===================== = End-of-Day report = =====================
Timeframe: Montag 30-06-2025 18:00 − Dienstag 01-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Root-Zugriff für alle: Kritische Sudo-Lücke gefährdet unzählige Linux-Systeme ∗∗∗ --------------------------------------------- Forscher haben eine gefährliche Sicherheitslücke im Kommandozeilentool Sudo entdeckt. Angreifer können mit wenig Aufwand Root-Rechte erlangen. --------------------------------------------- https://www.golem.de/news/root-zugriff-fuer-alle-kritische-sudo-luecke-gefae...
∗∗∗ Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations ∗∗∗ --------------------------------------------- Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-...
∗∗∗ Vulnerability & Patch Roundup — June 2025 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website .. --------------------------------------------- https://blog.sucuri.net/2025/06/vulnerability-patch-roundup-june-2025.html
∗∗∗ U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure ∗∗∗ --------------------------------------------- U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists .. --------------------------------------------- https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html
∗∗∗ OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors ∗∗∗ --------------------------------------------- Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsofts ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas .. --------------------------------------------- https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html
∗∗∗ Terrible tales of opsec oversights: How cybercrooks get themselves caught ∗∗∗ --------------------------------------------- The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that. --------------------------------------------- https://www.theregister.com/2025/07/01/terrible_tales_of_opsec_oversights/
∗∗∗ Überwachungskameras aus China: Kanada ordnet Schließung von Hikvision Canada an ∗∗∗ --------------------------------------------- Hikvision kommt aus China und verkauft Überwachungstechnik. Seit Jahren gibt es Kritik an dem Konzern. Nun lässt Kanada den dortigen Ableger schließen. --------------------------------------------- https://www.heise.de/news/Ueberwachungskameras-aus-China-Kanada-ordnet-Schli...
∗∗∗ Webbrowser Chrome: Sicherheitslücke wird angegriffen ∗∗∗ --------------------------------------------- In der Nacht zum Dienstag hat Google den Chrome-Browser ungeplant aktualisiert. Eine Sicherheitslücke wird bereits attackiert. --------------------------------------------- https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitsluecke...
∗∗∗ Viele Sicherheitslücken in Dell OpenManage Network Integration geschlossen ∗∗∗ --------------------------------------------- Angreifer können Dell OpenManage Network Integration über verschiedene Wege attackieren. Sicherheitsupdates stehen zur Verfügung. --------------------------------------------- https://www.heise.de/news/Viele-Sicherheitsluecken-in-Dell-OpenManage-Networ...
∗∗∗ Britischer IT-Angestellter rächte sich an Ex-Arbeitgeber: Sieben Monate Haft ∗∗∗ --------------------------------------------- Nur wenige Stunden nach seiner Entlassung startete der junge Mann eine Cyberattacke und sorgte für Schäden in Höhe von 200.000 Pfund --------------------------------------------- https://www.derstandard.at/story/3000000277498/britischer-it-angestellter-ra...
∗∗∗ 50 customers of French bank hit after insider helped SIM swap scammers ∗∗∗ --------------------------------------------- French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients. --------------------------------------------- https://www.bitdefender.com/en-us/blog/hotforsecurity/50-customers-of-french...
∗∗∗ Encryption vs. Lawful Interception: EU policy news ∗∗∗ --------------------------------------------- I’ve commented here on this blog (or its German twin) quite a few time already on various legislative proposals on how the law enforcement agencies can keep their traditional access to the communication of suspects. See Ein paar Thesen zu aktuellen Gesetzesentwürfen (2017) Ein paar Gedanken zur „Überwachung verschlüsselter Nachrichten" (2024) Roles in .. --------------------------------------------- https://www.cert.at/en/blog/2025/7/encryption-vs-lawful-interception-eu-poli...
∗∗∗ DOJ raids 29 ‘laptop farms’ in crackdown on N. Korean IT worker scheme ∗∗∗ --------------------------------------------- The Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies. --------------------------------------------- https://therecord.media/doj-raids-laptop-farms-crackdown
∗∗∗ International Criminal Court targeted by new ‘sophisticated’ attack ∗∗∗ --------------------------------------------- The ICC credited its “alert and response mechanisms” for “swiftly” discovering, confirming and containing a cyberattack. --------------------------------------------- https://therecord.media/international-criminal-court-cyberattack-2025
∗∗∗ Malware in Apps: Godfather 2.0 für Android; SparkKitty in App-Stores ∗∗∗ --------------------------------------------- Kleiner Sammelbeitrag rund um das Thema Smartphone-Apps mit Malware an Bord. Aktuell feiert die Android-Malware Godfather 2.0 ihr Comeback bzw. Erfolge beim Raubzügen beim Online-Banking. Zudem haben Sicherheitsforscher .. --------------------------------------------- https://www.borncity.com/blog/2025/06/30/malware-in-apps-godfather-2-0-fuer-...
∗∗∗ What the NULL?! Wing FTP Server RCE (CVE-2025-47812) ∗∗∗ --------------------------------------------- While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It was almost the only interesting thing exposed, but we still wanted to get a foothold into their perimeter and provide the customer with an impactful finding. So we .. --------------------------------------------- https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-20...
∗∗∗ Django Joins curl in Pushing Back on AI Slop Security Reports ∗∗∗ --------------------------------------------- Django has updated its official security documentation with new guidance for AI-assisted vulnerability reports, responding to a rising number of submissions generated by large language models (LLMs) that cite fabricated code or non-existent features. The change was authored by Django Fellow Natalia Bidart, who helps maintain the project’s .. --------------------------------------------- https://socket.dev/blog/django-joins-curl-in-pushing-back-on-ai-slop-securit...
∗∗∗ How hacktivist cyber operations surged amid Israeli-Iranian conflict ∗∗∗ --------------------------------------------- In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the .. --------------------------------------------- https://outpost24.com/blog/hacktivist-cyber-operations-iran-israel/
===================== = Vulnerabilities = =====================
∗∗∗ XSA-470 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-470.html
∗∗∗ [R1] Nessus Version 10.8.5 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-13