===================== = End-of-Day report = =====================
Timeframe: Donnerstag 16-10-2025 18:00 − Freitag 17-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ Microsoft: Office 2016 and Office 2019 have reached end of support ∗∗∗ --------------------------------------------- Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-of...
∗∗∗ Hackers exploit Cisco SNMP flaw to deploy rootkit on switches ∗∗∗ --------------------------------------------- Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-fl...
∗∗∗ Post-exploitation framework now also delivered via npm ∗∗∗ --------------------------------------------- The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. --------------------------------------------- https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
∗∗∗ A Surprising Amount of Satellite Traffic Is Unencrypted ∗∗∗ --------------------------------------------- We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls .. --------------------------------------------- https://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satell...
∗∗∗ Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign ∗∗∗ --------------------------------------------- Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were "used in fake Teams setup files to .. --------------------------------------------- https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html
∗∗∗ Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code.The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is .. --------------------------------------------- https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.htm...
∗∗∗ Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks ∗∗∗ --------------------------------------------- Networking software company F5 disclosed a long-term breach of its systems this week. The fallout could be severe. --------------------------------------------- https://www.wired.com/story/f5-hack-networking-software-big-ip/
∗∗∗ Cyberkriminelle erbeuten Kundendaten von Modekonzern Mango ∗∗∗ --------------------------------------------- Kundendaten von Mango geklaut – jetzt warnt der Modekonzern vor gefälschten E-Mails und Anrufen. Was Betroffene jetzt wissen müssen. --------------------------------------------- https://www.heise.de/news/Cyberkriminelle-erbeuten-Kundendaten-von-Modekonze...
∗∗∗ IP-Telefonie: Cisco und Ubiquiti stellen Sicherheits-Updates bereit ∗∗∗ --------------------------------------------- Aktualisierungen für Ubiquitis UniFi Talk sowie für mehrere IP-Telefonserien von Cisco schließen Sicherheitslücken mit "High"-Einstufung. --------------------------------------------- https://www.heise.de/news/IP-Telefonie-Cisco-und-Ubiquiti-stellen-Sicherheit...
∗∗∗ Email Bombs Exploit Lax Authentication in Zendesk ∗∗∗ --------------------------------------------- Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. --------------------------------------------- https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-i...
∗∗∗ Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities ∗∗∗ --------------------------------------------- A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others. --------------------------------------------- https://unit42.paloaltonetworks.com/nation-state-threat-actor-steals-f5-sour...
∗∗∗ A review of the “Concluding report of the High-Level Group on access to data for effective law enforcement” ∗∗∗ --------------------------------------------- As I’ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a “High-Level Group on access to data for effective .. --------------------------------------------- https://www.cert.at/en/blog/2025/10/hlg-paper-review
∗∗∗ European police bust network selling thousands of phone numbers to scammers ∗∗∗ --------------------------------------------- Authorities raided a "SIM farm" operation that used tens of thousands of cards to enable fraud in several European countries, including Latvia and Austria. --------------------------------------------- https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia
∗∗∗ .NET Security Group: Partnerunternehmen erhalten frühzeitig Security-Patches ∗∗∗ --------------------------------------------- Unternehmen mit eigener .NET-Distribution können der bestehenden Sicherheitsgruppe beitreten und frühzeitig Patches für Sicherheitslücken einbinden. --------------------------------------------- https://heise.de/-10773932
∗∗∗ How I Almost Got Hacked By A Job Interview ∗∗∗ --------------------------------------------- I was 30 seconds away from running malware on my machine. The attack vector? A fake coding interview from a "legitimate" blockchain company. Here's how a sophisticated scam operation almost got me, and why every developer needs to read this. --------------------------------------------- https://blog.daviddodda.com/how-i-almost-got-hacked-by-a-job-interview
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel and libssh), Debian (firefox-esr and pgpool2), Mageia (varnish & lighttpd), Red Hat (python3, python3.11, python3.12, python3.9, and python39:3.9), SUSE (expat, gstreamer-plugins-rs, kernel, openssl1, pgadmin4, python311-ldap, and squid), and Ubuntu (dotnet8, dotnet9, dotnet10 and mupdf). --------------------------------------------- https://lwn.net/Articles/1042452/