===================== = End-of-Day report = =====================
Timeframe: Dienstag 08-07-2025 18:00 − Mittwoch 09-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ New Android TapTrap attack fools users with invisible UI trick ∗∗∗ --------------------------------------------- A novel tapjacking technique can exploit user interface animations to bypass Androids permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-android-taptrap-attack-fo...
∗∗∗ Update nicht verteilt: Mainboard-Hersteller laut AMD schuld an ungefixtem TPM-Bug ∗∗∗ --------------------------------------------- Schon seit 2022 hat AMD einen Fix für einen Bug, der Windows-Nutzer mit aktivem Bitlocker aussperren kann. Doch die Mainboard-Hersteller liefern nicht. --------------------------------------------- https://www.golem.de/news/fix-nicht-ausgeliefert-amd-kritisiert-mainboard-he...
∗∗∗ Massive browser hijacking campaign infects 2.3M Chrome, Edge users ∗∗∗ --------------------------------------------- These extensions werent malware-laced from the start, researcher says A Chrome and Edge extension with more than 100,000 downloads that displays Googles verified badge does what it purports to do: It delivers a color picker to users. Unfortunately, it also .. --------------------------------------------- https://www.theregister.com/2025/07/08/browser_hijacking_campaign/
∗∗∗ Patchday: Microsoft schließt 100.000-$-Lücke in SharePoint aus Hacker-Wettbewerb ∗∗∗ --------------------------------------------- Update-Sammlung veröffentlicht: Um Attacken vorzubeugen, sollten Admins sicherstellen, dass ihre Microsoft-Produkte auf dem aktuellen Stand sind. --------------------------------------------- https://www.heise.de/news/Patchday-Microsoft-schliesst-100-000-Luecke-in-Sha...
∗∗∗ Patchday: Adobe schützt After Effects & Co. vor möglichen Attacken ∗∗∗ --------------------------------------------- Mehrere Adobe-Anwendungen sind unter anderem für DoS- und Schadcode-Attacken anfällig. Sicherheitsupdates schaffen Abhilfe. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-schuetzt-After-Effects-Co-vor-moegl...
∗∗∗ Advancing Protection in Chrome on Android ∗∗∗ --------------------------------------------- Android recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced .. --------------------------------------------- http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.htm...
∗∗∗ Angeblicher Gewinn im Namen von MediaMarkt führt in Abofalle ∗∗∗ --------------------------------------------- Sie haben eine E-Mail im Namen von MediaMarkt mit einer angeblichen Gewinnbenachrichtigung erhalten? Darin sollen Sie auf einen Link klicken und zwei Euro Versandgebühr zahlen, um den Gewinn einzulösen? Dann ist Vorsicht geboten! Dahinter verbirgt sich kein Gewinn, sondern eine teure Abofalle. --------------------------------------------- https://www.watchlist-internet.at/news/angeblicher-gewinn-bei-media-markt-fu...
∗∗∗ Kritische Sicherheitslücke CVE-2025-47981 in Windows SPNEGO - Update dringend empfohlen ∗∗∗ --------------------------------------------- Microsoft hat eine kritische Sicherheitslücke im Windows SPNEGO Extended Negotiation (NEGOEX) Security Mechanism veröffentlicht. Die Schwachstelle ermöglicht es Angreifern, aus der Ferne und ohne Authentifizierung beliebigen Code auf .. --------------------------------------------- https://www.cert.at/de/warnungen/2025/7/kritische-sicherheitslucke-cve-2025-...
∗∗∗ Iranian ransomware group offers bigger payouts for attacks on Israel, US ∗∗∗ --------------------------------------------- The Iran-linked ransoware-as-a-service group Pay2Key.I2P told affiliates that they can keep a larger cut of extortion payments if they attack entities within Irans adversaries. --------------------------------------------- https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
∗∗∗ Treasury sanctions key player behind North Korean IT worker scheme ∗∗∗ --------------------------------------------- The United States identified and sanctioned another North Korean involved with the countrys IT worker schemes, this time for illicit operations based in China and Russia. --------------------------------------------- https://therecord.media/north-korea-it-worker-scheme-us-sanctions-song-kum-h...
∗∗∗ Fake CNN and BBC sites used to push investment scams ∗∗∗ --------------------------------------------- Thousands of web pages falsely branded as popular news sites are conduits for fake cryptocurrency investment scams, researchers said. --------------------------------------------- https://therecord.media/news-websites-faked-to-spread-investment-scams
∗∗∗ CVE-2025-48384: Breaking git with a carriage return and cloning RCE ∗∗∗ --------------------------------------------- tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed version of Git and other software that embeds Git (including GitHub Desktop). --------------------------------------------- https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
∗∗∗ Supabase MCP can leak your entire SQL database ∗∗∗ --------------------------------------------- Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces. In this post, we show how an attacker can exploit Supabase’s MCP integration to leak a developer’s private SQL tables. --------------------------------------------- https://www.generalanalysis.com/blog/supabase-mcp-blog
===================== = Vulnerabilities = =====================
∗∗∗ A set of Git security-fix releases ∗∗∗ --------------------------------------------- Versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 andv2.50.1 of the Git source-code management system have been released."This is a set of coordinated security fix releases. Please update at your earliest convenience". See the announcement for details;many of the vulnerabilities have to do with tricks buried in untrusted repositories. --------------------------------------------- https://lwn.net/Articles/1029182/
∗∗∗ SQL injection in forward module ∗∗∗ --------------------------------------------- An Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability [CWE-89] in FortiManager and FortiAnalyzer may allow an authenticated attacker with high privilege to extract database information via crafted requests. --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-24-437