===================== = End-of-Day report = =====================

Timeframe: Donnerstag 21-08-2025 18:00 − Freitag 22-08-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

===================== = News = =====================

∗∗∗ Dev gets 4 years for creating kill switch on ex-employers systems ∗∗∗ --------------------------------------------- A software developer has been sentenced to four years in prison for sabotaging his ex-employers Windows network with custom malware and a kill switch that locked out employees when his account was disabled. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating...

∗∗∗ Fake Mac fixes trick users into installing new Shamos infostealer ∗∗∗ --------------------------------------------- A new infostealer malware targeting Mac devices, called Shamos, is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-mac-fixes-trick-users-in...

∗∗∗ Trotz Rolling Code: Inoffizielle Flipper-Zero-Firmware soll Autos knacken ∗∗∗ --------------------------------------------- Ein russischer Akteur verkauft eine eigene Firmware für den Flipper Zero. Selbst neueste Autos gängiger Marken sollen sich damit entriegeln lassen. --------------------------------------------- https://www.golem.de/news/trotz-rolling-code-inoffizielle-flipper-zero-firmw...

∗∗∗ Think before you Click(Fix): Analyzing the ClickFix social engineering technique ∗∗∗ --------------------------------------------- The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-cl...

∗∗∗ Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts ∗∗∗ --------------------------------------------- Remote work policies designed to attract top talent are becoming security vulnerabilities as state-sponsored hackers seek employment at cryptocurrency firms. Coinbase has implemented mandatory in-person orientation and US citizenship requirements for sensitive roles after detecting North Korean IT workers attempting to infiltrate the company .. --------------------------------------------- https://slashdot.org/story/25/08/22/1515238/coinbase-reverses-remote-first-p...

∗∗∗ Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.The "Linux-specific malware infection chain that starts with a spam email with a malicious .. --------------------------------------------- https://thehackernews.com/2025/08/linux-malware-delivered-via-malicious.html

∗∗∗ Interpol bags 1,209 suspects, $97M in cybercrime operation focused on Africa ∗∗∗ --------------------------------------------- Crypto mines, BEC scams, fake passports, and a $300M fraud empire allegedly brought down during Serengeti 2.0 Interpols latest clampdown on cybercrime resulted in 1,209 arrests across the African continent, from ransomware crooks to business .. --------------------------------------------- https://www.theregister.com/2025/08/22/interpol_serengeti_20/

∗∗∗ KI-Assistent: Microsofts Copilot verfälschte monatelang Zugriffsprotokolle ∗∗∗ --------------------------------------------- Fragte man den virtuellen Copilot etwa nach Dokumenten-Zusammenfassungen, unterschlug er mitunter seine Zugriffe. Microsoft verschwieg das Problem. --------------------------------------------- https://www.heise.de/news/KI-Assistent-Microsofts-Copilot-verfaelschte-monat...

∗∗∗ Electronics manufacturer Data I/O reports ransomware attack to SEC ∗∗∗ --------------------------------------------- The tech manufacturer Data I/O reported a ransomware attack to federal regulators, writing that the incident has taken down critical operational systems. --------------------------------------------- https://therecord.media/electronics-manufacturer-dataio-ransomware

∗∗∗ AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack ∗∗∗ --------------------------------------------- The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores .. --------------------------------------------- https://hackread.com/ai-browsers-trick-paying-fake-stores-promptfix-attack/

∗∗∗ AUR Chaos malware: an analysis ∗∗∗ --------------------------------------------- Recently, an incident involving malware in the AUR made the headlines. I read a lot of things around this topic, both right and wrong, and sometimes misleading. I was involved in the incident handling I chose to write this blog post, not only for transparency but also for laying down what I learned both during and .. --------------------------------------------- https://www.mh4ckt3mh4ckt1c4s.xyz/blog/aur-chaos-malware-analysis/

===================== = Vulnerabilities = =====================

∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (tomcat), Debian (squid), Fedora (matrix-synapse, rust-slab, socat, and webkitgtk), SUSE (firefox-esr, gdk-pixbuf, gdk-pixbuf-devel, govulncheck-vulndb, rust-keylime, and wicked2nm), and Ubuntu (linux-nvidia, linux-oracle, linux-oracle-6.8, php7.0, php7.2, php7.4, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and ruby-webrick). --------------------------------------------- https://lwn.net/Articles/1034755/