===================== = End-of-Day report = =====================

Timeframe: Donnerstag 18-09-2025 18:00 − Freitag 19-09-2025 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer

===================== = News = =====================

∗∗∗ Backup-Diebstahl: Angreifer stahlen bei Sonicwall Firewallkonfigurationen ∗∗∗ --------------------------------------------- Der Firewallhersteller Sonicwall meldet einen Einbruch in Cloud-Konten seiner Kunden. Dabei haben Unbekannte Sicherungskopien von Firewallkonfigurationsdateien unerlaubt vervielfältigt und exfiltriert. Es handelt sich jedoch nicht um einen Cyberangriff auf Sonicwall, sondern offenbar um massenhaftes Durchprobieren von Zugangsdaten. [..] Die entwendeten Konfigurationsdateien können sensible Informationen enthalten und Angriffe erleichtern. Offenbar sind nur wenige Kunden betroffen. --------------------------------------------- https://heise.de/-10662565

∗∗∗ CISA exposes malware kits deployed in Ivanti EPMM attacks ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The flaws are an authentication bypass in EPMM’s API component (CVE-2025-4427) and a code injection vulnerability (CVE-2025-4428) that allows execution of arbitrary code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-exposes-malware-kits-dep...

∗∗∗ New attack on ChatGPT research agent pilfers secrets from Gmail inboxes ∗∗∗ --------------------------------------------- Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of the victim and no sign of exfiltration. --------------------------------------------- https://arstechnica.com/information-technology/2025/09/new-attack-on-chatgpt...

∗∗∗ Threat landscape for industrial automation systems in Q2 2025 ∗∗∗ --------------------------------------------- Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025. --------------------------------------------- https://securelist.com/industrial-threat-report-q2-2025/117532/

∗∗∗ How AI-Native Development Platforms Enable Fake Captcha Pages ∗∗∗ --------------------------------------------- Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/i/ai-development-platforms-enab...

===================== = Vulnerabilities = =====================

∗∗∗ Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability ∗∗∗ --------------------------------------------- Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity. "A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection," Fortra said in an advisory released Thursday. --------------------------------------------- https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.ht...

∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, cjson, and firefox-esr), Fedora (expat, gh, scap-security-guide, and xen), Oracle (container-tools:rhel8, firefox, grub2, and mysql:8.4), SUSE (busybox, busybox-links, element-web, kernel, shadowsocks-v2ray-plugin, and yt-dlp), and Ubuntu (imagemagick, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-oracle-6.8, linux-realtime, and openjpeg2). --------------------------------------------- https://lwn.net/Articles/1038802/

∗∗∗ CISA Releases Nine Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-25-261-01 Westermo Network Technologies WeOS 5, ICSA-25-261-02 Westermo Network Technologies WeOS 5, ICSA-25-261-03 Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit, ICSA-25-261-04 Hitachi Energy Asset Suite, ICSA-25-261-05 Hitachi Energy Service Suite, ICSA-25-261-06 Cognex In-Sight Explorer and In-Sight Camera Firmware, ICSA-25-261-07 Dover Fueling Solutions ProGauge MagLink LX4 Devices --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-nine-indust...