===================== = End-of-Day report = =====================
Timeframe: Montag 29-09-2025 18:00 − Dienstag 30-09-2025 18:00 Handler: n/a Co-Handler: Guenes Holler
===================== = News = =====================
∗∗∗ Ransomware gang sought BBC reporter’s help in hacking media giant ∗∗∗ --------------------------------------------- Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-gang-sought-bbc-re...
∗∗∗ AI-Powered Voice Cloning Raises Vishing Risks ∗∗∗ --------------------------------------------- A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information. --------------------------------------------- https://www.darkreading.com/cyberattacks-data-breaches/ai-voice-cloning-vish...
∗∗∗ Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Googles Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. --------------------------------------------- https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html
∗∗∗ Google’s Latest AI Ransomware Defense Only Goes So Far ∗∗∗ --------------------------------------------- Google has launched a new AI-based protection in Drive for desktop that can shut down an attack before it spreads—but its benefits have their limits. --------------------------------------------- https://www.wired.com/story/googles-latest-ai-ransomware-defense-only-goes-s...
∗∗∗ Auf GitHub: Zahlreiche Fakes bekannter Mac-Apps kursieren ∗∗∗ --------------------------------------------- In einer offenbar konzertierten Aktion versuchen Scammer, gefälschte Apps für Mac-Nutzer zu verbreiten. Unklar ist, was das bezwecken soll. --------------------------------------------- https://www.heise.de/news/Auf-GitHub-Zahlreiche-Fakes-bekannter-Mac-Apps-kur...
∗∗∗ Vorsicht vor Festnetz-Spoofing: Kriminelle nutzen (teilweise) reale Telefonnummern! ∗∗∗ --------------------------------------------- Wer aktuell Anrufe von vermeintlichen Bank-Berater:innen bekommt, sollte besonders misstrauisch und vorsichtig sein! Kriminellen gelingt es immer öfter, real existierende Service-Festnetznummern als Deckmantel für ihre Betrugsmaschen zu nutzen. Ziel des „Spoofings“ ist der Zugriff auf das Konto des Opfers. --------------------------------------------- https://www.watchlist-internet.at/news/vorsich-festnetz-spoofing/
∗∗∗ Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite ∗∗∗ --------------------------------------------- Phantom Taurus is a previously undocumented Chinese threat group. Explore how this groups distinctive toolset lead to uncovering their existence.The post Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite appeared first on Unit 42. --------------------------------------------- https://unit42.paloaltonetworks.com/phantom-taurus/
∗∗∗ XiebroC2 Identified in MS-SQL Server Attack Cases ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting poorly managed MS-SQL servers and recently confirmed a case involving the use of XiebroC2. XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to CobaltStrike. --------------------------------------------- https://asec.ahnlab.com/en/90369/
∗∗∗ Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations ∗∗∗ --------------------------------------------- Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UNC6040’s specific attack methodologies, this guide presents a structured defensive framework encompassing proactive hardening measures, comprehensive logging protocols, and advanced detection capabilities. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-h...
∗∗∗ When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise ∗∗∗ --------------------------------------------- In early 2025, we encountered a mission-critical software component called TRUfusion Enterprise on the perimeter of one of our customers that is used to transfer highly sensitive data. Since Rocket Software claims that they are undergoing regular audits and also follow secure coding guidelines, we didn’t expect to find much but to our surprise, it took us just two minutes to discover the first totally unsophisticated, but critical pre-auth path traversal vulnerability that already gave us admin rights. --------------------------------------------- https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-...
===================== = Vulnerabilities = =====================
∗∗∗ Broadcom fixes high-severity VMware NSX bugs reported by NSA ∗∗∗ --------------------------------------------- Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). --------------------------------------------- https://www.bleepingcomputer.com/news/security/broadcom-fixes-high-severity-...
∗∗∗ IBM App Connect Enterprise Toolkit kann Daten leaken ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für IBM App Connect Enterprise Toolkit, InfoSphere und WebSphere erschienen. --------------------------------------------- https://www.heise.de/news/IBM-App-Connect-Enterprise-Toolkit-kann-Daten-leak...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-internetarchive and tiff), Fedora (nextcloud), Oracle (kernel, openssh, and squid), Red Hat (kernel, kernel-rt, and ncurses), SUSE (afterburn and chromium), and Ubuntu (open-vm-tools, ruby-rack, and tiff). --------------------------------------------- https://lwn.net/Articles/1040152/
∗∗∗ Security Vulnerabilities fixed in Firefox 143.0.3 ∗∗∗ --------------------------------------------- Mozilla has fixed three vulnerabilities labeled as high. --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/
∗∗∗ Critical Vulnerability Alert: CVE-2025-10035 in GoAnywhere MFT ∗∗∗ --------------------------------------------- A critical security vulnerability (CVE-2025-10035) has been identified in GoAnywhere MFT, a widely used file transfer solution developed by Fortra. --------------------------------------------- https://www.bitsight.com/blog/critical-vulnerability-alert-cve-2025-10035-go...
∗∗∗ Apple Security Update Addresses Critical Font Parser Vulnerability Across Multiple Platforms ∗∗∗ --------------------------------------------- Apple has rolled out a series of important security updates across multiple platforms, addressing a vulnerability affecting the system font parser. These Apple security updates cover iOS, iPadOS, macOS, visionOS, watchOS, and tvOS. --------------------------------------------- https://thecyberexpress.com/apple-security-updates/