===================== = End-of-Day report = =====================
Timeframe: Donnerstag 20-11-2025 18:00 − Freitag 21-11-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ ‘Matrix Push’ C2 Tool Hijacks Browser Notifications for Phishing ∗∗∗ --------------------------------------------- Have you ever given two seconds of thought to a browser notification? No? Thats what hackers are counting on. --------------------------------------------- https://www.darkreading.com/threat-intelligence/matrix-push-c2-tool-hijacks-...
∗∗∗ Schutz vor Betrug: Wo bleibt Österreichs SMS-Firewall? ∗∗∗ --------------------------------------------- Beim angekündigten Schutzmechanismus gegen Phishing-SMS hat sich offenbar kaum etwas getan. --------------------------------------------- https://futurezone.at/netzpolitik/sms-firewall-oesterreich-spamnachrichten-p...
∗∗∗ ToddyCat: your hidden email assistant. Part 1 ∗∗∗ --------------------------------------------- Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook. --------------------------------------------- https://securelist.com/toddycat-apt-steals-email-data-from-outlook/118044/
∗∗∗ Fired techie admits sabotaging ex-employer, causing $862K in damage ∗∗∗ --------------------------------------------- PowerShell script locked thousands of workers out of their accounts An Ohio IT contractor has pleaded guilty to breaking into his former employers systems and causing nearly $1 million worth of damage after being fired. --------------------------------------------- https://www.theregister.com/2025/11/20/it_contractor_sabotage/
∗∗∗ LLM-generated malware is improving, but dont expect autonomous attacks tomorrow ∗∗∗ --------------------------------------------- Researchers tried to get ChatGPT to do evil, but it didnt do a good job LLMs are getting better at writing malware - but theyre still not ready for prime time. --------------------------------------------- https://www.theregister.com/2025/11/20/llmgenerated_malware_improving/
∗∗∗ Virenscanner ClamAV: Große Aufräumaktion der Entwickler angekündigt ∗∗∗ --------------------------------------------- Entrümpelung beim Virenscanner ClamAV: Cisco lässt die Entwickler alte Signaturen rauswerfen, auch alte Docker-Images müssen gehen. --------------------------------------------- https://www.heise.de/news/Virenscanner-ClamAV-Entwickler-starten-Entruempelu...
∗∗∗ Budget Samsung phones shipped with unremovable spyware, say researchers ∗∗∗ --------------------------------------------- Samsung is under fire again for shipping phones in parts of the world with a hidden system app, AppCloud, that users can’t easily remove. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/11/budget-samsung-phones-shipped...
∗∗∗ Vorsicht vor Fake-Shops rund um den Black Friday ∗∗∗ --------------------------------------------- Der Black Friday steht vor der Tür und viele Online-Händler locken bereits jetzt mit großzügigen Rabatten. Doch Sparfüchse sollten vor einer Bestellung genau hinsehen, denn auch betrügerische Shops versuchen, von der erhöhten Kauflaune zu profitieren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fake-shops-rund-um-den-b...
∗∗∗ NIS2: Gesetz für mehr Cybersicherheit ist auf dem Weg ∗∗∗ --------------------------------------------- Die Regierung holt ein Versäumnis nach: Das Gesetz hätte schon vor einem Jahr beschlossen werden sollen --------------------------------------------- https://www.derstandard.at/story/3000000297503/nis2-gesetz-fuer-mehr-cybersi...
∗∗∗ Inside Europe’s AI-Fuelled GLP-1 Scam Epidemic: How Criminal Networks Are Hijacking the Identities of the NHS, AEMPS, ANSM, BfArM and AIFA to Sell Fake Weight-Loss Products ∗∗∗ --------------------------------------------- The global appetite for GLP-1 medications like Ozempic, Wegovy and Mounjaro have created something far more dangerous than a cultural trend. It has created the perfect opening for cyber criminals who understand how desperation, scarcity and online misinformation intersect. As clinics struggle with shortages and manufacturers warn of supply limits extending .. --------------------------------------------- https://blog.checkpoint.com/research/inside-europes-ai-fuelled-glp-1-scam-ep...
∗∗∗ Stolen VPN Credentials Most Common Ransomware Attack Vector ∗∗∗ --------------------------------------------- Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN credentials as the initial access point, according to research from Beazley Security, the cybersecurity arm of Beazley Insurance. Nearly a quarter of initial access .. --------------------------------------------- https://thecyberexpress.com/stolen-vpn-credentials-most-common-ransomware-at...
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-25-885: (0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-885/
∗∗∗ CVE-2025-50165: Critical Flaw in Windows Graphics Component ∗∗∗ --------------------------------------------- https://www.zscaler.com/blogs/security-research/cve-2025-50165-critical-flaw...