===================== = End-of-Day report = =====================

Timeframe: Mittwoch 16-04-2025 18:00 − Donnerstag 17-04-2025 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer

===================== = News = =====================

∗∗∗ MITRE CVE Program - the past, the present .. and the (European) future. ∗∗∗ --------------------------------------------- The Common Vulnerabilities and Exposures (CVE) program is a globally adopted system for identifying and naming cybersecurity vulnerabilities with unique IDs. Established in 1999 by researchers at the MITRE Corporation (a U.S. non-profit R&D organization), CVE was created to ensure that different security tools and stakeholders can refer to the same vulnerability in a consistent way. --------------------------------------------- https://bytesandborscht.com/mitre-cve-program-the-past-the-present-and-the-e...

∗∗∗ RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th) ∗∗∗ --------------------------------------------- When I first saw malware being uploaded to my honeypot, I was lacking the requisite experience to reverse engineer it, and to understand what was happening with the code. Even though I could use any text editor to examine the associated scripts that were being uploaded with RedTail malware, I couldn’t see what was happening with the redtail malware itself. So, I decided to create a how-to on setting up a malware analysis program. --------------------------------------------- https://isc.sans.edu/diary/rss/31868

∗∗∗ Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns ∗∗∗ --------------------------------------------- Earlier this year SpiderLabs observed an increase in mass scanning, credential brute forcing, and exploitation attempts originating from Proton66 ASN targeting organizations worldwide that we are discussing in a two-part series. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-par...

∗∗∗ Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler ∗∗∗ --------------------------------------------- Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. --------------------------------------------- https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html

∗∗∗ CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection that could result in code execution. --------------------------------------------- https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html

∗∗∗ Support-Ende von Ubuntu 20.04 dräut ∗∗∗ --------------------------------------------- Der Support für Ubuntu 20.04 endet in wenigen Wochen. Ubuntu empfiehlt ein Upgrade oder erweiterten Support mit Ubuntu Pro. --------------------------------------------- https://www.heise.de/news/Support-Ende-von-Ubuntu-20-04-draeut-10355860.html

∗∗∗ Unmasking the new XorDDoS controller and infrastructure ∗∗∗ --------------------------------------------- Cisco Talos observed an existing distributed denial-of-service (DDoS) malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. --------------------------------------------- https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-...

===================== = Vulnerabilities = =====================

∗∗∗ Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks ∗∗∗ --------------------------------------------- Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. --------------------------------------------- https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html

∗∗∗ Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution ∗∗∗ --------------------------------------------- A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. --------------------------------------------- https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html

∗∗∗ Drupal releases Security Advisories for multiple Critical and High Vulnerabilities ∗∗∗ --------------------------------------------- Including 5 critical and 2 high severity. --------------------------------------------- https://www.drupal.org/security

∗∗∗ Atlassian stopft hochriskante Lecks in Confluence, Jira & Co. ∗∗∗ --------------------------------------------- Atlassian hat für Bamboo, Confluence und Jira Aktualisierungen herausgegeben, die als hohes Risiko eingestufte Sicherheitslücken in den Produkten abdichten sollen. IT-Verantwortliche sollten die Updates zeitnah herunterladen und anwenden. --------------------------------------------- https://www.heise.de/news/Atlassian-stopft-hochriskante-Lecks-in-Confluence-...

∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025) ∗∗∗ --------------------------------------------- Last week, there were 340 vulnerabilities disclosed in 303 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 67 Vulnerability Researchers that contributed to WordPress Security last week. --------------------------------------------- https://www.wordfence.com/blog/2025/04/wordfence-intelligence-weekly-wordpre...

∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Oracle (expat, freetype, glibc, grub2, gvisor-tap-vsock, and kernel), Red Hat (grub2 and webkit2gtk3), and SUSE (apache2-mod_auth_openidc, cosign, gitoxide, govulncheck-vulndb, GraphicsMagick, haproxy, hauler, mozjs52, oci-cli, pam, perl-Data-Entropy, poppler, python-lxml-doc, python311-aiohttp, rekor, rubygem-rexml, and webkit2gtk3). --------------------------------------------- https://lwn.net/Articles/1017919/

∗∗∗ Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...

∗∗∗ Cisco Webex App Client-Side Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...

∗∗∗ [R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0, 6.4.5 and 6.5.1: SC-202504.2 ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-04

∗∗∗ F5 K000150879: OpenSSH vulnerability CVE-2025-26466 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000150879

∗∗∗ F5 K000150901: Linux kernel vulnerability CVE-2024-46713 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000150901