===================== = End-of-Day report = =====================

Timeframe: Montag 23-06-2025 18:00 − Dienstag 24-06-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

===================== = News = =====================

∗∗∗ Auswirkungen des militärischen Konfliktes zwischen Israel und dem Iran auf Österreich ∗∗∗ --------------------------------------------- Vorliegende Analysen internationaler Behörden und Sicherheitsunternehmen verzeichnen seit dem Beginn der aktuellen militärischen Auseinandersetzung zwischen Israel und dem Iran verstärkte Aktivitäten von Bedrohungsakteuren aller Konfliktparteien. [..] Laut unseren bisherigen Beobachtungen gab es bisher noch keine direkten Angriffe oder Auswirkungen auf lokale Unternehmen oder Organisationen. --------------------------------------------- https://www.cert.at/de/aktuelles/2025/6/auswirkungen

∗∗∗ FileFix attack weaponizes Windows File Explorer for stealthy commands ∗∗∗ --------------------------------------------- A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows. --------------------------------------------- https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-win...

∗∗∗ Polizei-Handys seit Cyberangriff nicht nutzbar ∗∗∗ --------------------------------------------- Ein Angriff auf die Diensthandys der Polizei in Mecklenburg-Vorpommern könnte größere Folgen haben als angenommen. Derzeit sind die Handys nicht im Einsatz. --------------------------------------------- https://heise.de/-10456563

∗∗∗ BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter ∗∗∗ --------------------------------------------- Eine neue Untersuchung des BSI zeigt einen bedenklichen Trend. Menschen verhalten sich im Netz trotz hoher Bedrohungslage immer unvorsichtiger. --------------------------------------------- https://www.golem.de/news/bsi-warnt-immer-weniger-menschen-nutzen-2fa-und-si...

∗∗∗ Remote code execution in CentOS Web Panel - CVE-2025-48703 ∗∗∗ --------------------------------------------- This exploitation scenario has been tested on versions 0.9.8.1204 and 0.9.8.1188 on Centos7 and reported to CWP developers the 13th of May 2025 as CVE-2025-48703. It allows a remote attacker who knows a valid username on a CWP instance to execute pre-authenticated arbitrary commands on the server. The vulnerability has been patched on latest version 0.9.8.1205 during June 2025. --------------------------------------------- https://fenrisk.com/rce-centos-webpanel

∗∗∗ The State of Ransomware 2025 ∗∗∗ --------------------------------------------- Explore the causes and consequences of ransomware in 2025 based on findings from a vendor-agnostic survey of 3,400 organizations hit by ransomware in the last year. --------------------------------------------- https://news.sophos.com/en-us/2025/06/24/the-state-of-ransomware-2025/

∗∗∗ Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. --------------------------------------------- https://thehackernews.com/2025/06/echo-chamber-jailbreak-tricks-llms-like.ht...

∗∗∗ Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network ∗∗∗ --------------------------------------------- Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. --------------------------------------------- https://thehackernews.com/2025/06/hackers-exploit-misconfigured-docker.html

∗∗∗ A Deep Dive into a Modular Malware Family ∗∗∗ --------------------------------------------- In today’s blog post we highlighted an interesting malware family targeting various systems with diverse capabilities, including stealing credit card information and WordPress credentials. Additionally, we detailed a novel bundle of credit card skimmers and malicious WordPress plugins which combines malicious actions with features developed for the attacker’s convenience. --------------------------------------------- https://www.wordfence.com/blog/2025/06/a-deep-dive-into-a-modular-malware-fa...

===================== = Vulnerabilities = =====================

∗∗∗ Splunk Security Advisories 2025-06-23 ∗∗∗ --------------------------------------------- Splunk released 4 security advisories (1x critical). --------------------------------------------- https://advisory.splunk.com//advisories

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dns-root-data and xorg-server), Fedora (glibc, mingw-glib2, and optipng), Red Hat (iputils, kernel, kernel-rt, krb5, libarchive, mod_auth_openidc, mod_proxy_cluster, and xorg-x11-server-Xwayland), SUSE (python313), and Ubuntu (fig2dev, gnuplot, gss-ntlmssp, linux, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-aws-5.15, linux-gcp-5.15, linux-ibm-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-aws-fips, linux-fips, linux-gcp-fips, linux-hwe-5.15, and linux-intel-iot-realtime, linux-realtime). --------------------------------------------- https://lwn.net/Articles/1026646/

∗∗∗ Kanboard: Sicherheitslücke ermöglicht Kontoübernahme ∗∗∗ --------------------------------------------- In dem Open-Source-Kanban Kanboard können Angreifer Links fälschen, die zur Kontoübernahme führen. [..] Die Kanboard-Entwickler stellen aktualisierte Quellen und auch Docker-Container bereit, sie verlinken sie in den Release-Notes und erörtern das Docker-Update. --------------------------------------------- https://heise.de/-10457116

∗∗∗ Mozilla Firefox June 24, 2025 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/

∗∗∗ f5: K000151924: runc vulnerability CVE-2024-45310 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000151924

∗∗∗ Case update: DIVD-2025-00032 - Unauthenticated Arbitrary Remote Code Execution in Pterodactyl ∗∗∗ --------------------------------------------- https://csirt.divd.nl/cases/DIVD-2025-00032/