===================== = End-of-Day report = =====================
Timeframe: Donnerstag 10-07-2025 18:00 − Freitag 11-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ In Paris verhaftet: Russischer Basketballprofi soll Cyberbande unterstützt haben ∗∗∗ --------------------------------------------- Ein Spieler des MBA Moskau ist in Frankreich festgenommen worden. Die US-Justiz wirft ihm vor, für eine Ransomwarebande Lösegeldzahlungen ausgehandelt zu haben. --------------------------------------------- https://www.golem.de/news/in-paris-verhaftet-russischer-basketballprofi-soll...
∗∗∗ PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered a set of four security flaws in OpenSynergys BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors.The vulnerabilities, .. --------------------------------------------- https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html
∗∗∗ Now everybody but Citrix agrees that CitrixBleed 2 is under exploit ∗∗∗ --------------------------------------------- The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user sessions. --------------------------------------------- https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
∗∗∗ Trend Micro: Mehrere Produkte mit hochriskanten Lücken ∗∗∗ --------------------------------------------- Trend Micro hat Schwachstellenbeschreibungen veröffentlicht, die Lücken in mehreren Produkten erörtern. Updates sind verfügbar. --------------------------------------------- https://www.heise.de/news/Trend-Micro-Mehrere-Produkte-mit-hochriskanten-Lue...
∗∗∗ Hackergruppe soll 170 Cyberangriffe verübt haben ∗∗∗ --------------------------------------------- Mindestens 170 Angriffe mit Millionenschaden: Ermittler nehmen eine internationale Hackergruppe ins Visier. --------------------------------------------- https://www.heise.de/news/Hackergruppe-soll-170-Cyberangriffe-veruebt-haben-...
∗∗∗ Kritische Codeschmuggel-Lücke in Wing FTP wird angegriffen ∗∗∗ --------------------------------------------- In der Datentransfersoftware Wing FTP attackieren Angreifer eine Sicherheitslücke, die das Einschleusen von Schadcode erlaubt. --------------------------------------------- https://www.heise.de/news/Codeschmuggel-Luecke-in-Wing-FTP-wird-angegriffen-...
∗∗∗ UK Arrests Four in ‘Scattered Spider’ Ransom Group ∗∗∗ --------------------------------------------- Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer. --------------------------------------------- https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-rans...
∗∗∗ Sil3ncer Deployed – RCE, Porn Diversion, and Ransomware on an SFTP-only Server ∗∗∗ --------------------------------------------- We investigated a ransomware incident on a Windows Server 2012 host running in an SFTP-only role. The attacker delivered an attack that combined remote code execution, persistence, tunnelling, and a diversionary visit to Pornhub, before launching a ransomware payload. Background & scope An easy way in The compromised server was .. --------------------------------------------- https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-div...
∗∗∗ Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques ∗∗∗ --------------------------------------------- SLOW#TEMPEST malware uses dynamic jumps and obfuscated calls to evade detection. Unit 42 details these techniques and how to defeat them with emulation. --------------------------------------------- https://unit42.paloaltonetworks.com/slow-tempest-malware-obfuscation/
∗∗∗ Former Mexican president investigated over allegedly taking bribes from spyware industry ∗∗∗ --------------------------------------------- The investigation comes in response to an account in the Israeli business publication TheMarker, which reported that the contracts included a deal to buy Pegasus — the powerful spyware manufactured by Israel-based NSO Group. --------------------------------------------- https://therecord.media/former-mexican-president-investigated-spyware-bribes
∗∗∗ Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) ∗∗∗ --------------------------------------------- Welcome back to yet another day in this parallel universe of security.This time, we’re looking at Fortinet’s FortiWeb Fabric Connector. “What is that?” we hear you say. Thats a great question; no one .. --------------------------------------------- https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-f...