===================== = End-of-Day report = =====================

Timeframe: Montag 14-04-2025 18:00 − Dienstag 15-04-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer

===================== = News = =====================

∗∗∗ New ResolverRAT malware targets pharma and healthcare orgs worldwide ∗∗∗ --------------------------------------------- A new remote access trojan (RAT) called ResolverRAT is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targe...

∗∗∗ Sicherheitspatches: Google beendet Unterstützung von Android 12 ∗∗∗ --------------------------------------------- Android 12 ist im Jahr 2025 noch die dritthäufigste Android-Version auf dem Markt - Google stellt nun die Versorgung mit Patches ein. --------------------------------------------- https://www.golem.de/news/sicherheitspatches-google-beendet-unterstuetzung-v...

∗∗∗ Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability ∗∗∗ --------------------------------------------- A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks. It has been addressed in CentreStack version 16.4.10315.56368 released on April 3, 2025. --------------------------------------------- https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.ht...

∗∗∗ Verkehrskunde und Krankheiten: Wenn Betrüger:innen Kinder als Lockmittel einsetzen ∗∗∗ --------------------------------------------- Ein Herz für Kinder – genau auf dieses haben es Kriminelle immer wieder abgesehen. Sie versenden E-Mails und bitten darin um Spenden für die Produktion von Büchern. Diese sollen Kindergärten, Kinderkliniken und anderen entsprechenden Einrichtungen kostenlos zur Verfügung gestellt werden. Ein an sich nobles Vorhaben. In Wahrheit aber nichts andere als eine besonders dreiste und unappetitliche Betrugsmasche. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerinnen-kinder-als-lockmittel/

∗∗∗ Renewed APT29 Phishing Campaign Against European Diplomats ∗∗∗ --------------------------------------------- Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed to APT29, a Russia linked threat group. --------------------------------------------- https://research.checkpoint.com/2025/apt29-phishing-campaign/

∗∗∗ Android-Smartphones starten sich nach 3 Tagen Inaktivität von selbst neu ∗∗∗ --------------------------------------------- Wie iPhones unter iOS 18 starten sich Android-Smartphones künftig nach 72 Stunden der Inaktivität von selbst neu. Damit soll die allgemeine Sicherheit erhöht und nicht die Polizei geärgert werden. --------------------------------------------- https://heise.de/-10352891

===================== = Vulnerabilities = =====================

∗∗∗ Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence ∗∗∗ --------------------------------------------- A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4. --------------------------------------------- https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (glibc), Red Hat (kernel and kernel-rt), Slackware (perl), SUSE (haproxy, kernel, and webkit2gtk3), and Ubuntu (cimg, perl, protobuf, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/1017514/

∗∗∗ Vulnerability in FileSender versions 2.15 through 2.50 ∗∗∗ --------------------------------------------- https://filesender.org/vulnerability-in-filesender-versions-2-15-through-2-5...

∗∗∗ Mozilla: Security vulnerability fixed in Firefox 137.0.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-25/

∗∗∗ f5: K000150814: BIND vulnerability CVE-2024-11187 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000150814