===================== = End-of-Day report = =====================
Timeframe: Montag 13-10-2025 18:00 − Dienstag 14-10-2025 18:00 Handler: Guenes Holler Co-Handler: n/a
===================== = News = =====================
∗∗∗ Hackers can steal 2FA codes and private messages from Android phones ∗∗∗ --------------------------------------------- Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. --------------------------------------------- https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hac...
∗∗∗ Chinese hackers abuse geo-mapping tool for year-long persistence ∗∗∗ --------------------------------------------- Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-map...
∗∗∗ Secure Boot bypass risk on nearly 200,000 Linux Framework sytems ∗∗∗ --------------------------------------------- Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-ne...
∗∗∗ Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. --------------------------------------------- https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html
∗∗∗ npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels ∗∗∗ --------------------------------------------- Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. --------------------------------------------- https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html
===================== = Vulnerabilities = =====================
∗∗∗ Sicherheitslücke: Weiterer Notfall-Patch für Oracle E-Business Suite ∗∗∗ --------------------------------------------- Oracle hat ein weiteres außerplanmäßiges Update für die E-Business Suite veröffentlicht. Einer Sicherheitswarnung zufolge lässt sich eine Sicherheitslücke mit der Kennung CVE-2025-61884(öffnet im neuen Fenster) aus der Ferne und ohne Authentifizierung ausnutzen. Angreifer erhalten unter Umständen Zugriff auf vertrauliche Ressourcen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-weiterer-notfall-patch-fuer-orac...
∗∗∗ SAP-Patchday im Oktober behebt mehrere kritische Schwachstellen ∗∗∗ --------------------------------------------- Jetzt updaten: Unter anderem stehen wichtige Sicherheitsupdates und -hinweise für NetWeaver, Print Service und Supplier Relationship Management bereit. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-im-Oktober-behebt-mehrere-kritische-S...
∗∗∗ Jetzt patchen: Veeam Backup & Replication anfällig für Remote Code Execution ∗∗∗ --------------------------------------------- Ein frisch veröffentlichter Patch schützt Veeams Backup-Lösung gleich zweimal vor Codeausführung aus der Ferne. Auch der Agent für Windows wurde abgesichert. --------------------------------------------- https://www.heise.de/news/Jetzt-patchen-Veeam-Backup-Replication-anfaellig-f...
∗∗∗ Totgeglaubter Internet Explorer wird zur Sicherheitslücke: Microsoft reagiert ∗∗∗ --------------------------------------------- Nach aktiven Angriffen hat Microsoft den Internet-Explorer-Modus in Edge drastisch eingeschränkt. Angreifer nutzten sogar Zero-Days für Systemübernahmen. --------------------------------------------- https://www.heise.de/news/Gefahr-aus-dem-Grab-Microsoft-verbuddelt-IE-noch-t...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript and libfcgi), Fedora (qt5-qtsvg), Red Hat (kernel, perl-FCGI, perl-FCGI:0.78, and vim), SUSE (bluez, curl, podman, postgresql14, python-xmltodict, and udisks2), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-fips, linux-oracle, and subversion). --------------------------------------------- https://lwn.net/Articles/1041886/
∗∗∗ Ivanti: October 2025 Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/october-2025-security-update