===================== = End-of-Day report = =====================
Timeframe: Freitag 08-08-2025 18:00 − Montag 11-08-2025 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ WinRAR zero-day flaw exploited by RomCom hackers in phishing attacks ∗∗∗ --------------------------------------------- A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. [..] The flaw is a directory traversal vulnerability that was fixed in WinRAR 7.13, which allows specially crafted archives to extract files into a file path selected by the attacker. --------------------------------------------- https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploite...
∗∗∗ Command Injection in Jenkins via Git Parameter (CVE-2025-53652) ∗∗∗ --------------------------------------------- On July 9, Jenkins disclosed CVE-2025-53652 (aka SECURITY-34191), one of 31 plugin vulnerabilities announced that day. [..] was disclosed as medium severity, but it enables command injection via the Jenkins Git Parameter plugin. [..] Around 15,000 Jenkins servers appear to allow unauthenticated access, making RCE viable in the wild. [..] The patch can be disabled, so detection remains important even after upgrading. --------------------------------------------- https://www.vulncheck.com/blog/git-parameter-rce
∗∗∗ EU law to protect journalists from spyware takes effect ∗∗∗ --------------------------------------------- Critics from press freedom groups say member states have not taken steps to give the law any teeth. --------------------------------------------- https://therecord.media/eu-law-to-protect-journalists-from-spyware-takes-eff...
∗∗∗ Sicherheitslücken: Hacker knackt Auto über Webportal des Herstellers ∗∗∗ --------------------------------------------- Er konnte nicht nur aus der Ferne unzählige fremde Autos orten, entriegeln und starten, sondern auch nach Belieben die Halterdaten abfragen. [..] Zveare stellte seine Entdeckungen am vergangenen Sonntag auf der Def Con in Las Vegas vor. Den Angaben zufolge konnte er sich in dem besagten Händlerportal ein "nationales Administratorkonto" erstellen und erhielt damit einen weitreichenden Zugriff, der "nur wenigen ausgewählten Unternehmensnutzern vorbehalten ist" und "eine Vielzahl von lustigen Exploits" ermöglichte. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-hacker-knackt-auto-ueber-webpor...
∗∗∗ Spionage: Rauchwarnmelder in Abhörwanzen verwandelt ∗∗∗ --------------------------------------------- Zwei junge Sicherheitsforscher haben im Rahmen der Def Con in Las Vegas Sicherheitslücken in smarten Rauchwarnmeldern des Typs Halo 3C aufgedeckt. [..] Der Hersteller der Halo-3C-Warnmelder hört auf den Namen IPVideo und ist laut der Webseite seit 2023 Teil von Motorola Solutions. Das Unternehmen hat dem Wired-Bericht zufolge bereits ein Firmwareupdate bereitgestellt, um die von Garcia und seinem Kollegen entdeckten Sicherheitslücken zu schließen. Mit der Cloud verbundene Geräte sollen das Update automatisch erhalten. --------------------------------------------- https://www.golem.de/news/spionage-smarte-rauchwarnmelder-in-abhoerwanzen-ve...
∗∗∗ Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models ∗∗∗ --------------------------------------------- Cybersecurity researchers have uncovered multiple security flaws in Dells ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware. [..] Attackers can chain the vulnerabilities, which were presented at the Black Hat USA security conference, to escalate their privileges after initial access, bypass authentication controls, and maintain persistence on compromised systems that survive operating system updates or reinstallations. --------------------------------------------- https://thehackernews.com/2025/08/researchers-reveal-revault-attack.html
∗∗∗ DEF CON hackers plug security holes in US water systems amid tsunami of threats ∗∗∗ --------------------------------------------- A DEF CON hacker walks into a small-town water facility … no, this is not the setup for a joke or a (super-geeky) odd-couple rom-com. It's a true story that happened at five utilities across four states. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/08/10/def_con_hacke...
∗∗∗ libarchive: Sicherheitslücke entpuppt sich als kritisch ∗∗∗ --------------------------------------------- In der Open-Source-Kompressionsbibliothek libarchive klafft eine Sicherheitslücke, die zunächst als lediglich niedriges Risiko eingestuft wurde. [..] Die ursprüngliche Meldung der Lücke an das libarchive-Projekt durch Tobias Stöckmann mitsamt eines Proof-of-Concept-Exploits fand bereits am 10. Mai dieses Jahres statt. Am 20. Mai haben die Entwickler die Version 3.8.0 von libarchive herausgegeben. Die öffentliche Schwachstellenmeldung erfolgte am 9. Juni ebenfalls auf Github. Dort wurde auch die CVE-Nummer CVE-2025-5914 zugewiesen, jedoch zunächst mit dem Schweregrad CVSS 3.9, Risiko "niedrig", wie Red Hat die Lücke einordnete. --------------------------------------------- https://www.heise.de/news/libarchive-Sicherheitsluecke-entpuppt-sich-als-kri...
∗∗∗ Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild ∗∗∗ --------------------------------------------- CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. --------------------------------------------- https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/
∗∗∗ BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons ∗∗∗ --------------------------------------------- A new class of USB-based attacks has come to light. [..] Attackers can now exploit vulnerabilities in commonly used USB webcams running embedded Linux, transforming them into BadUSB devices capable of injecting keystrokes and executing covert operations independently of the host operating system. --------------------------------------------- https://thecyberexpress.com/badcam-linux-webcam/
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base and libxml2), Debian (distro-info-data, gnutls28, modsecurity-crs, and node-tmp), Fedora (chromium, incus, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, varnish, and xen), Red Hat (kernel, kernel-rt, and rhc), and SUSE (chromedriver, ffmpeg-4, go1.23, go1.24, go1.25, govulncheck-vulndb, himmelblau, iperf, keylime-ima-policy, net-tools, sqlite3, texmaker, tomcat, and zabbix). --------------------------------------------- https://lwn.net/Articles/1033328/
∗∗∗ SQUID-2025:1 Buffer Overflow in URN Handling ∗∗∗ --------------------------------------------- https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
∗∗∗ Xerox® FreeFlow® Core v8.0.5 ∗∗∗ --------------------------------------------- https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Sec...