===================== = End-of-Day report = =====================
Timeframe: Dienstag 22-04-2025 18:00 − Mittwoch 23-04-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler
===================== = News = =====================
∗∗∗ Alternativen aus Europa: Wie man von US-Software unabhängig wird ∗∗∗ --------------------------------------------- Ein Wiener Softwareentwickler sammelt "European Alternatives" zu US-Digitalprodukten. Seit Trumps 2. Amtsantritt ist das Interesse stark gestiegen. --------------------------------------------- https://futurezone.at/netzpolitik/tech-alternativen-apps-europa-datenschutz-...
∗∗∗ Kurz nach Offenlegung: ChatGPT und Claude liefern Exploit für kritische SSH-Lücke ∗∗∗ --------------------------------------------- In einem verbreiteten SSH-Tool klafft eine gefährliche Lücke. Nur Stunden nach Bekanntwerden erstellt ein Forscher mittels KI einen funktionierenden Exploit. --------------------------------------------- https://www.golem.de/news/kurz-nach-offenlegung-chatgpt-und-claude-liefern-e...
∗∗∗ Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices ∗∗∗ --------------------------------------------- Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an analysis. --------------------------------------------- https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html
∗∗∗ CVE-2025-3248: RCE vulnerability in Langflow ∗∗∗ --------------------------------------------- CVE-2025-3248, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8, has been discovered in Langflow, an open-source platform for visually composing AI-driven agents and workflows. [..] All Langflow versions prior to 1.3.0 are susceptible to code injection. [..] Exploiting CVE-2025-3248 involves the following steps: --------------------------------------------- https://www.zscaler.com/blogs/security-research/cve-2025-3248-rce-vulnerabil...
∗∗∗ Die Urlaubsplanung steht an? Vorsicht vor Betrug mit Fake-Buchungsportalen! ∗∗∗ --------------------------------------------- Wo soll es im Sommerurlaub hingehen? Wie wäre es mit einer Miet-Finca auf den Kanaren? Dann ist bei der Buchung Vorsicht angebracht! Kriminelle erstellen Fake-Portale und bieten dort vermeintlich reale Luxus-Mietobjekte an. Wer sich auf den Deal einlässt und den gewünschten Betrag überweist, ist in die Falle getappt. Die Unterkunft existiert nicht, das Geld ist weg. --------------------------------------------- https://www.watchlist-internet.at/news/villen-fincas-fake-buchungsportal/
∗∗∗ Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows ∗∗∗ --------------------------------------------- Since early March 2025, Volexity has observed multiple Russian threat actors aggressively targeting individuals and organizations with ties to Ukraine and human rights. These recent attacks use a new technique aimed at abusing legitimate Microsoft OAuth 2.0 Authentication workflows. The attackers are impersonating officials from various European nations, and in one instance leveraged a compromised Ukrainian Government account. --------------------------------------------- https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-a...
∗∗∗ Distribution of PebbleDash Malware in March 2025 ∗∗∗ --------------------------------------------- PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. --------------------------------------------- https://asec.ahnlab.com/en/87621/
∗∗∗ Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs ∗∗∗ --------------------------------------------- Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme. --------------------------------------------- https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-br...
===================== = Vulnerabilities = =====================
∗∗∗ ASUS releases fix for AMI bug that lets hackers brick servers ∗∗∗ --------------------------------------------- ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [..] The flaw impacts American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software, used by over a dozen server hardware vendors, including HPE, ASUS, and ASRock. The CVE-2024-54085 flaw is remotely exploitable, potentially leading to malware infections, firmware modifications, and irreversible physical damage through over-volting. --------------------------------------------- https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (bluez, expat, and postgresql:12), Fedora (chromium, golang, LibRaw, moodle, openiked, ruby, and trafficserver), Red Hat (bluez, expat, gnutls, libtasn1, libxslt, mod_auth_openidc, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), and Ubuntu (linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime, linux-azure, linux-azure-6.11, linux-gcp-6.8, and matrix-synapse). --------------------------------------------- https://lwn.net/Articles/1018589/
∗∗∗ CISA Releases Five Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-25-112-01 Siemens TeleControl Server Basic SQL, ICSA-25-112-02 Siemens TeleControl Server Basic, ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A, ICSA-25-112-04 ABB MV Drives, ICSA-25-035-04 Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC (Update A) --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/04/22/cisa-releases-five-indust...
∗∗∗ Cisco: Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...