===================== = End-of-Day report = =====================

Timeframe: Dienstag 15-04-2025 18:00 − Mittwoch 16-04-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

===================== = News = =====================

∗∗∗ Mehrere FortiGate-Modelle von Backdoor betroffen ∗∗∗ --------------------------------------------- Am Freitag, den 10. April, veröffentlichte Fortinet Informationen über eine weltweite Kompromittierung von FortiGate-Geräten, die Angreifer:innen dauerhaften lesenden Zugriff ermöglichten. Die Angreifer:innen nutzten offenbar drei bekannte Schwachstellen in der SSL-VPN-Funktion, um sich Zugang zu den Geräten zu verschaffen, und eine Hintertür im Dateisystem zu platzieren um den illegalen Zugriff nachhaltig zu ermöglichen. [..] Alle FortiGate-Geräte, physisch oder virtuell, die die SSL-VPN-Funktion aktiviert haben oder hatten und jemals für eine der genannten Schwachstellen anfällig waren (siehe betroffene FortiOS-Versionen in den Advisories - 1, 2, 3), sind potenziell gefährdet. --------------------------------------------- https://www.cert.at/de/blog/2025/4/mehrere-fortigate-modelle-von-backdoor-be...

∗∗∗ CISA extends funding to ensure no lapse in critical CVE services ∗∗∗ --------------------------------------------- CISA says the U.S. government has extended MITREs funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensur...

∗∗∗ Quellcode und Daten geleakt: 4chan nach mutmaßlichem Hackerangriff offline ∗∗∗ --------------------------------------------- 4chan hat offenbar den Unmut einer Konkurrenzplattform auf sich gezogen. Dort kursieren Screenshots von internen Tools, Datenbanken, E-Mail-Listen und mehr. --------------------------------------------- https://www.golem.de/news/quellcode-und-daten-geleakt-4chan-nach-mutmasslich...

∗∗∗ Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 ∗∗∗ --------------------------------------------- This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. --------------------------------------------- https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal...

∗∗∗ CrazyHunter Campaign Targets Taiwanese Critical Sectors ∗∗∗ --------------------------------------------- This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwans essential services. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html

===================== = Vulnerabilities = =====================

∗∗∗ Oracle Critical Patch Update Advisory - April 2025 ∗∗∗ --------------------------------------------- A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. --------------------------------------------- https://www.oracle.com/security-alerts/cpuapr2025.html

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and quickjs). --------------------------------------------- https://lwn.net/Articles/1017670/

∗∗∗ CISA Releases Nine Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-25-105-01 Siemens Mendix Runtime, ICSA-25-105-02 Siemens Industrial Edge Device Kit, ICSA-25-105-03 Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX, ICSA-25-105-04 Growatt Cloud Applications, ICSA-25-105-05 Lantronix Xport, ICSA-25-105-06 National Instruments LabVIEW, ICSA-25-105-07 Delta Electronics COMMGR, ICSA-25-105-08 ABB M2M Gateway, ICSA-25-105-09 Mitsubishi Electric Europe B.V. smartRTU --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-indust...

∗∗∗ Mozilla: Security Vulnerabilities fixed in Thunderbird ESR 128.9.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/

∗∗∗ Mozilla: Security Vulnerabilities fixed in Thunderbird 137.0.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/

∗∗∗ Webbrowser: Kritische Sicherheitslücke in Chrome abgedichtet ∗∗∗ --------------------------------------------- https://heise.de/-10354575