===================== = End-of-Day report = =====================
Timeframe: Dienstag 09-09-2025 18:00 − Mittwoch 10-09-2025 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Phishing im Namen der WKO: Sensible Daten im Visier ∗∗∗ --------------------------------------------- Kriminelle kopieren aktuell eine echte E-Mail-Nachricht der Wirtschaftskammer Österreich. Über ein angehängtes HTML-Dokument wollen sie Ihre Opfer auf ein Fake-Portal locken und dort sensible Daten erbeuten. Wir zeigen Ihnen, woran Sie den Betrugsversuch erkennen können. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-wko/
∗∗∗ You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819) ∗∗∗ --------------------------------------------- Today, inside this hellscape we call the Internet, a mean person has discovered a zero-day(s) in FreePBX (now lovingly called CVE-2025-57819). But they didn’t stop there - the dastardly individual(s) then proceeded to exploit FreePBX hosts en-masse. [..] Today, we are publishing our Detection Artefact Generator which you can find here. --------------------------------------------- https://labs.watchtowr.com/you-already-have-our-personal-data-take-our-phone...
∗∗∗ US Investment in Spyware Is Skyrocketing ∗∗∗ --------------------------------------------- A new report warns that the number of US investors in powerful commercial spyware rose sharply in 2024 and names new countries linked to the dangerous technology. --------------------------------------------- https://www.wired.com/story/us-spyware-investment/
∗∗∗ CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems. --------------------------------------------- https://thehackernews.com/2025/09/chillyhell-macos-backdoor-and-zynorrat.htm...
∗∗∗ Pwn My Ride: Exploring the CarPlay Attack Surface ∗∗∗ --------------------------------------------- At the recent DefCon conference, we had the opportunity to present Pwn My Ride, a comprehensive exploration of the Apple CarPlay attack surface. With vehicles becoming increasingly connected, the security of in-car systems like CarPlay is critical. --------------------------------------------- https://www.oligo.security/blog/pwn-my-ride-exploring-the-carplay-attack-sur...
∗∗∗ Kerberoasting ∗∗∗ --------------------------------------------- These “Kerberoasting” attacks have been around for ages: the technique and name is credited to Tim Medin who presented it in 2014 (and many popular blogs followed up on it) but the vulnerabilities themselves are much older. [..] I’ll bet most Windows people already know this stuff, but I only happened to learn about it today, after seeing a letter from Senator Wyden to Microsoft, describing how this vulnerability was used in the May 2024 ransomware attack on the Ascension Health hospital system. --------------------------------------------- https://blog.cryptographyengineering.com/2025/09/10/kerberoasting/
∗∗∗ New Linux Botnet Combines Cryptomining and DDoS Attacks ∗∗∗ --------------------------------------------- Cyble threat intelligence researchers have identified a sophisticated Linux botnet built for cryptocurrency mining, remote command execution, and dozens of DDoS attack types. Cyble Research and Intelligence Labs (CRIL) researchers have dubbed the campaign “Luno.” --------------------------------------------- https://thecyberexpress.com/linux-botnet-combines-cryptomining-and-ddos/
∗∗∗ Apple Introduces Memory Integrity Enforcement in iPhone 17 to Fight Spyware Exploits ∗∗∗ --------------------------------------------- Apple has introduced Memory Integrity Enforcement (MIE), a system-wide security feature designed to crush one of the most persistent threats to iPhone users—that of Spyware. The company describes MIE as “the most significant upgrade to memory safety in the history of consumer operating systems.” --------------------------------------------- https://thecyberexpress.com/memory-integrity-enforcement-in-iphone-17/
===================== = Vulnerabilities = =====================
∗∗∗ Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days ∗∗∗ --------------------------------------------- Today is Microsofts September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities. [..] The two publicly disclosed zero-days are: CVE-2025-55234 - Windows SMB Elevation of Privilege Vulnerability [..] CVE-2024-21907 - VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-pat...
∗∗∗ Patchday Adobe: Lücken in Acrobat & Co. können Schadcode auf PCs lassen ∗∗∗ --------------------------------------------- Auflistung der Sicherheitspatches: Acrobat and Reader, After Effects, ColdFusion, Commerce, Dreamweaver, Experience Manager, Premiere Pro, Substance 3D Modeler, Substance 3D Viewer --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-Luecken-in-Acrobat-Co-koennen-Schad...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (buildah, containers-common, glycin, loupe, podman, rust-matchers, and rust-tracing-subscriber), Red Hat (fence-agents, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base, pki-deps:10.6, python-requests, python3.12-cryptography, redis:6, redis:7, and resource-agents), Slackware (libssh), SUSE (aide, cloud-init, iperf, java-1_8_0-openjdk, jq, kernel-devel, python-deepdiff, regionServiceClientConfigAzure, regionServiceClientConfigEC2, and regionServiceClientConfigGCE), and Ubuntu (gnutls28). --------------------------------------------- https://lwn.net/Articles/1037471/
∗∗∗ CISA Releases Fourteen Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-25-252-01 Rockwell Automation ThinManager, ICSA-25-252-02 ABB Cylon Aspect BMS/BAS, ICSA-25-252-03 Rockwell Automation Stratix IOS, ICSA-25-252-04 Rockwell Automation FactoryTalk Optix, ICSA-25-252-05 Rockwell Automation FactoryTalk Activation Manager, ICSA-25-252-06 Rockwell Automation CompactLogix® 5480, ICSA-25-252-07 Rockwell Automation ControlLogix 5580, ICSA-25-252-08 Rockwell Automation Analytics LogixAI, ICSA-25-252-09 Rockwell Automation 1783-NATR --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/09/09/cisa-releases-fourteen-in...
∗∗∗ Google Chrome: Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/09/stable-channel-update-for-deskt...