===================== = End-of-Day report = =====================
Timeframe: Freitag 10-10-2025 18:01 − Montag 13-10-2025 18:00 Handler: Felician Fuchs Co-Handler: Felician Fuchs
===================== = News = =====================
∗∗∗ Oracle releases emergency patch for new E-Business Suite flaw ∗∗∗ --------------------------------------------- Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-pat...
∗∗∗ Windows 11 23H2 Home and Pro reach end of support in 30 days ∗∗∗ --------------------------------------------- Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro...
∗∗∗ Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks ∗∗∗ --------------------------------------------- In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks. --------------------------------------------- https://www.darkreading.com/cybersecurity-operations/chinese-hackers-velocir...
∗∗∗ New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims PCs ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. --------------------------------------------- https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.ht...
∗∗∗ Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. --------------------------------------------- https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
∗∗∗ Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor ∗∗∗ --------------------------------------------- Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users devices. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html
∗∗∗ Invoicely Database Leak Exposes 180,000 Sensitive Records ∗∗∗ --------------------------------------------- Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide. --------------------------------------------- https://hackread.com/invoicely-database-leak-expose-sensitive-records/
∗∗∗ 100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure ∗∗∗ --------------------------------------------- Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in the United States. --------------------------------------------- https://www.greynoise.io/blog/botnet-launches-coordinated-rdp-attack-wave
∗∗∗ Kundendaten von Qantas im Netz – auch die von Troy Hunt ∗∗∗ --------------------------------------------- Im Juli erbeuteten Angreifer wichtige Daten bei der australischen Airline. Noch ist nicht klar, was davon jetzt im Netz kursiert. --------------------------------------------- https://heise.de/-10750869
∗∗∗ Critical GitHub Copilot Vulnerability Leaks Private Source Code ∗∗∗ --------------------------------------------- In June 2025, I found a critical vulnerability in GitHub Copilot Chat (CVSS 9.6) that allowed silent exfiltration of secrets and source code from private repos, and gave me full control over Copilot’s responses, including suggesting malicious code or links. --------------------------------------------- https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerab...
∗∗∗ North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads ∗∗∗ --------------------------------------------- The Contagious Interview operation continues to weaponize the npm registry with a repeatable playbook. Since our July 14, 2025 update, we have identified and analyzed more than 338 malicious packages with over 50,000 cumulative downloads. --------------------------------------------- https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malici...
===================== = Vulnerabilities = =====================
∗∗∗ VU#538470: Clevo UEFI firmware embedded BootGuard keys compromising Clevos implementation of BootGuard ∗∗∗ --------------------------------------------- Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot UEFI environment on systems where Clevo’s implementation has been adopted. --------------------------------------------- https://kb.cert.org/vuls/id/538470
∗∗∗ Oracle Security Alert for CVE-2025-61884 - 11 October 2025 ∗∗∗ --------------------------------------------- This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources. --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (compat-libtiff3, iputils, kernel, open-vm-tools, and vim), Debian (asterisk, ghostscript, kernel, linux-6.1, and tiff), Fedora (cef, chromium, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildx, log4cxx, mingw-poppler, openssl, podman-tui, prometheus-podman-exporter, python-socketio, python3.10, python3.11, python3.12, python3.9, skopeo, and valkey), Mageia (open-vm-tools), Red Hat (compat-libtiff3, kernel, kernel-rt, vim, and webkit2gtk3), and SUSE (distrobuilder, docker-stable, expat, forgejo, forgejo-longterm, gitea-tea, go1.25, haproxy, headscale, open-vm-tools, openssl-3, podman, podofo, ruby3.4-rubygem-rack, and weblate). --------------------------------------------- https://lwn.net/Articles/1041779/
∗∗∗ Two High Checkmk advisories released ∗∗∗ --------------------------------------------- SBAResearch published the following advisories for checkmk: SBA-ADV-20250724-01: Checkmk Agent Privilege Escalation via Insecure Temporary Files, SBA-ADV-20250730-01: Checkmk Path Traversal. --------------------------------------------- https://github.com/sbaresearch/advisories/commit/e84ca741ae34d372b4f7b294ad9...
∗∗∗ Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit ∗∗∗ --------------------------------------------- An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately. --------------------------------------------- https://hackread.com/auth-bypass-service-finder-wordpress-plugin-exploit/
∗∗∗ BigBlueButton: Update fürs Webkonferenz-System fixt Denial-of-Service-Lücken ∗∗∗ --------------------------------------------- Die Entwickler des quelloffenen Webkonferenz-Systems BigBlueButton (BBB) für Windows- und Linux-Server haben mit einem Update auf Version 3.0.13 mehrere Angriffsmöglichkeiten beseitigt. --------------------------------------------- https://heise.de/-10751398