===================== = End-of-Day report = =====================
Timeframe: Montag 18-08-2025 18:00 − Dienstag 19-08-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ In mehreren Webportalen: Reihenweise fest kodierte Zugangsdaten bei Intel entdeckt ∗∗∗ --------------------------------------------- Ein Forscher hat in Webportalen von Intel gravierende Sicherheitslücken gefunden. Teilweise standen Passwörter clientseitig im Code. --------------------------------------------- https://www.golem.de/news/in-mehreren-webportalen-reihenweise-fest-kodierte-...
∗∗∗ GodRAT – New RAT targeting financial institutions ∗∗∗ --------------------------------------------- Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group. --------------------------------------------- https://securelist.com/godrat/117119/
∗∗∗ The State of Ransomware in Retail 2025 ∗∗∗ --------------------------------------------- 361 IT and cybersecurity leaders reveal the ransomware realities for retail businesses today. --------------------------------------------- https://news.sophos.com/en-us/2025/08/19/the-state-of-ransomware-in-retail-2...
∗∗∗ 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds ∗∗∗ --------------------------------------------- Scam compounds in Cambodia, Myanmar, and Laos have conned people out of billions. New research shows they may be linked to child sextortion crimes too. --------------------------------------------- https://www.wired.com/story/child-sextorition-scam-compounds-southeast-asia/
∗∗∗ Marokko zerrt deutsche Zeitungen wegen Spyware-Berichten vor den BGH ∗∗∗ --------------------------------------------- Marokko steht unter Verdacht, die Spyware Pegasus gegen Anwälte, Journalisten und Politiker eingesetzt zu haben. Deutsche Medien berichteten, Marokko ist sauer. --------------------------------------------- https://www.heise.de/news/Marokko-zieht-gegen-deutsche-Spyware-Berichterstat...
∗∗∗ Angriffe auf N-able N-central laufen, mehr als 1000 Systeme ungepatcht ∗∗∗ --------------------------------------------- Noch mehr als tausend Instanzen von des RMM N-able N-central sind für kritische Lücken anfällig. Die werden bereits attackiert. --------------------------------------------- https://www.heise.de/news/Angriffe-auf-N-able-N-central-laufen-mehr-als-1000...
∗∗∗ Kostenlos 10.000.000 Robux bekommen? Achtung, Fake-Angebot! ∗∗∗ --------------------------------------------- Die Online-Spieleplattform „Roblox“ ist besonders bei Kindern und Jugendlichen beliebt – und grundsätzlich kostenlos. Um bestimmte Funktionen und Inhalte freizuschalten, braucht es aber eine In-Game-Währung namens „Robux“. Und die ist wiederum nur gegen echtes Geld erhältlich. Kriminelle versuchen deshalb, User mit dem Versprechen von kostenlosen „Robux“ in die Falle zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/robux-fake-angebot/
∗∗∗ Fashionable Phishing Bait: GenAI on the Hook ∗∗∗ --------------------------------------------- GenAI-created phishing campaigns misuse tools ranging from website builders to text generators in order to create more convincing and scalable attacks. --------------------------------------------- https://unit42.paloaltonetworks.com/genai-phishing-bait/
∗∗∗ Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft ∗∗∗ --------------------------------------------- Hackers are disguising a powerful strain of malware as a ChatGPT desktop application in preparation for ransomware attacks, Microsoft said. --------------------------------------------- https://therecord.media/ransomware-gang-masking-pipemagic-backdoor
∗∗∗ UK ‘agrees to drop’ demand over Apple iCloud encryption, US intelligence head claims ∗∗∗ --------------------------------------------- The United Kingdom is backing down from a controversial legal demand targeting Apple, U.S. Director of National Intelligence Tulsi Gabbard claimed on social media. --------------------------------------------- https://therecord.media/uk-agrees-drop-apple-encryption
∗∗∗ Trend Micro Unmasks Global "Task Scam" Industry ∗∗∗ --------------------------------------------- Trend Micro today released new research revealing the mechanics and scale of a rapidly growing fraud model known as "task scams": sophisticated online job scams that lure victims into repetitive digital tasks and systematically strip them of funds through escalating deposit demands. --------------------------------------------- https://newsroom.trendmicro.com/2025-08-19-Trend-Micro-Unmasks-Global-Task-S...
∗∗∗ Fake Copyright Notices Drop New Noodlophile Stealer Variant ∗∗∗ --------------------------------------------- Morphisec warns of a new Noodlophile Stealer variant spread via fake copyright phishing emails, using Dropbox links .. --------------------------------------------- https://hackread.com/phishing-scam-fake-copyright-notice-noodlophile-stealer...
∗∗∗ How Indirect Prompt Injections Exploit Context, Format, and Salience ∗∗∗ --------------------------------------------- A breakdown of indirect prompt injection attacks using real-world cases (emails, code comments, diagrams). Introduces the CFS model (Context, Format, Salience) to explain what makes some payloads more likely to succeed. --------------------------------------------- https://www.fogel.dev/prompt_injection_cfs_framework
∗∗∗ Trivial C# Random Exploitation ∗∗∗ --------------------------------------------- Exploiting random number generators requires math, right? Thanks to C#’sRandom, that is not necessarily the case! I ran into an HTTP 2.0 web serviceissuing password reset tokens from a custom encoding of (new Random()).Next(min, max) output. This led to a critical account takeover.Exploitation did not require scripting, math or libraries. Just several clicksin Burp. While I .. --------------------------------------------- https://blog.doyensec.com/2025/08/19/trivial-exploit-on-C-random.html
===================== = Vulnerabilities = =====================
∗∗∗ Security Vulnerabilities fixed in Firefox 142 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/