===================== = End-of-Day report = =====================
Timeframe: Dienstag 05-08-2025 18:00 − Mittwoch 06-08-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler
===================== = News = =====================
∗∗∗ Driver of destruction: How a legitimate driver is being used to take down AV processes ∗∗∗ --------------------------------------------- In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. --------------------------------------------- https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/
∗∗∗ CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. --------------------------------------------- https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.htm...
∗∗∗ CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures ∗∗∗ --------------------------------------------- The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. --------------------------------------------- https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html
∗∗∗ GenAI Used For Phishing Websites Impersonating Brazil’s Government ∗∗∗ --------------------------------------------- In this blog post, ThreatLabz explores a campaign that uses generative AI tools like DeepSite AI and BlackBox AI to create malicious replicas of Brazil's State Department of Traffic and Ministry of Education. --------------------------------------------- https://www.zscaler.com/blogs/security-research/genai-used-phishing-websites...
∗∗∗ Kriminelle versenden gefälschte Zahlungsaufforderungen im Namen der WKO ∗∗∗ --------------------------------------------- Die Wirtschatfskammer Österreich (WKO) ist erneut Ziel einer Phishing-Attacke geworden. Aktuell kursiert eine betrügerische E-Mail, die vorgibt, von der WKO zu stammen. In der E-Mail wird der Eindruck erweckt, dass eine ausstehende Mitgliedsrechnung bezahlt werden müsse. Das Ziel der Attacke ist es, an persönliche Informationen und Log-in-Daten zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versenden-gefaelschte-zahl...
∗∗∗ Makop Ransomware Identified in Attacks in South Korea ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by disguising as resumes or emails related to copyrights for several years. Recently, it has been reported that the ransomware is exploiting RDP for attacks. --------------------------------------------- https://asec.ahnlab.com/en/89397/
∗∗∗ The Cost of a Call: From Voice Phishing to Data Extortion ∗∗∗ --------------------------------------------- In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations. The instance was used to store contact information and related notes for small and medium businesses. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data...
===================== = Vulnerabilities = =====================
∗∗∗ Experience Manager: Adobe patcht 90 Tage nicht und bringt nun Notfallupdate ∗∗∗ --------------------------------------------- Da Proof-of-Concept-Code im Umlauf ist, könnten Angriffe auf Adobe Experience Manager bevorstehen. Angreifer können an zwei Sicherheitslücken [..] ansetzen, um Systeme zu attackieren. Die Schwachstellen sind seit April dieses Jahres bekannt, Sicherheitspatches gibt es aber erst jetzt. --------------------------------------------- https://www.heise.de/news/Experience-Manager-Adobe-patcht-90-Tage-nicht-und-...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi). --------------------------------------------- https://lwn.net/Articles/1032700/
∗∗∗ Docker: Sicherheitsalptraum MCP – sechs Lücken identifiziert ∗∗∗ --------------------------------------------- Die Containerplattform Docker warnt vor Sicherheitsrisiken, die sich durch die Nutzung von MCP-Quellen ergeben und Angreifern leichten Zugriff auf Dateien, Datenbanken, Netzwerk und Secrets eröffnen. Außerdem können die Täter weitreichend Befehle absetzen und schädlichen Code einschleusen. --------------------------------------------- https://heise.de/-10510262
∗∗∗ Sicherheitsupdates: Root-Attacken auf Dell PowerProtect und Unity möglich ∗∗∗ --------------------------------------------- Um möglichen Attacken vorzubeugen, sollten Admins Dell PowerProtect Data Domain und Unity, UnityVSA sowie Unity XT auf den aktuellen Stand bringen. Geschieht das nicht, können Angreifer unter anderem mit Root-Rechten auf Instanzen zugreifen und diese kompromittieren. --------------------------------------------- https://heise.de/-10511706
∗∗∗ JVN: Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN16547726/
∗∗∗ ZDI-25-771: Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-771/
∗∗∗ ZDI-25-807: (0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-807/
∗∗∗ Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/08/stable-channel-update-for-deskt...