Tageszusammenfassung - 08.05.2025

End-of-Day report

Timeframe: Mittwoch 07-05-2025 18:00 - Donnerstag 08-05-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl

News

WhatsApp provides no cryptographic management for group messages

The weakness creates the possibility of an insider or hacker adding rogue members. [..] -This means that it is possible for the WhatsApp server to add new members to a group,- Martin R. Albrecht, a researcher at King's College in London, wrote in an email. -A correct client-like the official clients-will display this change but will not prevent it. Thus, any group chat that does not verify who has been added to the chat can potentially have their messages read.-

https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/


Password crisis deepens in 2025: lazy, reused, and stolen

A new study of over 19 billion newly exposed passwords manifests a widespread weak password reuse crisis. Lazy keyboard patterns, such as 123456, still reign supreme, and 94% of passwords are reused or duplicated, data leaks from 2024-2025 reveal. Names like Ana rank as the second most popular component.

https://cybernews.com/security/password-leak-study-unveils-2025-trends-reused-and-lazy/


Ransomware: Unbekannte Angreifer leaken LockBit-Datenbank - dank PHP-Exploit?

Tausende Bitcoin-Adressen, Chatnachrichten und weitere brisante Details des Ransomware-Anbieters kursieren nun im Web. Der LockBit-Support relativiert.

https://www.heise.de/news/Ransomware-Unbekannte-Angreifer-leaken-LockBit-Datenbank-dank-PHP-Exploit-10375825.html


RCEs and more in the KUNBUS GmbH Revolution Pi PLC

Four new vulnerabilities in the Revolution Pi industrial PLCs. Two give unauthenticated attackers RCE-potentially a direct impact on safety and operations. [..] Since the vulnerabilities affect ICS equipment, we coordinated disclosure with CISA and KUNBUS- PSIRT team (security.txt).

https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gmbh-revolution-pi-plc/


2,99 - Einfuhrzoll für die Post? Achtung, Phishing!

Ein Paket hängt im Zoll fest? Die Auslieferung ist nur gegen die Zahlung einer Gebühr möglich? Ein Szenario, das Kriminelle aktuell verstärkt als Betrugsmasche einsetzen. Sie versenden Phishing-Mails im Namen der Post AG und hoffen auf leichtgläubige Opfer.

https://www.watchlist-internet.at/news/einfuhrzoll-fuer-die-post/


Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads

Scammers are using fake AI tools and Facebook ads to spread Noodlophile Stealer malware, targeting users with a multi-stage attack to steal credentials.

https://hackread.com/fake-ai-tools-noodlophile-stealer-facebook-ads/


RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale

Learn how RedisRaider is targeting publicly accecesibly Redis servers to mine crypocurrency.

https://securitylabs.datadoghq.com/articles/redisraider-weaponizing-misconfigured-redis/

Vulnerabilities

SonicWall urges admins to patch VPN flaw exploited in attacks

Discovered and reported by Rapid7 cybersecurity researcher Ryan Emmons, the three security flaws (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821) can be chained by attackers to gain remote code execution as root and compromise vulnerable instances. The vulnerabilities impact SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and are patched in firmware version 10.2.1.15-81sv and higher. [..] SonicWall advised admins to check their SMA devices' logs for any signs of unauthorized logins and enable the web application firewall and multifactor authentication (MFA) on their SMA100 appliances as a safety measure.

https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/


CISCO Security Advisories 07. - 08.05.2025

Cisco has released 29 new security Advisories.

https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2025%2F05%2F07&firstPublishedEndDate=2025%2F05%2F08&limit=50&pageNum=1&isRenderingBugList=false


Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability

A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. [..] Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default. CVE-2025-20188

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC


Cisco Catalyst Center Unauthenticated API Access Vulnerability

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. CVE-2025-20210

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM


Drupal Security Advisories 07.05.2025

Drupal has released 10 new security advisories.

https://www.drupal.org/security


Ubiquiti UniFi Protect: Kritisches Leck ermöglicht Codeschmuggel

In einer Sicherheitsmitteilung erörtert Ubiquiti die Schwachstellen. Bösartige Akteure mit Zugriff auf das Verwaltungsnetzwerk können einen Heap-basierten Pufferüberlauf in den Unifi-Protect-Kameras mit Firmware 4.75.43 und vorherigen provozieren und dadurch beliebigen Code einschleusen und ausführen (CVE-2025-23123, CVSS 10.0, Risiko "kritisch").

https://www.heise.de/news/Ubiquity-UniFi-Protect-Einschleusen-von-Schadcode-moeglich-10375772.html


Mitel SIP-Phones lassen sich beliebige Befehle unterjubeln

Laut der Sicherheitsmitteilung von Mitel gibt es eine Befehlsschmuggel-Lücke in den SIP-Phones der Baureihen 6800, 6900, 6900w sowie dem 6970-Konferenz-Modell. Angreifer aus dem Netz können dadurch ohne vorherige Authentifizierung Befehle einschleusen, da nicht näher genannte Parameter nicht ausreichend gefiltert werden. Damit können sie System- und Nutzer-Daten und Konfigurationen einsehen oder ändern (CVE-2025-47188, CVSS 9.8, Risiko "kritisch").

https://heise.de/-10376625


Wordfence Intelligence Weekly WordPress Vulnerability Report (April 28, 2025 to May 4, 2025)

https://www.wordfence.com/blog/2025/05/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-28-2025-to-may-4-2025/