===================== = End-of-Day report = =====================

Timeframe: Montag 03-11-2025 18:00 − Dienstag 04-11-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

===================== = News = =====================

∗∗∗ Fake Solidity VSCode extension on Open VSX backdoors developers ∗∗∗ --------------------------------------------- A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-solidity-vscode-extensio...

∗∗∗ Lösegeldverhandler angeklagt: Ex-Cyberangestellte sollen Unternehmen gehackt haben ∗∗∗ --------------------------------------------- Drei Ex-Mitarbeiter von Cybersecurityfirmen scheinen ein äußerst fragwürdiges Nebengeschäft betrieben zu haben. Es war Ransomware im Spiel. --------------------------------------------- https://www.golem.de/news/ex-mitarbeiter-angeklagt-loesegeldverhandler-wohl-...

∗∗∗ SesameOp: Novel backdoor uses OpenAI Assistants API for command and control ∗∗∗ --------------------------------------------- Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-back...

∗∗∗ Apple Patches Everything, Again, (Tue, Nov 4th) ∗∗∗ --------------------------------------------- Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities .. --------------------------------------------- https://isc.sans.edu/diary/Apple+Patches+Everything+Again/32448

∗∗∗ Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand ∗∗∗ --------------------------------------------- Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/scattered-la...

∗∗∗ Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks ∗∗∗ --------------------------------------------- Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain .. --------------------------------------------- https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.htm...

∗∗∗ Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep ∗∗∗ --------------------------------------------- Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million).According to a statement released by Eurojust today, the .. --------------------------------------------- https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html

∗∗∗ Chinas president Xi Jinping jokes about backdoors in Xiaomi smartphones ∗∗∗ --------------------------------------------- South Koreas president laughed, so perhaps it was funny? Unlike Chinas censorship and snooping Chinese president Xi Jinping has joked that smartphones from Xiaomi might include backdoors. --------------------------------------------- https://www.theregister.com/2025/11/04/chinas_president_xi_jinping_jokes/

∗∗∗ Russland verhindert 2-Faktor-SMS für Telegram und Whatsapp ∗∗∗ --------------------------------------------- Der Kreml will Informationskontrolle. SMS- und Telefonanruf-Blockaden sollen Whatsapp und Telegram aushungern. --------------------------------------------- https://www.heise.de/news/Russland-verhindert-2-Faktor-SMS-fuer-Telegram-und...

∗∗∗ Patchday: Kritische Schadcode-Lücke in Android 13, 14, 15, 16 geschlossen ∗∗∗ --------------------------------------------- Angreifer können Geräte mit Android attackieren und im schlimmsten Fall Schadcode ausführen. Sicherheitsupdates schaffen Abhilfe. --------------------------------------------- https://www.heise.de/news/Patchday-Kritische-Schadcode-Luecke-in-Android-13-...

∗∗∗ Rückerstattung und abgelaufene ID: Doppelte Phishing-Welle im Namen von FinanzOnline ∗∗∗ --------------------------------------------- Eine aktuell massenhaft versendete E-Mail im Namen von FinanzOnline verspricht eine üppige Mehrwertsteuerrückerstattung. Knapp 300 Euro warten angeblich. Tatsächlich haben es die Kriminellen auf Zugangsdaten zum Online-Banking und das Geld ihrer Opfer abgesehen. Daneben kursieren vermehrt die klassischen Fake-SMS, die vor einem Ablauf des FinanzOnline-Zugangs warnen. --------------------------------------------- https://www.watchlist-internet.at/news/mehrwertsteuer-phishing-finanzonline/

∗∗∗ Millionen für Abhörsysteme: EU förderte offenbar massiv die Spyware-Industrie ∗∗∗ --------------------------------------------- In Reaktion auf einen aktuellen Bericht meldeten sich 39 Mitglieder des Europäischen Parlaments "tief besorgt". Man wolle die Vergabe an fragwürdige Unternehmen nun prüfen --------------------------------------------- https://www.derstandard.at/story/3000000294846/millionen-fuer-abhoersysteme-...

∗∗∗ Cargo theft gets a boost from hackers using remote monitoring tools ∗∗∗ --------------------------------------------- Cybersecurity researchers have been tracking thieves who are using their deep knowledge of trucking and transportation technology to steal cargo. --------------------------------------------- https://therecord.media/cargo-theft-hackers-remote-monitoring-tools

∗∗∗ More than $100 million stolen in exploit of Balancer DeFi protocol ∗∗∗ --------------------------------------------- Hackers pilfered millions of dollars worth of cryptocurrency on Monday from the decentralized finance protocol Balancer. --------------------------------------------- https://therecord.media/crypto-heist-balancer-exploit

∗∗∗ CyberSlop — meet the new threat actor, MIT and Safe Security ∗∗∗ --------------------------------------------- Cybersecurity vendors peddling nonsense isn’t new, but lately we have a new dimension — Generative AI. This has allowed vendors — and educators — to peddle cyberslop for profit. --------------------------------------------- https://doublepulsar.com/cyberslop-meet-the-new-threat-actor-mit-and-safe-se...

∗∗∗ PHP Cryptomining Campaign: October/November 2025 ∗∗∗ ---------------------------------------------

From Aug–Oct 2025, GreyNoise observed a surge in exploitation attempts against PHP and PHP-based frameworks as attackers deployed cryptominers—driven by rising Bitcoin prices and higher mining payoffs.

--------------------------------------------- https://www.greynoise.io/blog/php-cryptomining-campaign

∗∗∗ Für Entkriminalisierung: BSI-Chefin fordert Überarbeitung des Hackerparagrafen ∗∗∗ --------------------------------------------- Die Präsidentin des Bundesamts für Sicherheit in der Informationstechnik hat Änderungen am Hackerparagrafen gefordert. Unterstützung kommt aus der Opposition. --------------------------------------------- https://heise.de/-11044176

===================== = Vulnerabilities = =====================

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dcmtk, geographiclib, gimp, pure-ftpd, and ruby-rack), Fedora (dotnet9.0), Oracle (expat, kernel, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (git, mariadb:10.5, multiple packages, osbuild-composer, pcs, sssd, and tigervnc), SUSE (kernel and redis), and Ubuntu (google-guest-agent). --------------------------------------------- https://lwn.net/Articles/1044949/