===================== = End-of-Day report = =====================

Timeframe: Montag 27-10-2025 18:00 − Dienstag 28-10-2025 18:00 Handler: Alexander Riepl Co-Handler: Felician Fuchs

===================== = News = =====================

∗∗∗ Google disputes false claims of massive Gmail data breach ∗∗∗ --------------------------------------------- Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-...

∗∗∗ Millionen Gmail-Passwörter gestohlen: Ist eures darunter? ∗∗∗ --------------------------------------------- Laut dem Cybersecurity-Experten Troy Hunt, der das Datenleck aufgedeckt hat, könnten 3,5 Terabyte an Daten betroffen sein. --------------------------------------------- https://futurezone.at/digital-life/gmail-passwoerter-datenleak-pwned-cyberse...

∗∗∗ Ransomware: Immer weniger Unternehmen zahlen Hackern ein Lösegeld ∗∗∗ --------------------------------------------- Die Rentabilität von Ransomware-Attacken fällt. Nicht nur zahlen immer weniger Opfer das Lösegeld. Auch die Höhe der Zahlungen ist zuletzt stark gefallen. --------------------------------------------- https://www.golem.de/news/ransomware-immer-weniger-unternehmen-zahlen-hacker...

∗∗∗ Admin-Zugang gekapert: Insasse hackt Gefängnis-IT und macht Mithäftlinge reich ∗∗∗ --------------------------------------------- Aufgeflogen ist alles, weil Inhaftierte ihre Gier nicht im Griff hatten. Ein Millionenbetrag auf dem Konto eines Insassen ist dann doch etwas auffällig. --------------------------------------------- https://www.golem.de/news/admin-zugang-gekapert-insasse-hackt-gefaengnis-it-...

∗∗∗ Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs ∗∗∗ --------------------------------------------- Kaspersky GReAT experts dive deep into the BlueNoroff APTs GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images. --------------------------------------------- https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/1178...

∗∗∗ BSI: Checkliste für Vorgehen bei geknackten Konten ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat zusammen mit dem Programm polizeiliche Kriminalprävention (ProPK) eine Checkliste veröffentlicht, die Privatanwendern helfen soll, wenn ihre Zugänge von Kriminellen übernommen wurden. --------------------------------------------- https://www.heise.de/news/BSI-Checkliste-fuer-Vorgehen-bei-geknackten-Konten...

∗∗∗ Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild ∗∗∗ --------------------------------------------- On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management. Microsoft's initial patch during the October Patch Tuesday did not fully address the flaw, necessitating an emergency out-of-band security update released Oct. 23, 2025. Within hours of the emergency update, Unit 42 and other security researchers observed active exploitation in the wild. --------------------------------------------- https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/

∗∗∗ US declines to join more than 70 countries in signing UN cybercrime treaty ∗∗∗ --------------------------------------------- More than 70 countries signed the landmark UN Convention against Cybercrime in Hanoi this weekend, a significant step in the yearslong effort to create a global mechanism to counteract digital crime. --------------------------------------------- https://therecord.media/us-declines-signing-cybercrime-treaty

∗∗∗ Steigende Cyber-Attacken auf die Fertigungsindustrie ∗∗∗ --------------------------------------------- Die Fertigungsindustrie gerät wohl immer mehr ins Visier von Cyber-Kriminellen. Check Point Research stellt steigende Fallzahlen von Angriffen fest. Führungskräfte sollten sich mit diesem Trend auseinandersetzen, denn Cyber-Sicherheit ist kein exklusives Thema mehr, welches man seiner IT-Abteilung überlässt. --------------------------------------------- https://www.borncity.com/blog/2025/10/28/steigende-cyber-attacken-auf-die-fe...

∗∗∗ Vulnerability Management – Process Perspective ∗∗∗ --------------------------------------------- In this post, we dive deeper into the HOW of vulnerability management. This post is dedicated to the processes to provide a comprehensive overview. --------------------------------------------- https://blog.nviso.eu/2025/10/28/vulnerability-management-process-perspectiv...

∗∗∗ Keys to the Kingdom: A Defenders Guide to Privileged Account Monitoring ∗∗∗ --------------------------------------------- Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/privileged-account-...

∗∗∗ Friends don’t let friends reuse IVs ∗∗∗ --------------------------------------------- If you’ve encountered cryptography software, you’ve probably heard the advice to never use an IV (initial value) twice—in fact, that’s where the other common name for that concept, nonce (number used once), comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key! But common knowledge may not cover every possible way to accidentally reuse nonces. Sometimes, the techniques that are supposed to prevent nonce reuse have subtle flaws. --------------------------------------------- https://blog.trailofbits.com/2024/09/13/friends-dont-let-friends-reuse-nonce...

===================== = Vulnerabilities = =====================

∗∗∗ Docker Desktop: Windows-Installer für Ausführung von Schadcode anfällig ∗∗∗ --------------------------------------------- Der Windows-Installer von Docker Desktop lässt sich falsche DLLs unterschieben. Die Entwickler steuern mit einer aktualisierten Software-Version gegen. --------------------------------------------- https://www.heise.de/news/Docker-Desktop-Windows-Installer-fuer-Ausfuehrung-...

∗∗∗ Proxmon Backup Server: Angreifer können Backup-Snapshots zerstören ∗∗∗ --------------------------------------------- Die Entwickler der Backuplösung Proxmon Backup Server haben Sicherheitslücken geschlossen. Bislang gibt es keine Berichte zu Attacken. --------------------------------------------- https://www.heise.de/news/Proxmon-Backup-Server-Angreifer-koennen-Backup-Sna...

∗∗∗ 100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin ∗∗∗ --------------------------------------------- On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. --------------------------------------------- https://www.wordfence.com/blog/2025/10/100000-wordpress-sites-affected-by-ar...

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, libtiff, squid:4, and thunderbird), Debian (strongswan and webkit2gtk), Fedora (pcre2, qt5-qtbase, squid, unbound, and xen), Mageia (icu and libtpms), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, squid:4, and thunderbird), Red Hat (libtiff, squid, squid:4, and webkit2gtk3), SUSE (cmake, dracut-saltboot, erlang, exim, expat, ffmpeg-4, firefox, golang-github-prometheus-alertmanager, haproxy, java-11-openjdk, kernel, libxslt, multi-linux-manager, openssl-3, podman, rabbitmq-server, spacewalk-web, strongswan, and wireshark), and Ubuntu (gst-plugins-good1.0, linux-aws-5.15, radare2, ruby2.3, ruby2.5, ruby2.7, and strongswan). --------------------------------------------- https://lwn.net/Articles/1043776/

∗∗∗ Security Vulnerabilities fixed in Firefox 144.0.2, High impact ∗∗∗ --------------------------------------------- Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-86/

∗∗∗ "ChatGPT Tainted Memories" Exploit Enables Command Injection in Atlas Browser ∗∗∗ --------------------------------------------- LayerX Security found a flaw in OpenAI’s ChatGPT Atlas browser that lets attackers inject commands into its memory, posing major security and phishing risks. --------------------------------------------- https://hackread.com/chatgpt-tainted-memories-atlas-browser/

∗∗∗ CISA Releases Three Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released three Industrial Control Systems (ICS) Advisories: ICSA-25-301-01 Schneider Electric EcoStruxure, ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services and ICSA-24-352-04 Schneider Electric Modicon (Update B). --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/10/28/cisa-releases-three-indus...