===================== = End-of-Day report = =====================
Timeframe: Dienstag 17-06-2025 18:00 − Mittwoch 18-06-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Cybersecurity takes a big hit in new Trump executive order ∗∗∗ --------------------------------------------- Cybersecurity practitioners are voicing concerns over a recent executive order issued by the White House that guts requirements for: securing software the government uses, punishing people who compromise sensitive networks, preparing new encryption schemes that will withstand attacks from quantum computers, and other existing controls. --------------------------------------------- https://arstechnica.com/security/2025/06/cybersecurity-take-a-big-hit-in-new...
∗∗∗ Instagram BMO ads use AI deepfakes to scam banking customers ∗∗∗ --------------------------------------------- Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others use official branding to drive traffic outside of the platform to lookalike illicit domains that are not affiliated with banks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/instagram-bmo-ads-use-ai-deep...
∗∗∗ Schutz vor Cyberangriffen: Der Iran nimmt sich selbst vom Netz ∗∗∗ --------------------------------------------- Der Iran schränkt seine Verbindung zum weltweiten Internet offenbar gezielt ein, um sich infolge des seit dem 13. Juni andauernden israelisch-iranischen Krieges vor möglichen Cyberattacken aus Israel zu schützen. Zunächst wurde lediglich die Geschwindigkeit gedrosselt. Einem X-Beitrag von Netblocks zufolge ist der Datenverkehr des Iran innerhalb kürzester Zeit um 75 Prozent zurückgegangen. --------------------------------------------- https://www.golem.de/news/schutz-vor-cyberangriffen-der-iran-nimmt-sich-selb...
∗∗∗ LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. --------------------------------------------- https://thehackernews.com/2025/06/langchain-langsmith-bug-let-hackers.html
∗∗∗ Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor ∗∗∗ --------------------------------------------- A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3). --------------------------------------------- https://thehackernews.com/2025/06/google-chrome-zero-day-cve-2025-2783.html
∗∗∗ Exploring Netstalking – Mapping the Hidden Corners of the Internet ∗∗∗ --------------------------------------------- Netstalking is the art of exploring little-known, rarely visited parts of the internet—ranging from forgotten photo archives and open surveillance cameras to defunct servers and prototype systems—using techniques like IP scanning, deep web search, and network archaeology. The activity originated in 2009 among Russian internet subcultures and draws its name from the “S.T.A.L.K.E.R.” mythos. --------------------------------------------- https://www.darknet.org.uk/2025/06/exploring-netstalking-mapping-the-hidden-...
∗∗∗ Minecraft Players Targeted in Sophisticated Malware Campaign ∗∗∗ --------------------------------------------- This campaign reminds us that even the most familiar digital spaces can become a playground for cyber criminals. By disguising malware as Minecraft mods, attackers were able to quietly target an engaged and unsuspecting user base with a multistage, Java-based infection chain. Because these files often appear harmless and can slip past traditional defenses, any Minecraft player is at risk. --------------------------------------------- https://blog.checkpoint.com/research/minecraft-players-targeted-in-sophistic...
∗∗∗ Scattered Spider hackers targeting insurance industry following retail hits, Google warns ∗∗∗ --------------------------------------------- A group of hackers behind a recent string of attacks on retail stores in the U.K. and U.S. has shifted its focus to insurance firms in recent days, according to cybersecurity researchers. --------------------------------------------- https://therecord.media/scattered-spider-targeting-insurance-sector-followin...
∗∗∗ When legitimate tools go rogue ∗∗∗ --------------------------------------------- Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders. --------------------------------------------- https://blog.talosintelligence.com/when-legitimate-tools-go-rogue/
∗∗∗ CVE Trends to Watch: Real-World Risks to Telecom and Professional Services ∗∗∗ --------------------------------------------- Between 2023-2025, there was a 38% increase in CVEs. Learn which industry sectors have seen the highest levels of CVEs, & which CVEs had the highest impact. --------------------------------------------- https://www.bitsight.com/blog/cve-trends-by-sector
∗∗∗ Achtstellige Passwörter unzureichend: Datenschutzstrafe für Genfirma 23andme ∗∗∗ --------------------------------------------- 2023 wurden fast 7 Millionen Datensätze von Kunden 23andmes im Darknet feilgeboten. Großbritannien verhängt eine Millionenstrafe. --------------------------------------------- https://heise.de/-10450679
∗∗∗ AMD stopft Sicherheitslecks in Krypto-Coprozessor und TPM ∗∗∗ --------------------------------------------- AMD hat im Juni aktualisierte Firmware veröffentlicht, die teils hochriskante Sicherheitslücken in den Prozessoren schließt. Betroffen sind etwa die Krypto-Coprozessoren sowie das Firmware-TPM moderner Ryzen- und zum Teil auch der abgespeckten Athlon-CPUs. --------------------------------------------- https://heise.de/-10451026
∗∗∗ Malvertising: Bösartige Werbung schiebt Anbieterseiten falsche Nummern unter ∗∗∗ --------------------------------------------- Betrüger schieben mit Werbelinks in Suchergebnissen echten Anbieterseiten falsche Telefonnummern unter, warnen IT-Sicherheitsforscher. --------------------------------------------- https://heise.de/-10451518
∗∗∗ 2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain ∗∗∗ --------------------------------------------- An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments. --------------------------------------------- https://socket.dev/blog/2025-blockchain-and-cryptocurrency-threat-report?utm...
∗∗∗ libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden ∗∗∗ --------------------------------------------- Libxml2’s solo maintainer drops embargoed security fixes, highlighting the burden on unpaid volunteers who keep critical open source software secure. --------------------------------------------- https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-repo...
===================== = Vulnerabilities = =====================
∗∗∗ BeyondTrust warns of pre-auth RCE in Remote Support software ∗∗∗ --------------------------------------------- BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-pre-auth...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gst-plugins-bad1.0, konsole, and libblockdev), Oracle (buildah, containernetworking-plugins, gimp, git-lfs, gvisor-tap-vsock, kernel, libvpx, podman, and skopeo), Red Hat (apache-commons-beanutils and thunderbird), Slackware (xorg), SUSE (gdm, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, govulncheck-vulndb, grafana, kernel, Multi-Linux Manager, Multi-Linux Manager Client Tools, openssl-3, pam, python-cryptography, python-requests, python-setuptools, python3-requests, SUSE Manager Server, systemd, ucode-intel, xorg-x11-server, and xwayland), and Ubuntu (dwarfutils, mujs, node-katex, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, and xorg-server, xwayland). --------------------------------------------- https://lwn.net/Articles/1025862/
∗∗∗ Citrix Netscaler ADC: Kritische Sicherheitslücken dringend fixen ∗∗∗ --------------------------------------------- Von den Schwachstellen sind die NetScaler ADC- und Gateway-Versionen 14.1 vor 14.1-43.56, 13.1 vor 13.1-58.32 sowie diverse FIPS-Varianten betroffen. Wichtig: Ältere Versionen (12.1 und 13.0) sind End-of-Life (EOL) und erhalten keine Sicherheitsupdates mehr. Von Citrix ist die empfohlene Maßnahme ein umgehendes Update auf die gepatchten Versionen (z.B. 14.1-43.56, 13.1-58.32). Nach dem Update sollten alle aktiven ICA- und PCoIP-Sitzungen auf allen NetScaler-Appliances beendet werden, um eine vollständige Absicherung zu gewährleisten. --------------------------------------------- https://www.borncity.com/blog/2025/06/18/citrix-netscaler-adc-kritische-sich...
∗∗∗ CISA Releases Five Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released five Industrial Control Systems (ICS) advisories on June 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-releases-five-indust...
∗∗∗ CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386. The vulnerability, which carries a CVSS score of 7.8, is categorized as a Linux Kernel Privilege Escalation flaw. It stems from improper ownership management within the Linux kernel’s OverlayFS subsystem. If exploited successfully, attackers can escalate privileges on affected systems, gain unauthorized access, and potentially execute arbitrary code with elevated rights. --------------------------------------------- https://thecyberexpress.com/cisa-warns-cve-2023-0386-linux-vulnerability/
∗∗∗ Windows 11: Out-of-Band-Update KB5063060 mit Error 0x800f0818 / 0x80070306 ∗∗∗ --------------------------------------------- Noch ein kurzer Nachtrag zu den im Juni 2025 veröffentlichten Sicherheitsupdates für Windows 10 und Windows 11. Diese verursachen bei manchen Anwendern diverse Probleme. So wirft das zum 11. Juni 2025 nachgeschobene Out-of-Band-Update KB5063060 bei manchen Nutzern den Installationsfehler 0x800f0818 oder 0x80070306. --------------------------------------------- https://www.borncity.com/blog/2025/06/18/windows-11-out-of-band-update-kb506...
∗∗∗ Chrome for Android Update ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/06/chrome-for-android-update_17.ht...
∗∗∗ LS Electric GMWin 4 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-02
∗∗∗ Dover Fueling Solutions ProGauge MagLink LX Consoles ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05
∗∗∗ Fuji Electric Smart Editor ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04