Tageszusammenfassung - 06.05.2025

End-of-Day report

Timeframe: Montag 05-05-2025 18:00 - Dienstag 06-05-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Man pleads guilty to using malicious AI software to hack Disney employee

Fake image-generating app allowed man to download 1.1TB of Disney-owned data.

https://arstechnica.com/ai/2025/05/man-pleads-guilty-to-using-malicious-ai-software-to-hack-disney-employee/


Luna Moth extortion hackers pose as IT help desks to breach US firms

The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States.

https://www.bleepingcomputer.com/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/


"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399), (Mon, May 5th)

Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected ..

https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920


CISA slammed for role in censorship industrial complex as budget faces possible $500M cut

Because who needs cybersecurity when there-s culture wars to win President Trumps dream 2026 budget would gut the US govts Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million - about 17 percent - and accuses the organization of abandoning its core mission in favor of policing online speech.

https://www.theregister.com/2025/05/06/cisa_budget_cuts/


Signal-Affäre: Modifizierter Messenger stellt nach zweitem Einbruch Betrieb ein

In der US-Regierung wird eine modifizierte App benutzt, um per Signal zu kommunizieren. Die heißt TeleMessage, wurde zweimal geknackt und vorerst dicht gemacht.

https://www.heise.de/news/Signal-Affaere-Modifizierter-Messenger-stellt-nach-zweitem-Einbruch-Betrieb-ein-10372666.html


Peru denies it was hit by ransomware attack following Rhysida claims

The prolific ransomware gang claimed to have taken over the Peruvian governments domain.

https://therecord.media/peru-rhysida-ransomware-claims-denied


NSA to cut up to 2,000 civilian roles as part of intel community downsizing

The agency is expected to make the cuts by the end of year, however that deadline could change as it is tied to the Defense Department-s broader push to reduce its budget by 8 percent in each of the next five years.

https://therecord.media/nsa-to-cut-up-to-2000-roles-downsizing


Verizon DBIR 2025: Edge KEVs Are Increasingly Left Unpatched - and More Often Exploited in Breaches

Edge vulnerabilities are a critical and growing threat. The 2025 DBIR reveals an eightfold surge in exploitation, yet many remain unpatched despite immediate risk.

https://www.greynoise.io/blog/verizon-dbir-2025-edge-kevs-increasingly-left-unpatched-exploited


Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ..

https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/


A Timely Reminder: Russia-s Enduring Cyber Threat to Critical Infrastructure

Russia-s cyber operations - ranging from power-grid disruptions to global ransomware - continue to be among the world-s most prolific and destructive, underscoring the continued ..

https://detect.fyi/a-timely-reminder-russias-enduring-cyber-threat-to-critical-infrastructure-92800fa0ba5a


How to Harden GitHub Actions: The Unofficial Guide

Build resilient GitHub Actions workflows with lessons from recent attacks.

https://www.wiz.io/blog/github-actions-security-guide


Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Fedora (chromium and kappanhang), Red Hat (osbuild-composer and thunderbird), SUSE (chromedriver), and Ubuntu (c-ares, corosync, mysql-8.0, mysql-8.4, openjdk-17, openjdk-21, openjdk-24, openjdk-8, and openjdk-lts).

https://lwn.net/Articles/1020222/