ∗∗∗ --------------------------------------------- “How an organization approaches remediation and eviction of an incident is critically important to a successful response effort. Over the years, we have seen organizations struggle with identifying the right steps to take and the correct sequencing of actions to properly evict advanced adversaries from their enterprises,” said Jermaine Roebuck, Associate Director for Threat Hunting, CISA. “This tool will level the playing field by making it easier for IT staff and cyber defenders to coordinate efforts and achieve a successful eviction. I encourage public and private sector organizations to incorporate this capability into their incident response plans.” --------------------------------------------- https://www.cisa.gov/news-events/news/cisa-releases-open-source-eviction-st… ∗∗∗ CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure ∗∗∗ --------------------------------------------- CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. [..] CISA and USCG are sharing their findings and associated mitigations to assist other critical infrastructure organizations identify potential similar issues and take proactive measures to improve their cybersecurity posture. The mitigations include best practices such as not storing passwords or credentials in plaintext, avoiding sharing local administrator account credentials, and implementing comprehensive logging. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/07/31/cisa-and-uscg-issue-join… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox and thunderbird), Debian (libcommons-lang-java, node-form-data, redis, and sope), Fedora (chromium), Mageia (slurm), Oracle (apache-commons-beanutils, firefox, kernel, redis:6, and thunderbird), Red Hat (kernel, kernel-rt, libxml2, and redis), SUSE (chromium, docker, ffmpeg-7, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libgcrypt, rav1e, and sccache), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8). --------------------------------------------- https://lwn.net/Articles/1032174/ ∗∗∗ WordPress Vulnerability & Patch Roundup — July 2025 ∗∗∗ --------------------------------------------- https://blog.sucuri.net/2025/07/wordpress-vulnerability-patch-roundup-july-… ∗∗∗ Rockwell Automation Lifecycle Services with VMware ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.07.2025
by Daily end-of-shift report 31 Jul '25

31 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-07-2025 18:00 − Donnerstag 31-07-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install ∗∗∗ --------------------------------------------- The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload affecting all versions of the plugin prior to and including 7.8.3. It has been addressed in version 7.8.5 released on June 16, 2025. --------------------------------------------- https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html ∗∗∗ N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto ∗∗∗ --------------------------------------------- The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. --------------------------------------------- https://thehackernews.com/2025/07/n-korean-hackers-used-job-lures-cloud.html ∗∗∗ Scammers Unleash Flood of Slick Online Gaming Sites ∗∗∗ --------------------------------------------- Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. --------------------------------------------- https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-… ∗∗∗ Vorsicht vor dieser iCloud Phishing-Mail ∗∗∗ --------------------------------------------- „Letzte Mitteilung: Ihre Fotos und Videos werden gelöscht – ergreifen Sie Maßnahmen!“ Mit diesem Betreff versenden Kriminelle aktuell Phishing-Mails, die scheinbar von iCloud stammen. Unter dem Vorwand, das Speicherabonnement müsse verlängert werden, versuchen sie, an Zahlungsdaten zu gelangen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-dieser-icloud-phishing-… ∗∗∗ Patents by Silk Typhoon-linked company shed light on Beijing’s offensive hacking capabilities ∗∗∗ --------------------------------------------- SentinelOne's threat researchers pored through recent Justice Department indictments of prominent Chinese hackers and mapped out the country’s evolving web of private companies that are hired to launch cyberattacks on behalf of the government. --------------------------------------------- https://therecord.media/patents-silk-typhoon-company-beijing ∗∗∗ GreyNoise Uncovers Early Warning Signals for Emerging Vulnerabilities ∗∗∗ --------------------------------------------- It’s well known that the window between CVE disclosure and active exploitation has narrowed. But what happens before a CVE is even disclosed? In our latest research “Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities,” GreyNoise analyzed hundreds of spikes in malicious activity — scanning, brute forcing, exploit attempts, and more — targeting edge technologies. We discovered a consistent and actionable trend: in the vast majority of cases, these spikes were followed by the disclosure of a new CVE affecting the same technology within six weeks. --------------------------------------------- https://www.greynoise.io/blog/greynoise-uncovers-early-warning-signals-emer… ∗∗∗ In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network ∗∗∗ --------------------------------------------- Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution's ATM system, researchers reported Wednesday. --------------------------------------------- https://arstechnica.com/security/2025/07/in-search-of-riches-hackers-plant-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox, java-21-openjdk, kernel, thunderbird, and unbound), Debian (chromium and systemd), Fedora (libtiff), Oracle (java-21-openjdk, libtpms, nodejs:22, redis:7, thunderbird, and unbound), Red Hat (firefox, redis, and thunderbird), SUSE (apache2, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, java-11-openjdk, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestf, libarchive, nvidia-open-driver-G06-signed, redis, and rmt-server), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-hwe-6.14, linux-oem-6.14, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-fips, linux-intel-iot-realtime, linux-realtime, linux-oracle, linux-oracle-6.8, linux-realtime, and sqlite3). --------------------------------------------- https://lwn.net/Articles/1032083/ ∗∗∗ Schnell installieren: Apple fixt Zero-Day-Angriff in WebKit ∗∗∗ --------------------------------------------- Apples in der Nacht zum Mittwoch erschienene Updates für iOS, iPadOS und macOS sollten dringend schnell eingespielt werden: Wie nun erst bekannt wurde, wird damit auch ein WebKit-Bug gefixt, für den es bereits einen Exploit gibt. Dieser wird allerdings bislang nur verwendet, um Chrome-Nutzer anzugreifen, wie es in der zugehörigen NIST-Meldung heißt (CVE-2025-6558). Der Fehler wird mit "Severity: High" bewertet. Verwirrend: Apple warnt in seinen Sicherheitsunterlagen nicht vor bekannten aktiven Angriffen – offenbar, weil es für den Apple-Browser Safari noch keine entsprechenden Berichte gibt. --------------------------------------------- https://heise.de/-10505297 ∗∗∗ Sicherheitsupdate: Schwachstellen gefährden HCL BigFix Remote Control ∗∗∗ --------------------------------------------- Die Endpoint-Management-Plattform HCL BigFix ist verwundbar (CVE-2025-31965 "hoch"), und Angreifer können unbefugt Daten einsehen oder mit viel Aufwand und richtigem Timing sogar auf einen privaten Schlüssel zugreifen. Die Schwachstellen finden sich konkret in HCL BigFix Remote Control. Eine abgesicherte Version steht zum Download bereit. --------------------------------------------- https://heise.de/-10505415 ∗∗∗ CVE-2025-8292 - DSA-5968-1 chromium - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2025/msg00132.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.07.2025
by Daily end-of-shift report 30 Jul '25

30 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-07-2025 18:00 − Mittwoch 30-07-2025 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Attackers Can Use Browser Extensions to Inject AI Prompts ∗∗∗ --------------------------------------------- A brand-new cyberattack vector allows threat actors to use a poisoned browser extension to inject malicious prompts into all of the top generative AI tools on the market, including ChatGPT, Gemini, and others. --------------------------------------------- https://www.darkreading.com/vulnerabilities-threats/attackers-use-browser-e… ∗∗∗ PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain ∗∗∗ --------------------------------------------- The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack thats targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply(a)pypj[.]org (note that the domain is not "pypi[.]org"). --------------------------------------------- https://thehackernews.com/2025/07/pypi-warns-of-ongoing-phishing-campaign.h… ∗∗∗ 2025 Unit 42 Global Incident Response Report: Social Engineering Edition ∗∗∗ --------------------------------------------- Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why its surging. We detail eight critical countermeasures. --------------------------------------------- https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-r… ∗∗∗ Google Project Zero to publicly announce bugs within a week of reporting them ∗∗∗ --------------------------------------------- The vulnerability hunters at Google Project Zero want to address what they call the "upstream patch gap," when a vendor has a fix available but the downstream product providers havent integrated it yet. --------------------------------------------- https://therecord.media/google-project-zero-publicly-announce-vulnerabiliti… ∗∗∗ Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims ∗∗∗ --------------------------------------------- Cybersecurity company Avast released a decryptor for the short-lived FunkSec ransomware and said it is assisting dozens of the gangs targets with the process. --------------------------------------------- https://therecord.media/funksec-ransomware-decryptor-avast ∗∗∗ New Choicejacking Attack Steals Data from Phones via Public Chargers ∗∗∗ --------------------------------------------- Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds. --------------------------------------------- https://hackread.com/choicejacking-attack-steals-data-phones-public-charger… ∗∗∗ CISA Releases Part One of Zero Trust Microsegmentation Guidance ∗∗∗ --------------------------------------------- This guidance provides a high-level overview of microsegmentation, focusing on its key concepts, associated challenges and potential benefits, and includes recommended actions to modernize network security and advance zero trust principles. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/07/29/cisa-releases-part-one-z… ===================== = Vulnerabilities = ===================== ∗∗∗ New Lenovo UEFI firmware updates fix Secure Boot bypass flaws ∗∗∗ --------------------------------------------- Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface). --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-lenovo-uefi-firmware-upd… ∗∗∗ Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome ∗∗∗ --------------------------------------------- Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via a crafted HTML page. --------------------------------------------- https://thehackernews.com/2025/07/apple-patches-safari-vulnerability-also.h… ∗∗∗ Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. --------------------------------------------- https://thehackernews.com/2025/07/critical-dahua-camera-flaws-enable.html ∗∗∗ Autodesk Security Advisory 29.07.2025 ∗∗∗ --------------------------------------------- Certain Autodesk products use a shared component that is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction. --------------------------------------------- https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015 ∗∗∗ Sicherheitsupdates: Angreifer können auf Dell ECS und ObjectScale zugreifen ∗∗∗ --------------------------------------------- Angreifer können mit vergleichsweise wenig Aufwand auf Dell Elastic Cloud Storage (ECS) und ObjectScale zugreifen. Damit setzten Firmen unter anderem Cloudspeicher auf. Liegen dort wichtige Daten, können unbefugte Zugriffe weitreichende Folgen haben. Sicherheitsupdates schließen die Schwachstelle. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-auf-Dell-ECS… ∗∗∗ Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- The Stable channel has been updated to 138.0.7204.183/.184 for Windows, Mac and 138.0.7204.183 for Linux which will roll out over the coming days/weeks. This update includes 4 security fixes. --------------------------------------------- http://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desk… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4, and perl). --------------------------------------------- https://lwn.net/Articles/1031919/ ∗∗∗ Zahnarzt Praxis-Verwaltung-System (PVS): Sicherheitslücken beim CGM Z1 – Teil 1 ∗∗∗ --------------------------------------------- Von der Firma CompuGroup Medical (CGM) wird auch ein Praxis-Verwaltungssystem (PVS) für Zahnärzte vertrieben. Das System ist laut Firmenaussage bei über 7.000 Zahnärzten im Einsatz. Eine anonym bleiben wollende Quelle informierte mich Anfang des Jahres über potentielle Sicherheitsprobleme in dieser Software. Inzwischen hat es ein Software-Update gegeben, mit dem diese Probleme ausgeräumt sein sollten. Ich fasse mal den Sachverhalt in einigen Blog-Beiträgen zusammen. --------------------------------------------- https://www.borncity.com/blog/2025/07/30/sicherheit-beim-zahnarzt-pvs-z1/ ∗∗∗ Delta Electronics DTN Soft ∗∗∗ --------------------------------------------- According to Delta Electronics, if a version of DTN Soft prior to v2.1.0 is installed, it should be updated to v2.1.0 or later. If DTM Soft is also installed, it should be updated to v1.6.0.0 (released on March 25, 2025) or later. Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-03 ∗∗∗ TP-Link Archer C50 router is vulnerable to configuration-file decryption ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/554637 ∗∗∗ Security update for Tenable Patch Management Fixes One Vulnerability ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-15 ∗∗∗ CISA: Security update for National Instruments LabVIEW ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-01 ∗∗∗ CISA: Security update for Samsung HVAC DMS ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.07.2025
by Daily end-of-shift report 29 Jul '25

29 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Montag 28-07-2025 18:00 − Dienstag 29-07-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test ∗∗∗ --------------------------------------------- On Friday, OpenAI's new ChatGPT Agent, which can perform multistep tasks for users, proved it can pass through one of the Internet's most common security checkpoints by clicking Cloudflare's anti-bot verification—the same checkbox that's supposed to keep automated programs like itself at bay. --------------------------------------------- https://arstechnica.com/information-technology/2025/07/openais-chatgpt-agen… ∗∗∗ Exploit available for critical Cisco ISE bug exploited in attacks ∗∗∗ --------------------------------------------- Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-available-for-critic… ∗∗∗ Endgame Gear mouse config tool infected users with malware ∗∗∗ --------------------------------------------- Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. The infected file was hosted on 'endgamegear.com/gaming-mice/op1w-4k-v2,' so users downloading the tool from that page during this period were infected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/endgame-gear-mouse-config-to… ∗∗∗ Critical Flaw in Vibe-Coding Platform Base44 Exposed Apps ∗∗∗ --------------------------------------------- The rise of "vibe coding" platforms that enable developers to build software with minimal traditional coding could create a slew of new security risks for organizations. A recent example is a now-patched vulnerability in the Base44 AI-powered development platform that allowed unauthorized users to gain complete access to private enterprise applications hosted on the service. --------------------------------------------- https://www.darkreading.com/application-security/critical-flaw-vibe-coding-… ∗∗∗ Parasitic Sharepoint Exploits ∗∗∗ --------------------------------------------- Last week, newly exploited SharePoint vulnerabilities took a lot of our attention. It is fair to assume that last Monday (July 21st), all exposed vulnerable SharePoint installs were exploited. Of course, there is nothing to prevent multiple exploitation of the same instance, and a lot of that certainly happened. But why exploit it yourself if you can just take advantage of backdoors left behind by prior exploits? A number of these backdoors were widely publicised. The initial backdoor "spinstall0.aspx", was frequently observed and Microsoft listed various variations of this filename [1]. --------------------------------------------- https://isc.sans.edu/diary/rss/32148 ∗∗∗ Windows auf veraltete libcurl-Bibliotheken in Programmen überprüfen ∗∗∗ --------------------------------------------- Microsoft liefert die cURL-Bibliothek häufiger mit veralteten Versionen, die Sicherheitslücken aufweisen, aus. Auch Software-Pakete kommen mit uralten libcurl-Dateien daher. Wie kann ich prüfen, ob da irgendwelche Altlasten auf meinen Systemen schlummern? --------------------------------------------- https://www.borncity.com/blog/2025/07/29/software-und-die-veralteten-libcur… ∗∗∗ Gunra Ransomware Group Unveils Efficient Linux Variant ∗∗∗ --------------------------------------------- Gunra ransomware was first observed in April 2025 in a campaign that targeted Windows systems using techniques inspired by the infamous Conti ransomware. Our monitoring of the ransomware landscape revealed that threat actors behind Gunra have expanded with a Linux variant, signaling a strategic move toward cross-platform targeting. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/g/gunra-ransomware-linux-varia… ∗∗∗ SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm ∗∗∗ --------------------------------------------- Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. --------------------------------------------- https://hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/ ∗∗∗ Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598) ∗∗∗ --------------------------------------------- Our initial journey started with analyzing SonicWall N-days that were receiving coveted attention from our friendly APT groups. But somewhere along the way - deep in a fog of malformed headers and reverse proxy schenanigans - we stumbled across vulnerabilities that feel like they were preserved in amber from a more naïve era of C programming. --------------------------------------------- https://labs.watchtowr.com/stack-overflows-heap-overflows-and-existential-d… ∗∗∗ Security: CERT@VDE wird erste deutsche Schaltzentrale für Sicherheitslücken ∗∗∗ --------------------------------------------- Das Sicherheits- und Computer-Notfallteam des Elektrotechnik- und IT-Verbands VDE spielt international seit wenigen Tagen eine wichtigere Rolle. Die Branchenvereinigung teilte am Freitag mit, dass das eigene Computer Emergency Response Team CERT@VDE zur zentralen Stelle im Kampf gegen IT-Sicherheitslücken im Bereich der Industrieautomation mit Fokus auf kleine und mittlere Unternehmen aufgestiegen sei. Dessen Arbeit zur Koordination von Security-Problemen in diesem Sektor erhält damit eine weltweite Bedeutung. --------------------------------------------- https://heise.de/-10502241 ∗∗∗ Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely! ∗∗∗ --------------------------------------------- Generative AI and LLM technologies have shown great potential in recent years, and for this reason, an increasing number of applications are starting to integrate them for multiple purposes. These applications are becoming increasingly complex, adopting approaches that involve multiple specialized agents, each focused on one or more tasks, interacting with one another and using external tools to access information, perform operations, or carry out tasks that LLMs are not capable of handling directly (e.g., mathematical computations). --------------------------------------------- https://security.humanativaspa.it/attacking-genai-applications-and-llms-som… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2025-26397 - ZDI-25-654: SolarWinds TFTP Server Deserialization of Untrusted Data Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds TFTP Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the internal TFTP communications endpoint, which listens on the localhost interface on TCP port 8099 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-654/ ∗∗∗ Jetzt patchen! Attacken auf PaperCut NG/MF beobachtet ∗∗∗ --------------------------------------------- Aufgrund derzeit laufender Angriffe sollten Admins sicherstellen, dass sie eine aktuelle Ausgabe der Druckermanagementsoftware PaperCut NG/MF installiert haben. Sind Attacken erfolgreich, können Angreifer im schlimmsten Fall Schadcode auf Systeme schieben und ausführen. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://www.heise.de/news/Jetzt-patchen-Attacken-auf-PaperCut-NG-MF-beobach… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (freerdp, git-lfs, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, icu, ipa, iputils, krb5, libvpx, nodejs:22, osbuild-composer, perl, python-tornado, qt6-qtbase, sqlite, unbound, valkey, wireshark, and yggdrasil), Debian (libfastjson and php8.2), Fedora (glibc), Oracle (firefox, icu, perl, and unbound), Red Hat (389-ds-base, glib2, icu, libtpms, redis:6, redis:7, and yelp), SUSE (boost, forgejo-longterm, java-11-openj9, java-17-openj9, java-1_8_0-openj9, kernel, nginx, and salt), and Ubuntu (linux-xilinx-zynqmp, openjdk-8, openjdk-lts, poppler, and sqlite3). --------------------------------------------- https://lwn.net/Articles/1031812/ ∗∗∗ Samsung Security Updates for Smart TV, Audio and Displays ∗∗∗ --------------------------------------------- https://security.samsungtv.com/securityUpdates ∗∗∗ CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2025-2179 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.07.2025
by Daily end-of-shift report 28 Jul '25

28 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-07-2025 18:00 − Montag 28-07-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Supply-chain attacks on open source software are getting out of hand ∗∗∗ --------------------------------------------- It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users. --------------------------------------------- https://arstechnica.com/security/2025/07/open-source-repositories-are-seein… ∗∗∗ Amazon AI coding agent hacked to inject data wiping commands ∗∗∗ --------------------------------------------- As reported by 404 Media, on July 13, a hacker using the alias ‘lkmanka58’ added unapproved code on Amazon Q’s GitHub to inject a defective wiper that wouldn’t cause any harm, but rather sent a message about AI coding security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacke… ∗∗∗ Sophisticated Shuyal Stealer Targets 19 Browsers, Demonstrates Advanced Evasion ∗∗∗ --------------------------------------------- A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options. --------------------------------------------- https://www.darkreading.com/endpoint-security/shuyal-stealer-targets-19-bro… ∗∗∗ French submarine secrets surface after cyber attack ∗∗∗ --------------------------------------------- European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers. --------------------------------------------- https://www.bitdefender.com/en-us/blog/hotforsecurity/french-submarine-secr… ∗∗∗ The Homograph Illusion: Not Everything Is As It Seems ∗∗∗ --------------------------------------------- A subtle yet dangerous email attack vector: homograph attacks. Threat actors are using visually similar, non-Latin characters to bypass security filters. --------------------------------------------- https://unit42.paloaltonetworks.com/homograph-attacks/ ∗∗∗ ToxicPanda: The Android Banking Trojan Targeting Europe ∗∗∗ --------------------------------------------- What is ToxicPanda? Bitsight Trace dives into detail on the banking malware, from impact breadth, delivery, technical analysis, and more. --------------------------------------------- https://www.bitsight.com/blog/toxicpanda-android-banking-malware-2025-study ∗∗∗ EU-Satelliteninternet: UK, Norwegen und Ukraine können sich IRIS2 anschließen ∗∗∗ --------------------------------------------- EU-Raumfahrtkommissar Kubiliius hat europäische Drittstaaten eingeladen, bei dem als Starlink-Alternative gedachten Satellitennetzwerk IRIS2 voll einzusteigen. --------------------------------------------- https://www.heise.de/news/EU-Satelliteninternet-UK-Norwegen-und-Ukraine-koe… ∗∗∗ How I hacked my washing machine ∗∗∗ --------------------------------------------- If you've known me for some amount of time you knew this was something that was bound to happen eventually. Yesterday (and technically today), me and a friend went on an endeavor to hack our washing machine, partially for the fun of it, and partially because there's actually a practical use for it. --------------------------------------------- https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine/ ∗∗∗ Protecting the Evidence in Real-Time with KQL Queries ∗∗∗ --------------------------------------------- A few weeks ago, I published a post titled Detecting Ransomware Final Stage Activities with KQL Queries where I shared different phases and detections during the last phase of a ransomware attack. Every time I read it, I realize just how broad and complex this topic truly is. --------------------------------------------- https://detect.fyi/protecting-the-evidence-in-real-time-with-kql-queries-ac… ∗∗∗ Lionishackers: Analyzing a corporate database seller ∗∗∗ --------------------------------------------- Outpost24’s threat intelligence researchers have been analyzing a corporate database seller known as "Lionishackers". They’re a financially motivated threat actor focused on exfiltrating and selling corporate databases. This post explores how they operate, where their attacks are taking place, and the current level of threat they pose. --------------------------------------------- https://outpost24.com/blog/lionishackers-corporate-database-seller/ ===================== = Vulnerabilities = ===================== ∗∗∗ Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks ∗∗∗ --------------------------------------------- More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. --------------------------------------------- https://www.bleepingcomputer.com/news/security/post-smtp-plugin-flaw-expose… ∗∗∗ Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridiums Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. --------------------------------------------- https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html ∗∗∗ Support ausgelaufen: Admin-Attacke auf LG Netzwerkkamera LNV5110R möglich ∗∗∗ --------------------------------------------- Die Netzwerkkamera LNV5110R von LG Innotek sollte nicht mehr benutzt werden: Die US-Sicherheitsbehörde CISA (Cybersecurity & Infrastructure Security Agency) warnt vor einer Sicherheitslücke, für die es kein Sicherheitsupdate mehr geben wird. --------------------------------------------- https://www.heise.de/news/Support-ausgelaufen-Admin-Attacke-auf-LG-Netzwerk… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (audiofile, libcaca, libetpan, libxml2, php7.4, snapcast, and thunderbird), Fedora (glibc, iputils, mingw-binutils, and thunderbird), Red Hat (kernel, kernel-rt, mod_auth_openidc, and mod_auth_openidc:2.3), SUSE (afterburn, apache2, atop, chromedriver, chromium, cloud-init, deepin-feature-enable, firefox, firefox-esr, grafana, grype-db, gstreamer-plugins-bad, javamail, jupyter-jupyterlab-templates, jupyter-nbdime, konsole, libetebase, libxmp, minio-client-20250721T052808Z, MozillaFirefox, MozillaFirefox-branding-SLE, opera, pdns-recursor, perl-Authen-SASL, polkit, python-Django, python3-pycares, python311-starlette, rpi-imager, ruby3.4-rubygem-thor, spdlog, thunderbird, varnish, viewvc, and xtrabackup), and Ubuntu (openjdk-21-crac). --------------------------------------------- https://lwn.net/Articles/1031667/ ∗∗∗ Sicherheitsproblem: Hartkodierte Zugangsdaten gefährden PCs mit MyASUS ∗∗∗ --------------------------------------------- Die MyASUS-App kann zum Einfallstor für Angreifer werden. Schuld sind zwei Sicherheitslücken, die aber mittlerweile geschlossen sind. Wer das Tool nicht aktualisiert, riskiert unbefugte Zugriffe auf bestimmte Services. --------------------------------------------- https://www.heise.de/news/Sicherheitsproblem-Hartkodierte-Zugangsdaten-gefa… ∗∗∗ SyStrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/335798 ∗∗∗ Mehrere Stored Cross-Site Scripting Schwachstellen im Optimizely Episerver Content Management System ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-stored-cross-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2025
by Daily end-of-shift report 25 Jul '25

25 Jul '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-07-2025 18:00 − Freitag 25-07-2025 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hacker sneaks infostealer malware into early access Steam game ∗∗∗ --------------------------------------------- A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-ma… ∗∗∗ New Koske Linux malware hides in cute panda images ∗∗∗ --------------------------------------------- A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. Researchers from cybersecurity company AquaSec analyzed Koske and described it as "a sophhisticated Linux threat." Based on the observed adaptive behavior, the researchers believe that the malware was developed using large language models (LLMs) or automation frameworks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-koske-linux-malware-hide… ∗∗∗ CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in a report shared with The Hacker News. --------------------------------------------- https://thehackernews.com/2025/07/castleloader-malware-infects-469.html ∗∗∗ Phishers Target Aviation Execs to Scam Customers ∗∗∗ --------------------------------------------- KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. --------------------------------------------- https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-… ∗∗∗ From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 ∗∗∗ --------------------------------------------- In mid 2025, Google Threat Intelligence Group (GITG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, including retail, airline, and insurance. This was the work of UNC3944, a financially motivated threat group that has exhibited overlaps with public reporting of "0ktapus," "Octo Tempest," and "Scattered Spider." Following public alerts from the Federal Bureau of Investigation (FBI), the group's targeting became clear. GTIG observed that the group was suspected of turning its ransomware and extortion operations to the U.S. retail sector. The campaign soon broadened further, with airline and transportation organizations in North America having also become targets. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (git, kernel, nginx:1.24, and sudo), Fedora (dpkg, java-21-openjdk, java-25-openjdk, java-latest-openjdk, and valkey), Oracle (apache-commons-vfs, sudo, tigervnc, and xorg-x11-server), Red Hat (kernel, krb5, and openssh), SUSE (gnutls, ImageMagick, iputils, kernel-livepatch-MICRO-6-0-RT_Update_10, kubernetes1.18, libarchive, ovmf, python, and salt), and Ubuntu (iputils, linux-aws-6.14, linux-raspi, openjdk-21, and openjdk-24). --------------------------------------------- https://lwn.net/Articles/1031426/ ∗∗∗ Angriffe gegen Citrix Netscaler CVE-2025-6543 ∗∗∗ --------------------------------------------- https://www.cert.at/de/aktuelles/2025/7/angriffe-gegen-citrix-netscaler-cve… ∗∗∗ CVE-2025-38350 - ZDI-25-651: (Pwn2Own) Red Hat Enterprise Linux CBS Packet Scheduling Use-After-Free Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-651/ ∗∗∗ Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ CISA Releases Six Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/07/24/cisa-releases-six-indust… ∗∗∗ Medtronic MyCareLink Patient Monitor ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

← Newer
1
...
4
5
6
7
8
9
10
...
329
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily