===================== = End-of-Day report = =====================
Timeframe: Mittwoch 03-09-2025 18:00 − Donnerstag 04-09-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet ∗∗∗ --------------------------------------------- The three certificates were issued in May but only came to light Wednesday. --------------------------------------------- https://arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1...
∗∗∗ Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn ∗∗∗ --------------------------------------------- A new specimen of “infostealer” malware offers a disturbing feature: It monitors a targets browser for NSFW content, then takes simultaneous screenshots and webcam photos of the victim. --------------------------------------------- https://www.wired.com/story/stealerium-infostealer-porn-sextortion/
∗∗∗ Serientäter bekennen sich zu IT-Angriff auf Jaguar Land Rover ∗∗∗ --------------------------------------------- Drei britische Verbrecherbanden haben sich offenbar zusammengetan. Sie prahlen mit der IT-Attacke auf Jaguar Land Rover. --------------------------------------------- https://www.heise.de/news/Serientaeter-bekennen-sich-zu-IT-Angriff-auf-Jagua...
∗∗∗ Kritische Infrastrukturen: Attacken auf industrielle Kontrollsysteme möglich ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für industrielle Kontrollsysteme von unter anderem Hitachi erschienen. Ein Patch steht aber noch aus. --------------------------------------------- https://www.heise.de/news/Kritische-Infrastrukturen-Attacken-auf-industriell...
∗∗∗ TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts ∗∗∗ --------------------------------------------- The Quad7 botnet is adding End-of-Life TP-Link routers to its arsenal and using them to steal Microsoft 365 accounts. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/09/tp-link-warns-of-botnet-infec...
∗∗∗ Microsoft-Support-Betrug: Phishing-Falle statt Online-Hilfe ∗∗∗ --------------------------------------------- Drängt ein Pop-up-Fenster zu einem Anruf bei der Microsoft-Helpline, ist allerhöchste Vorsicht angesagt! Hinter der Aufforderung warten nämlich keine IT-Expert:innen darauf, bei Computerproblemen weiterzuhelfen. Vielmehr wollen Kriminelle auf diesem Weg Zugriff auf das Konto ihrer Opfer bekommen. --------------------------------------------- https://www.watchlist-internet.at/news/microsoft-support-betrug/
∗∗∗ Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak ∗∗∗ --------------------------------------------- Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google’s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data. --------------------------------------------- https://hackread.com/scattered-lapsus-hunters-google-fire-experts-data-leak/
∗∗∗ 25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming ∗∗∗ --------------------------------------------- GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a significant elevation above baseline, typically registering at less than 500 IPs per day. --------------------------------------------- https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices
∗∗∗ ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) ∗∗∗ --------------------------------------------- In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine keys to perform remote code .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deseriali...
∗∗∗ Cookie Chaos: How to bypass __Host and __Secure cookie prefixes ∗∗∗ --------------------------------------------- Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and .. --------------------------------------------- https://portswigger.net/research/cookie-chaos-how-to-bypass-host-and-secure-...
∗∗∗ Linux Kernel SMB 0-Day Vulnerability CVE-2025-37899 Uncovered Using ChatGPT o3 ∗∗∗ --------------------------------------------- For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s o3. Discovered by security researcher Sean Heelan and assigned .. --------------------------------------------- https://www.upwind.io/feed/linux-kernel-smb-0-day-vulnerability-cve-2025-378...
∗∗∗ s1ngularitys Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack ∗∗∗ --------------------------------------------- A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation. --------------------------------------------- https://www.wiz.io/blog/s1ngularitys-aftermath
∗∗∗ Nx Investigation Reveals GitHub Actions Workflow Exploit Led to npm Token Theft, Prompting Switch to Trusted Publishing ∗∗∗ --------------------------------------------- On August 26, 2025, the JavaScript ecosystem witnessed a watershed moment in supply chain security. The popular Nx build system, with over 4.6 million weekly downloads, fell victim to an attack that stole thousands of credentials and pioneered a disturbing new technique: weaponizing AI developer tools for scaling reconnaissance and data theft.The Nx team .. --------------------------------------------- https://socket.dev/blog/nx-supply-chain-attack-investigation-github-actions-...
∗∗∗ Exploit development for IBM i ∗∗∗ --------------------------------------------- At TROOPERS24, we demonstrated how IBM i systems – still widely used in enterprise environments – can be compromised in both authenticated and unauthenticated scenarios, using only built-in services and a basic understanding of the underlying mechanisms. Despite being labeled “legacy,” these systems remain active in finance, logistics, and manufacturing, often handling critical workloads with little attention paid to their security posture. --------------------------------------------- https://blog.silentsignal.eu/2025/09/04/Exploit-development-for-IBM-i/