===================== = End-of-Day report = =====================
Timeframe: Freitag 11-04-2025 18:00 − Montag 14-04-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ BentoML Vulnerability Allows Remote Code Execution on AI Servers ∗∗∗ --------------------------------------------- This vulnerability, tracked as CVE-2025-27520 with a high severity score of 9.8 and discovered by GitHub user c2an1, could allow attackers who aren’t even logged in to take complete control of the servers running these AI services. [..] Interestingly, according to Checkmarx’s report, this vulnerability is essentially a repeat of CVE-2024-2912, which was fixed in BentoML version 1.2.5., but the fix was later removed in BentoML version 1.3.8, causing the same dangerous weakness to reappear. --------------------------------------------- https://hackread.com/bentoml-vulnerability-remote-code-execution-ai-servers/
∗∗∗ Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th) ∗∗∗ --------------------------------------------- Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the "Bug Fixes" addresses a major vulnerability. Instead, the release notes state, "auth current user on code validation." [..] The vulnerability went somewhat unnoticed, at least by me, until Horizon3 created a detailed writeup showing how easy it is to exploit the vulnerability and provide proof of concept exploit. --------------------------------------------- https://isc.sans.edu/diary/rss/31850
∗∗∗ Proton66 Part 1: Mass Scanning and Exploit Campaigns ∗∗∗ --------------------------------------------- Trustwave SpiderLabs continuously tracks a range of malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns leading to malware infections. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-par...
∗∗∗ Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. --------------------------------------------- https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.ht...
∗∗∗ CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide ∗∗∗ --------------------------------------------- CyberAv3ngers has been vocal about their operations that targeted Israel and Israeli technology products. But they've also quietly expanded their target list to include a variety of other devices and networks, including a US oil and gas firm and a wide array of industrial control systems across the world. --------------------------------------------- https://www.wired.com/story/cyberav3ngers-iran-hacking-water-and-gas-industr...
∗∗∗ A short(-ish) guide on information security writing ∗∗∗ --------------------------------------------- Whether you’re compiling incident notes at 3 AM, drafting a post-mortem report for the board or helping the marketing department to craft a blog post that will generate near endless riches for your employer - we may like it or not, the ability to produce qualitative writing is as much a vital skill when working in information security as your technical prowess. --------------------------------------------- https://bytesandborscht.com/a-short-ish-guide-on-information-security-writin...
∗∗∗ Vorsicht vor Dreiecksbetrug bei Kleinanzeigenplattformen ∗∗∗ --------------------------------------------- eBay, Willhaben, Shpock und Co. sind beliebte Plattformen, um günstig gebrauchte Waren zu kaufen oder nicht mehr benötigte Gegenstände zu verkaufen. Doch Vorsicht: Hinter manchen Profilen verbergen sich Kriminelle. Besonders tückisch ist der Dreiecksbetrug, bei dem sowohl Käufer:innen als auch Verkäufer:innen betrogen werden. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-dreiecksbetrug-bei-klein...
∗∗∗ BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets ∗∗∗ --------------------------------------------- A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.htm...
===================== = Vulnerabilities = =====================
∗∗∗ Sicherheitsupdates: Schadcode-Attacken auf KI-Analyseplattform Spotfire möglich ∗∗∗ --------------------------------------------- Wie aus zwei Warnmeldungen zu den Sicherheitslücken (CVE-2025-3114 "kritisch", CVE-2025-3115 "kritisch") hervorgeht, sind konkret Spotfire Analyst, AWS Marketplace, Deployment Kit Spotfire Server, Desktop, Enterprise Runtime, Service for Python, Service for R und Statistics Services bedroht. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Schadcode-Attacken-auf-KI-Analy...
∗∗∗ Netzwerkgeräte mit Arista EOS können Verschlüsselung vergessen ∗∗∗ --------------------------------------------- Wie aus einer Warnmeldung hervorgeht, funktioniert die Verschlüsselung von Datenverkehr nicht verlässlich. Das ist aber den Entwicklern zufolge aber nur gegeben, wenn Secure Vxlan konfiguriert ist. [..] Die Sicherheitslücke (CVE-2024-12378) ist mit dem Bedrohungsgrad "kritisch" eingestuft. --------------------------------------------- https://www.heise.de/news/Netzwerkgeraete-mit-Arista-EOS-koennen-Verschluess...
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glib2.0, jinja2, kernel, mediawiki, perl, subversion, twitter-bootstrap3, twitter-bootstrap4, and wpa), Fedora (c-ares, chromium, condor, corosync, cri-tools1.29, exim, firefox, matrix-synapse, nextcloud, openvpn, perl-Data-Entropy, suricata, upx, varnish, webkitgtk, yarnpkg, and zabbix), Mageia (giflib, gnupg2, graphicsmagick, and poppler), Oracle (delve and golang, go-toolset:ol8, grub2, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (chromium, fontforge-20230101, govulncheck-vulndb, kernel, liblzma5-32bit, pgadmin4, python311-Django, and python311-PyJWT), and Ubuntu (graphicsmagick). --------------------------------------------- https://lwn.net/Articles/1017396/