End-of-Day report
Timeframe: Donnerstag 12-06-2025 18:00 - Freitag 13-06-2025 18:00
Handler: Guenes Holler
Co-Handler: Alexander Riepl
News
Trend Micro fixes critical vulnerabilities in multiple products
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products.
https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/
Nach über 100 Jahren: Cyberangriff drängt deutsche Firma in die Insolvenz
Der in Euskirchen ansässige Serviettenhersteller Fasana hat nach einem Cyberangriff Zahlungsprobleme. Hacker haben den Betrieb vollständig lahmgelegt.
https://www.golem.de/news/nach-ueber-100-jahren-cyberangriff-draengt-deutsche-firma-in-die-insolvenz-2506-197112.html
[Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware, (Fri, Jun 13th)
This is a Guest Diary by Michal Ambrozkiewicz, an ISC intern as part of the SANS.edu Bachelor ..
https://isc.sans.edu/diary/Guest+Diary+Anatomy+of+a+Linux+SSH+Honeypot+Attack+Detailed+Analysis+of+Captured+Malware/32024
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own ..
https://thehackernews.com/2025/06/wordpress-sites-turned-weapon-how.html
"Anmeldung mit nicht erkanntem Gerät": Phishing-Attacke im Namen von PayPal
Ein angeblicher Login in ein bestehendes PayPal-Profil ruft die ebenso angebliche Sicherheitsabteilung des Unternehmens auf den Plan. Hinter den alarmierenden E-Mails und SMS-Nachrichten steckt aber nichts weiter als eine klassische Phishing-Masche.
https://www.watchlist-internet.at/news/phishing-attacke-paypal/
Bert ransomware: what you need to know
Bert is a recently-discovered strain of ransomware that encrypts victims files and demands a payment for the decryption key. Read more in my article on the Fortra blog.
https://www.fortra.com/blog/bert-ransomware-what-you-need-know
Serverless Tokens in the Cloud: Exploitation and Detections
Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers.
https://unit42.paloaltonetworks.com/serverless-authentication-cloud/
Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors ..
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a
E-Mail-Sicherheit: Verstärkte Angriffe mit SVG
Immer mehr Phishing-Kampagnen nutzen das wenig bekannte Vektorgrafik-Format SVG. Das kann nämlich Skripte enthalten, die dann beim Öffnen ausgeführt werden.
https://heise.de/-10444330
Vulnerabilities
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, glibc, kernel, and mod_security), Fedora (chromium, gh, mingw-icu, nginx-mod-modsecurity, python3.10, python3.9, thunderbird, valkey, and yarnpkg), Oracle (.NET 8.0, .NET 9.0, glibc, grafana-pcp, kernel, libxml2, mod_security, nodejs:20, and thunderbird), SUSE (audiofile, helm, kubernetes-old, kubernetes1.23, kubernetes1.24, libcryptopp, postgresql15, thunderbird, and valkey), and Ubuntu (linux-nvidia-tegra-igx).
https://lwn.net/Articles/1025354/
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems (ICS) advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-162-01 Siemens Tecnomatix Plant SimulationICSA-25-162-02 Siemens RUGGEDCOM APE1808ICSA-25-162-03 Siemens SCALANCE and RUGGEDCOMICSA-25-162-04 ..
https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-ten-industrial-control-systems-advisories
[R1] Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2025-11