===================== = End-of-Day report = =====================

Timeframe: Freitag 20-06-2025 18:00 − Montag 23-06-2025 18:00 Handler: Felician Fuchs Co-Handler: n/a

===================== = News = =====================

∗∗∗ WordPress Motors theme flaw mass-exploited to hijack admin accounts ∗∗∗ --------------------------------------------- Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-motors-theme-flaw-m...

∗∗∗ Canada says Salt Typhoon hacked telecom firm via Cisco flaw ∗∗∗ --------------------------------------------- The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored Salt Typhoon hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. --------------------------------------------- https://www.bleepingcomputer.com/news/security/canada-says-salt-typhoon-hack...

∗∗∗ ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware ∗∗∗ --------------------------------------------- Since March 2025 there has been a noticeable increase in infections and fake applications using validly signed ConnectWise samples. We reveal how bad signing practices allow threat actors to abuse this legitimate software to build and distribute their own signed malware and what security vendors can do to detect them. --------------------------------------------- https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware

∗∗∗ SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play ∗∗∗ --------------------------------------------- SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users galleries. --------------------------------------------- https://securelist.com/sparkkitty-ios-android-malware/116793/

∗∗∗ Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms ∗∗∗ --------------------------------------------- The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a "Call Lawyer" feature on the affiliate panel, per Israeli cybersecurity company Cybereason. --------------------------------------------- https://thehackernews.com/2025/06/qilin-ransomware-adds-call-lawyer.html

∗∗∗ Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks ∗∗∗ --------------------------------------------- Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. --------------------------------------------- https://thehackernews.com/2025/06/google-adds-multi-layered-defenses-to.html

∗∗∗ XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said. --------------------------------------------- https://thehackernews.com/2025/06/xdigo-malware-exploits-windows-lnk-flaw.ht...

∗∗∗ Rekord bei DDoS-Attacke mit 7,3 TBit/s ∗∗∗ --------------------------------------------- Cloudflare hat Mitte Mai den "größten jemals registrierten" Denial-of-Service-Angriff (DDoS) mit bislang kaum für möglich gehaltenen 7,3 Terabit pro Sekunde (TBit/s) blockiert. Dies teilte der US-Anbieter rund um Lösungen für IT-Sicherheit und Internetperformance am Freitag mit. --------------------------------------------- https://www.heise.de/news/Junk-Traffic-Flut-Rekord-DDoS-Angriff-auf-Provider...

∗∗∗ Gefälschte Mahn-SMS im Namen des Finanzministeriums! ∗∗∗ --------------------------------------------- Derzeit gibt es eine Phishing-Welle mit angeblichen SMS des Bundesministeriums für Finanzen (BMF). Darin wird behauptet, dass eine Pfändung bevorsteht, weil angeblich mehrere Mahnungen ignoriert wurden. Achtung: Zahlen Sie diese Forderung nicht! Die Nachricht stammt nicht vom Finanzministerium und Ihr Geld landet bei Kriminellen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-mahn-sms-im-namen-des-fin...

∗∗∗ New Detection Method Uses Hackers’ Own Jitter Patterns Against Them ∗∗∗ --------------------------------------------- A new detection method from Varonis Threat Labs turns hackers sneaky random patterns into a way to catch hidden cyberattacks. Learn about Jitter-Trap and how it boosts cybersecurity defenses. --------------------------------------------- https://hackread.com/cyber-detection-hackers-jitter-patterns-against-them/

∗∗∗ Report Warns of Sophisticated DDoS Campaigns Crippling Global Banks ∗∗∗ --------------------------------------------- A new FS-ISAC and Akamai report warns that sophisticated DDoS attacks are severely impacting the global financial sector, leading to multi-day outages. Learn about these evolving threats and how institutions can strengthen defences. --------------------------------------------- https://hackread.com/sophisticated-ddos-campaigns-crippling-global-banks/

∗∗∗ Mehr Sicherheit, weniger Handarbeit: AWS bringt die KI-Security ∗∗∗ --------------------------------------------- Security Hub, Shield und GuardDuty XTD erhalten neue Funktionen: Mit einer speziell trainierten KI will AWS wichtige Sicherheitsmaßnahmen beschleunigen. --------------------------------------------- https://heise.de/-10455859

∗∗∗ Ukrainian Government Systems Targeted With Backdoors Hidden in Cloud APIs and Docs ∗∗∗ --------------------------------------------- Russia-linked hackers are back at it again, this time with upgraded tools and a stealthier playbook targeting Ukrainian government systems. --------------------------------------------- https://thecyberexpress.com/ukrainian-government-systems-targeted/

===================== = Vulnerabilities = =====================

∗∗∗ Öffnen reicht: Winrar-Lücke lässt Angreifer Schadcode ausführen ∗∗∗ --------------------------------------------- Der Entwickler von Winrar hat in seinem weit verbreiteten Packprogramm eine gefährliche Sicherheitslücke geschlossen, die es Angreifern ermöglicht, auf fremden Systemen eigenen Code zur Ausführung zu bringen. Der Patch scheint bisher nur in der am 10. Juni veröffentlichten Beta-Version Winrar 7.12 Beta 1 enthalten zu sein. --------------------------------------------- https://www.golem.de/news/packprogramm-winrar-schwachstelle-ermoeglicht-ausf...

∗∗∗ IBM QRadar SIEM: Autoupdate-Dateien mit Schadcode verseuchbar ∗∗∗ --------------------------------------------- Angreifer können an mehreren Sicherheitslücken in IBM QRadar SIEM ansetzen und im schlimmsten Fall Schadcode ausführen. Ein Sicherheitspatch schließt mehrere Lücken. --------------------------------------------- https://www.heise.de/news/IBM-QRadar-SIEM-Autoupdate-Dateien-mit-Schadcode-v...

∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (libblockdev and open-vm-tools), Debian (debian-security-support, gdk-pixbuf, konsole, and node-send), Fedora (apache-commons-beanutils, chromium, clamav, dotnet9.0, libblockdev, mediawiki, mingw-python-setuptools, pam, perl-File-Find-Rule, python-pycares, python-setuptools, spdlog, udisks2, and xorg-x11-server-Xwayland), Mageia (chromium-browser-stable), Oracle (apache-commons-beanutils, container-tools:ol8, gimp:2.8, idm:DL1, perl-FCGI:0.78, and postgresql), Red Hat (container-tools:rhel8, delve, git-lfs, go-toolset:rhel8, grafana, kernel, mod_auth_openidc, and spice-client-win), SUSE (apache-commons-beanutils, apache2-mod_security2, distribution, gstreamer-plugins-good, icu, ignition, perl, python310, python311, python312, and python39), and Ubuntu (apache-log4j1.2 and botan). --------------------------------------------- https://lwn.net/Articles/1026498/

∗∗∗ Fortinet: Buffer overflow in fgfmd ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-24-036

∗∗∗ F5: K000151740, Ruby vulnerability CVE-2024-47220 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000151740

∗∗∗ Fortinet: Teleport Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/threat-signal-report/6132