===================== = End-of-Day report = =====================
Timeframe: Freitag 28-03-2025 18:00 − Montag 31-03-2025 18:00 Handler: Felician Fuchs Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ New Crocodilus malware steals Android users’ crypto wallet keys ∗∗∗ --------------------------------------------- A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-crocodilus-malware-steals...
∗∗∗ Smoked out - Emmenhtal spreads SmokeLoader malware ∗∗∗ --------------------------------------------- We observed a malicious campaign targeting First Ukrainian International Bank (pumb[.]ua) and noticed the usage of a stealthy malware loader known as Emmenhtal [..] also referred to by Google as Peaklight. --------------------------------------------- https://feeds.feedblitz.com/~/915916022/0/gdatasecurityblog-en~Smoked-out-Em...
∗∗∗ Hidden Malware Strikes Again: Mu-Plugins Under Attack ∗∗∗ --------------------------------------------- Recently, we’ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed in the standard WordPress plugin interface, making them less noticeable and easier for users to ignore during routine security checks. --------------------------------------------- https://blog.sucuri.net/2025/03/hidden-malware-strikes-again-mu-plugins-unde...
∗∗∗ BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability ∗∗∗ --------------------------------------------- In whats an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. --------------------------------------------- https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html
∗∗∗ BSI-Studie: Zahlreiche Schwachstellen in Krankenhausinformationssystemen ∗∗∗ --------------------------------------------- IT-Sicherheitsforscher haben im BSI-Auftrag IT-Systemen für Kliniken auf den Zahn gefühlt und Lücken gefunden, etwa bei Verschlüsselung und Zertifikaten. --------------------------------------------- https://www.heise.de/news/BSI-Studie-Zahlreiche-Schwachstellen-in-Krankenhau...
∗∗∗ Backdoor in the Backplane. Doing IPMI security better ∗∗∗ --------------------------------------------- IPMI remains a powerful but dangerously overlooked protocols in many enterprise environments. Whilst its ability to manage out of band systems is invaluable, there are significant security trade-offs – especially when outdated firmware, default credentials, and exposed interfaces are in play. As demonstrated, IPMI can lead, or aid, in a malicious actor compromising the full domain with little more than network access. --------------------------------------------- https://www.pentestpartners.com/security-blog/backdoor-in-the-backplane-doin...
∗∗∗ Preparing for the EU Radio Equipment Directive security requirements ∗∗∗ --------------------------------------------- UK & EU IoT manufacturers have more security regulation coming. [..] From 1st August 2025, mandatory cybersecurity requirements come into effect under the EU’s Radio Equipment Directive (2014/53/EU), or RED. --------------------------------------------- https://www.pentestpartners.com/security-blog/preparing-for-the-eu-radio-equ...
∗∗∗ Oracle Health gehackt, US-Patientendaten abgeflossen ∗∗∗ --------------------------------------------- Cyberkriminelle sind laut Berichten nach dem 22. Januar 2025 in die Server des US-Tech-Unternehmens Cerner Oracle Health eingedrungen. Es besteht der Verdacht, dass Patientendaten von US-Bürgern abgezogen wurden. Das FBI untersucht den Vorfall, der Fragen nach der Sicherheit bei Oracle aufkommen lässt. Denn es ist der zweite Sicherheitsvorfall binnen weniger Tage, der bekannt wird. --------------------------------------------- https://www.borncity.com/blog/2025/03/30/oracle-health-gehackt-us-patientend...
∗∗∗ SVG Phishing Malware Being Distributed with Analysis Obstruction Feature ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) recently identified a phishing malware being distributed in Scalable Vector Graphics (SVG) format. --------------------------------------------- https://asec.ahnlab.com/en/87078/
∗∗∗ Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service ∗∗∗ --------------------------------------------- Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage for customers. --------------------------------------------- https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incide...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (amd64-microcode, flatpak, intel-microcode, libdata-entropy-perl, librabbitmq, and vim), Fedora (augeas, containerd, crosswords-puzzle-sets-xword-dl, libssh2, libxml2, nodejs-nodemon, and webkitgtk), Red Hat (libreoffice and python-jinja2), SUSE (389-ds, apparmor, corosync, docker, docker-stable, erlang26, exim, ffmpeg-4, govulncheck-vulndb, istioctl, matrix-synapse, mercurial, openvpn, python3, rke2, and skopeo), and Ubuntu (ansible, linux, linux-hwe-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux-azure-fips, linux-gcp-fips, linux-fips, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-realtime, linux-intel-iot-realtime, linux-xilinx-zynqmp, opensc, and ruby-doorkeeper). --------------------------------------------- https://lwn.net/Articles/1015968/
∗∗∗ IBM InfoSphere Information Server: Unbefugte Zugriffe möglich ∗∗∗ --------------------------------------------- Die Datenintegrationsplattform IBM InfoSphere Information Server ist verwundbar. Die Entwickler haben mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/news/IBM-InfoSphere-Information-Server-Unbefugte-Zugrif...
∗∗∗ ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4 ∗∗∗ --------------------------------------------- Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched. --------------------------------------------- https://projectblack.io/blog/zendto-nday-vulnerabilities/