[CERT-daily] Tageszusammenfassung - 24.04.2025

===================== = End-of-Day report = =====================

Timeframe: Mittwoch 23-04-2025 18:00 − Donnerstag 24-04-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer

===================== = News = =====================

∗∗∗ Linux io_uring security blindspot allows stealthy rootkit attacks ∗∗∗ --------------------------------------------- A significant security gap in Linux runtime security caused by the io_uring interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-io-uring-security-blind...

∗∗∗ Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals ∗∗∗ --------------------------------------------- The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a new report shared with The Hacker News." --------------------------------------------- https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.htm...

∗∗∗ Erlang/OTP SSH: Namhafte Hersteller von kritischer Lücke betroffen ∗∗∗ --------------------------------------------- Erlang/OTP SSH wird von vielen namhaften Herstellern mitgeliefert. Daher betrifft eine kritische Lücke auch Cisco und Ericsson. Zu den weiteren verwundbaren Anbietern gehört nach jetzigem Stand EMQ Technologies. Nicht standardmäßig installiert, aber optional verfügbar ist Erlang/OTP SSH bei National Instruments, Broadcom (insbesondere RabbitMQ), Very Technology, Apache (CouchDB) und Riak Technologies. Hier müssen Admins prüfen, ob sie Erlang/OTP SSH installiert haben und gegebenenfalls die verfügbaren Aktualisierungen installieren. --------------------------------------------- https://www.heise.de/news/Erlang-OTP-SSH-Namhafte-Hersteller-von-kritischer-...

∗∗∗ 9X Surge in Ivanti Connect Secure Scanning Activity ∗∗∗ --------------------------------------------- GreyNoise observed a 9X spike in suspicious scanning activity targeting Ivanti Connect Secure or Ivanti Pulse Secure VPN systems. More than 230 unique IPs probed ICS/IPS endpoints. This surge may indicate coordinated reconnaissance and possible preparation for future exploitation. --------------------------------------------- https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity

===================== = Vulnerabilities = =====================

∗∗∗ Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely ∗∗∗ --------------------------------------------- A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. --------------------------------------------- https://thehackernews.com/2025/04/critical-commvault-command-center-flaw.htm...

∗∗∗ Drupal: Security advisories ∗∗∗ --------------------------------------------- Drupal has released new security advisories. --------------------------------------------- https://www.drupal.org/security

∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy and openrazer), Fedora (c-ares and mingw-poppler), Red Hat (thunderbird), SUSE (epiphany, ffmpeg-6, gopass, and libsoup-3_0-0), and Ubuntu (erlang, haproxy, libapache2-mod-auth-openidc, libarchive, linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws-6.8, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gke, linux-gkeop, linux-gcp-6.8, linux-ibm-5.15, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-realtime, perl, and yelp, yelp-xsl). --------------------------------------------- https://lwn.net/Articles/1018717/

∗∗∗ ZDI-25-250: (0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-250/

∗∗∗ ZDI-25-249: (0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-249/

∗∗∗ ZDI-25-248: (0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-248/

∗∗∗ ZDI-25-247: (0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-247/

∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2025/04/wordfence-intelligence-weekly-wordpre...

∗∗∗ ALBEDO Telecom Net.Time - PTP/NTP Clock ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02

∗∗∗ Sonicwall warnt vor DoS-Lücke in SSLVPN ∗∗∗ --------------------------------------------- https://heise.de/-10360960