===================== = End-of-Day report = =====================

Timeframe: Mittwoch 05-11-2025 18:00 − Donnerstag 06-11-2025 18:00 Handler: Alexander Riepl Co-Handler: Felician Fuchs

===================== = News = =====================

∗∗∗ 5 AI-developed malware families analyzed by Google fail to work and are easily detected ∗∗∗ --------------------------------------------- You wouldnt know it from the hype, but the results fail to impress. --------------------------------------------- https://arstechnica.com/security/2025/11/ai-generated-malware-poses-little-r...

∗∗∗ Fernzugriff per SIM-Karte: Auch dänische Elektrobusse aus China steuerbar ∗∗∗ --------------------------------------------- Der Hersteller Yutong kann seine Elektrobusse theoretisch jederzeit aus der Ferne lahmlegen. In Dänemark sind die Fahrzeuge großflächig im Einsatz. --------------------------------------------- https://www.golem.de/news/fernzugriff-per-sim-karte-auch-daenische-elektrobu...

∗∗∗ Extortion and ransomware drive over half of cyberattacks ∗∗∗ --------------------------------------------- In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. --------------------------------------------- https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/

∗∗∗ Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection ∗∗∗ --------------------------------------------- The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. --------------------------------------------- https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html

∗∗∗ Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine ∗∗∗ --------------------------------------------- A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. --------------------------------------------- https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html

∗∗∗ Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 ∗∗∗ --------------------------------------------- Cisco on Wednesday disclosed that it became aware of a new attack variant thats designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. --------------------------------------------- https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html

∗∗∗ SonicWall fingers state-backed cyber crew for September firewall breach ∗∗∗ --------------------------------------------- Spies, not crooks, were behind digital heist – damage stopped at the backups, says US cybersec biz. SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups. --------------------------------------------- https://www.theregister.com/2025/11/06/sonicwall_fingers_statebacked_cyber_c...

∗∗∗ Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report ∗∗∗ --------------------------------------------- Mobile devices, IoT sensors, and OT systems are no longer distinct domains; they are the interconnected backbone of modern business and infrastructure. From the factory floor and hospital ward to the global supply chain, this convergence powers innovation and efficiency. However, it has also created a sprawling, interdependent attack surface that threat actors are exploiting with increasing speed and sophistication. --------------------------------------------- https://www.zscaler.com/blogs/security-research/industry-attacks-surge-mobil...

∗∗∗ Fakeshops täuschen Online-Käufer ∗∗∗ --------------------------------------------- Fakeshops ziehen den Menschen ohne Gegenleistung das Geld aus der Tasche. Laut einer Umfrage sind nicht gerade wenige User von dieser Betrugs-Masche betroffen. --------------------------------------------- https://www.heise.de/news/Fakeshops-taeuschen-Online-Kaeufer-11067321.html

∗∗∗ Have I Been Pwned: Milliarden neuer Passwörter in Sammlung ∗∗∗ --------------------------------------------- Aus Infostealer-Datensätzen konnte Have-I-Been-Pwned-Betreiber Troy Hunt 1,3 Milliarden einzigartige Passwörter extrahieren. --------------------------------------------- https://www.heise.de/news/Have-I-Been-Pwned-Milliarden-neuer-Passwoerter-in-...

∗∗∗ Bundestag: Koalition einigt sich bei NIS2-Richtlinien-Umsetzung ∗∗∗ --------------------------------------------- Unions- und SPD-Fraktion haben sich nach intensiven Verhandlungen bei der Überarbeitung der Cybersicherheitsvorgaben für Kritische Infrastrukturen geeinigt. --------------------------------------------- https://www.heise.de/news/Bundestag-Koalition-einigt-sich-bei-NIS2-Richtlini...

∗∗∗ Windows: Oktober-Sicherheitsupdates können Bitlocker-Wiederherstellung auslösen ∗∗∗ --------------------------------------------- Die Sicherheitsupdates vom Oktober-Patchday für Windows können dazu führen, dass die Bitlocker-Wiederherstellung startet. --------------------------------------------- https://www.heise.de/news/Windows-Oktober-Sicherheitsupdates-koennen-Bitlock...

∗∗∗ Cloudflare Scrubs Aisuru Botnet from Top Domains List ∗∗∗ --------------------------------------------- For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflares public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisurus overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the companys domain name system (DNS) service. --------------------------------------------- https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top...

∗∗∗ Account-Takeover: Kriminelle wollen mithilfe einer Fake-Abstimmung die Kontrolle über WhatsApp-Konten erlangen ∗∗∗ --------------------------------------------- Das Smartphone meldet sich, eine neue WhatsApp-Mitteilung ist eingegangen. Es geht um ein Voting, eine Stimme für die Tochter einer Bekannten. Als Hauptpreis winkt ein „kostenloses Stipendium“ für eine junge Nachwuchstänzerin. Dahinter versteckt sich allerdings der Versuch von Kriminellen, das WhatsApp-Konto ihrer Opfer zu übernehmen. --------------------------------------------- https://www.watchlist-internet.at/news/account-takeover-fake-abstimmung/

∗∗∗ Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming ∗∗∗ --------------------------------------------- How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data. --------------------------------------------- https://www.welivesecurity.com/en/scams/sharing-is-scaring-whatsapp-screen-s...

∗∗∗ Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry ∗∗∗ --------------------------------------------- The Russian state-backed hacking unit Sandworm has been targeting Ukraines grain industry with wiper malware amid Moscows ongoing efforts to undermine Kyivs wartime economy. --------------------------------------------- https://therecord.media/russia-sandworm-grain-wipers

∗∗∗ An Unerring Spear: Cephalus Ransomware Analysis ∗∗∗ --------------------------------------------- Cephalus is a new ransomware group that first appeared in mid-June 2025. The group claims that they are motivated 100% by financial gain. Their main method of breaching organizations is by stealing credentials through Remote Desktop Protocol (RDP) accounts that do not have multi-factor authentication (MFA) enabled. --------------------------------------------- https://asec.ahnlab.com/en/90878/

∗∗∗ Hackers Steal Personal Data and 17K Slack Messages in Nikkei Data Breach ∗∗∗ --------------------------------------------- Nikkei confirms breach after a virus infected an employee PC, exposing 17,368 names and Slack chat histories. The media giant reported the incident voluntarily. --------------------------------------------- https://hackread.com/nikkei-data-breach-hackers-steal-data-slack-messages/

∗∗∗ What GreyNoise Learned from Deploying MCP Honeypots ∗∗∗ --------------------------------------------- GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure. --------------------------------------------- https://www.greynoise.io/blog/deploying-mcp-honeypots

===================== = Vulnerabilities = =====================

∗∗∗ [UPDATE] Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Added information on first fixed releases for Cisco Secure Firewall ASA Software releases 9.12 and 9.14. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...

∗∗∗ Sicherheitslücken gefährden PCs mit Dell CloudLink und Command Monitor ∗∗∗ --------------------------------------------- Patches lösen mehrere Sicherheitsprobleme mit Dell CloudLink und Command Monitor. --------------------------------------------- https://www.heise.de/news/Unbefugte-Zugriffe-auf-Dell-CloudLink-und-Command-...

∗∗∗ WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability ∗∗∗ --------------------------------------------- A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected devices. --------------------------------------------- https://fortiguard.fortinet.com/threat-signal-report/6247

∗∗∗ Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities ∗∗∗ --------------------------------------------- Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as Android devices through Google Play and Chrome’s built-in update mechanism. --------------------------------------------- https://thecyberexpress.com/google-chrome-142-fixes-rce-flaws/

∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released four Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS: ICSA-25-310-01 Advantech DeviceOn iEdge, ICSA-25-310-02 Ubia Ubox, ICSA-25-310-03 ABB FLXeon Controllers and ICSA-25-282-01 Hitachi Energy Asset Suite (Update A). CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/11/06/cisa-releases-four-indust...

∗∗∗ CISA warns of critical CentOS Web Panel bug exploited in attacks ∗∗∗ --------------------------------------------- The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-centos...