===================== = End-of-Day report = =====================

Timeframe: Dienstag 19-08-2025 18:00 − Mittwoch 20-08-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

===================== = News = =====================

∗∗∗ PyPI now blocks domain resurrection attacks used for hijacking accounts ∗∗∗ --------------------------------------------- The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pypi-now-blocks-domain-resurr...

∗∗∗ Hackers steal Microsoft logins using legitimate ADFS redirects ∗∗∗ --------------------------------------------- Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-steal-microsoft-login...

∗∗∗ Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts ∗∗∗ --------------------------------------------- Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a .. --------------------------------------------- https://thehackernews.com/2025/08/experts-find-ai-browsers-can-be-tricked.ht...

∗∗∗ Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in ∗∗∗ --------------------------------------------- Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers. --------------------------------------------- https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/

∗∗∗ Commvault: Hochriskante Lücke ermöglicht Einschleusen von Schadcode ∗∗∗ --------------------------------------------- In der Backup-Software Commvault können Angreifer Sicherheitslücken missbrauchen, um etwa Schadcode einzuschleusen. Updates stehen bereit. --------------------------------------------- https://www.heise.de/news/Commvault-Hochriskante-Luecke-ermoeglicht-Einschle...

∗∗∗ Infoniqa-IT-Vorfall: Cyberbande will umfangreich Daten kopiert haben ∗∗∗ --------------------------------------------- Vergangene Woche wurde ein IT-Vorfall bei HR-Softwareanbieter Infoniqa bekannt. Nun behauptet eine Cybergang Daten kopiert zu haben. --------------------------------------------- https://www.heise.de/news/Infoniqa-IT-Vorfall-Cyberbande-will-umfangreich-Da...

∗∗∗ Impressumsdiebstahl und funktionierende Links: Vorsicht vor besonders ausgeklügelten Fake-Shops! ∗∗∗ --------------------------------------------- Je mehr Aufwand Kriminelle bei der Nachahmung eines Online-Shops betreiben, desto schwieriger ist es, den Betrug zu erkennen. In einem aktuellen Fall nutzen sie nicht nur reale Impressumsdaten, sondern verlinken von ihren Fake-Shops aus zusätzlich zur echten Website und auf die echten Social-Media-Profile des Unternehmens. Woran sich die Falle dennoch relativ einfach erkennen lässt. --------------------------------------------- https://www.watchlist-internet.at/news/besonders-ausgekluegelte-fake-shops/

∗∗∗ Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts ∗∗∗ --------------------------------------------- The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.” --------------------------------------------- https://therecord.media/belgian-telecom-says-cyberattack-compromised-data-on...

∗∗∗ Feds charge alleged administrator of ‘sophisticated’ Rapper Bot botnet ∗∗∗ --------------------------------------------- A 22-year-old Oregon man has been charged with running a powerful botnet-for-hire service used to launch hundreds of thousands of cyberattacks worldwide, the U.S. Justice Department said. --------------------------------------------- https://therecord.media/feds-charge-botnet-admin

∗∗∗ Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices ∗∗∗ --------------------------------------------- A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. --------------------------------------------- https://blog.talosintelligence.com/static-tundra/

∗∗∗ Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware ∗∗∗ --------------------------------------------- Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html

∗∗∗ A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor ∗∗∗ --------------------------------------------- Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest on the most intriguing compromises we are seeing in the wild right now, equipping our community to understand and respond to the most compelling threats we observe. This edition dissects an infection involving two threat groups, UNC5518 and UNC5774, leading to the deployment of .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake...

∗∗∗ Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault ∗∗∗ --------------------------------------------- We’re back, and we’ve finished telling everyone that our name was on the back of Phrack!!!!1111 Whatever, nerds.Today, were back to scheduled content. Like our friendly neighbourhood ransomware gangs and APT groups, weve continued to spend .. --------------------------------------------- https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-...

∗∗∗ Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers ∗∗∗ --------------------------------------------- At DEF CON 33, Czech Republic based security researcher Marek Tóth, unveiled a series of unpatched zero-day clickjacking security vulnerabilities impacting the browser-based plugins for a wide range of password managers including: 1Password, Bitwarden, Dashlane, Enpass, iCloud Passwords, Keeper, LastPass, LogMeOnce, NordPass, ProtonPass, and .. --------------------------------------------- https://socket.dev/blog/password-manager-clickjacking

∗∗∗ Marshal madness: A brief history of Ruby deserialization exploits ∗∗∗ --------------------------------------------- This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope approaches. --------------------------------------------- https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-r...

===================== = Vulnerabilities = =====================

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk), Fedora (firefox and libarchive), Red Hat (python3.11-setuptools and python3.12-setuptools), Slackware (mozilla), SUSE (apache2-mod_security2, cairo-devel, cflow, docker, glibc, go1.25, govulncheck-vulndb, gstreamer-0_10-plugins-base, jq, kernel, libarchive, libssh, libxslt, openbao, python-urllib3, systemd, and xz), and Ubuntu (apache2, libssh, libxml2, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, .. --------------------------------------------- https://lwn.net/Articles/1034546/