===================== = End-of-Day report = =====================

Timeframe: Freitag 30-05-2025 18:00 − Montag 02-06-2025 18:00 Handler: Guenes Holler Co-Handler: n/a

===================== = News = =====================

∗∗∗ Exploit details for max severity Cisco IOS XE flaw now public ∗∗∗ --------------------------------------------- Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-details-for-max-sever...

∗∗∗ Deutscher Rüstungskonzern: Cybergang leakt interne Daten von Rheinmetall ∗∗∗ --------------------------------------------- Der deutsche Rüstungskonzern Rheinmetall ist offenbar Ziel einer Cyberattacke geworden, bei der vertrauliche Daten in die Hände der Angreifer gelangt sind. Die Hackergruppe Babuk2 hatte Rheinmetall schon am 4. April auf ihre Datenleckseite aufgenommen. Jetzt berichtete Tagesschau.de, dass auch die Datenschutzbehörde NRW sowie das Bundesamt für Sicherheit in der Informationstechnik über den Vorfall informiert worden seien. --------------------------------------------- https://www.golem.de/news/deutscher-ruestungskonzern-cybergang-leakt-interne...

∗∗∗ Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions ∗∗∗ --------------------------------------------- Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. --------------------------------------------- https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.ht...

∗∗∗ Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump ∗∗∗ --------------------------------------------- A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs — believed to have raked in billions from companies, hospitals, and individuals worldwide. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/05/31/gangexposed_c...

∗∗∗ RCEs and more in the KUNBUS GmbH Revolution Pi PLC ∗∗∗ --------------------------------------------- We found four vulnerabilities by downloading and extracting Revolution Pi’s latest firmware version (01/2025). We didn’t even need to buy the device, although one would look great on our ICS demo rig! All were found with static code analysis but demonstrated by installing the firmware to a standard Raspberry Pi. --------------------------------------------- https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gm...

∗∗∗ The remote desktop puzzle. DFIR techniques for dealing with RDP Bitmap Cache ∗∗∗ --------------------------------------------- A lot of people are aware of RDP and what its functions are. It’s known for providing remote access and making life easier for administrators and users. With that comes insight for forensic investigators, regarding the ‘bitmap cache’. This is often overlooked, but when analysed correctly can provide some great understanding about what’s happened on a system. --------------------------------------------- https://www.pentestpartners.com/security-blog/the-remote-desktop-puzzle-dfir...

∗∗∗ LOLCLOUD - Azure Arc - C2aaS ∗∗∗ --------------------------------------------- Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases. --------------------------------------------- https://blog.zsec.uk/azure-arc-c2aas/

===================== = Vulnerabilities = =====================

∗∗∗ New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora ∗∗∗ --------------------------------------------- Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. --------------------------------------------- https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

∗∗∗ 2025-06-02: Cyber Security Advisory - ELSB/Home Solutions Outdated SW Components in ABB Welcome IP-Gateway ∗∗∗ --------------------------------------------- An attacker who successfully exploits these vulnerabilities could potentially gain unauthorized access and potentially compromise the system's - and log-file - confidentiality, integrity and availability. --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A8948&...

∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (espeak-ng, kitty, kmail-account-wizard, krb5, libreoffice, libvpx, net-tools, python-flask-cors, symfony, tcpdf, thunderbird, and twitter-bootstrap3), Fedora (chromium, dropbear, firefox, gstreamer1-plugins-bad-free, python-tornado, systemd, and thunderbird), Mageia (coreutils, deluge, glib2.0, and redis), Oracle (firefox, kernel, and systemd), Red Hat (firefox, kernel, kernel-rt, varnish, varnish:6, and zlib), SUSE (bind, curl, dnsdist, docker, ffmpeg-7, firefox, glibc, golang-github-prometheus-alertmanager, govulncheck-vulndb, icinga2, iputils, java-11-openjdk, java-1_8_0-ibm, kea, kernel, libopenssl-3-devel, libsoup, libxml2, nodejs-electron, open-vm-tools, openbao, perl-Net-Dropbox-API, pluto, poppler, postgresql14, postgresql15, postgresql16, postgresql17, python312-setuptools, runc, s390-tools, skopeo, sqlite3, thunderbird, and unbound), and Ubuntu (apport and libphp-adodb). --------------------------------------------- https://lwn.net/Articles/1023501/

∗∗∗ Multiple vulnerabilities in wivia 5 ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN51394666/