End-of-Day report
Timeframe: Montag 05-05-2025 18:00 - Dienstag 06-05-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Man pleads guilty to using malicious AI software to hack Disney employee
Fake image-generating app allowed man to download 1.1TB of Disney-owned data.
https://arstechnica.com/ai/2025/05/man-pleads-guilty-to-using-malicious-ai-software-to-hack-disney-employee/
Luna Moth extortion hackers pose as IT help desks to breach US firms
The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States.
https://www.bleepingcomputer.com/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/
"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399), (Mon, May 5th)
Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected ..
https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920
CISA slammed for role in censorship industrial complex as budget faces possible $500M cut
Because who needs cybersecurity when there-s culture wars to win President Trumps dream 2026 budget would gut the US govts Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million - about 17 percent - and accuses the organization of abandoning its core mission in favor of policing online speech.
https://www.theregister.com/2025/05/06/cisa_budget_cuts/
Signal-Affäre: Modifizierter Messenger stellt nach zweitem Einbruch Betrieb ein
In der US-Regierung wird eine modifizierte App benutzt, um per Signal zu kommunizieren. Die heißt TeleMessage, wurde zweimal geknackt und vorerst dicht gemacht.
https://www.heise.de/news/Signal-Affaere-Modifizierter-Messenger-stellt-nach-zweitem-Einbruch-Betrieb-ein-10372666.html
Peru denies it was hit by ransomware attack following Rhysida claims
The prolific ransomware gang claimed to have taken over the Peruvian governments domain.
https://therecord.media/peru-rhysida-ransomware-claims-denied
NSA to cut up to 2,000 civilian roles as part of intel community downsizing
The agency is expected to make the cuts by the end of year, however that deadline could change as it is tied to the Defense Department-s broader push to reduce its budget by 8 percent in each of the next five years.
https://therecord.media/nsa-to-cut-up-to-2000-roles-downsizing
Verizon DBIR 2025: Edge KEVs Are Increasingly Left Unpatched - and More Often Exploited in Breaches
Edge vulnerabilities are a critical and growing threat. The 2025 DBIR reveals an eightfold surge in exploitation, yet many remain unpatched despite immediate risk.
https://www.greynoise.io/blog/verizon-dbir-2025-edge-kevs-increasingly-left-unpatched-exploited
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ..
https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/
A Timely Reminder: Russia-s Enduring Cyber Threat to Critical Infrastructure
Russia-s cyber operations - ranging from power-grid disruptions to global ransomware - continue to be among the world-s most prolific and destructive, underscoring the continued ..
https://detect.fyi/a-timely-reminder-russias-enduring-cyber-threat-to-critical-infrastructure-92800fa0ba5a
How to Harden GitHub Actions: The Unofficial Guide
Build resilient GitHub Actions workflows with lessons from recent attacks.
https://www.wiz.io/blog/github-actions-security-guide
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Fedora (chromium and kappanhang), Red Hat (osbuild-composer and thunderbird), SUSE (chromedriver), and Ubuntu (c-ares, corosync, mysql-8.0, mysql-8.4, openjdk-17, openjdk-21, openjdk-24, openjdk-8, and openjdk-lts).
https://lwn.net/Articles/1020222/