Tageszusammenfassung - 18.06.2025

End-of-Day report

Timeframe: Dienstag 17-06-2025 18:00 - Mittwoch 18-06-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer

News

Cybersecurity takes a big hit in new Trump executive order

Cybersecurity practitioners are voicing concerns over a recent executive order issued by the White House that guts requirements for: securing software the government uses, punishing people who compromise sensitive networks, preparing new encryption schemes that will withstand attacks from quantum computers, and other existing controls.

https://arstechnica.com/security/2025/06/cybersecurity-take-a-big-hit-in-new-trump-executive-order/

Instagram BMO ads use AI deepfakes to scam banking customers

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others use official branding to drive traffic outside of the platform to lookalike illicit domains that are not affiliated with banks.

https://www.bleepingcomputer.com/news/security/instagram-bmo-ads-use-ai-deepfakes-to-scam-banking-customers/

Schutz vor Cyberangriffen: Der Iran nimmt sich selbst vom Netz

Der Iran schränkt seine Verbindung zum weltweiten Internet offenbar gezielt ein, um sich infolge des seit dem 13. Juni andauernden israelisch-iranischen Krieges vor möglichen Cyberattacken aus Israel zu schützen. Zunächst wurde lediglich die Geschwindigkeit gedrosselt. Einem X-Beitrag von Netblocks zufolge ist der Datenverkehr des Iran innerhalb kürzester Zeit um 75 Prozent zurückgegangen.

https://www.golem.de/news/schutz-vor-cyberangriffen-der-iran-nimmt-sich-selbst-vom-netz-2506-197230.html

LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts.

https://thehackernews.com/2025/06/langchain-langsmith-bug-let-hackers.html

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).

https://thehackernews.com/2025/06/google-chrome-zero-day-cve-2025-2783.html

Exploring Netstalking - Mapping the Hidden Corners of the Internet

Netstalking is the art of exploring little-known, rarely visited parts of the internet-ranging from forgotten photo archives and open surveillance cameras to defunct servers and prototype systems-using techniques like IP scanning, deep web search, and network archaeology. The activity originated in 2009 among Russian internet subcultures and draws its name from the -S.T.A.L.K.E.R.- mythos.

https://www.darknet.org.uk/2025/06/exploring-netstalking-mapping-the-hidden-corners-of-the-internet/

Minecraft Players Targeted in Sophisticated Malware Campaign

This campaign reminds us that even the most familiar digital spaces can become a playground for cyber criminals. By disguising malware as Minecraft mods, attackers were able to quietly target an engaged and unsuspecting user base with a multistage, Java-based infection chain. Because these files often appear harmless and can slip past traditional defenses, any Minecraft player is at risk.

https://blog.checkpoint.com/research/minecraft-players-targeted-in-sophisticated-malware-campaign/

Scattered Spider hackers targeting insurance industry following retail hits, Google warns

A group of hackers behind a recent string of attacks on retail stores in the U.K. and U.S. has shifted its focus to insurance firms in recent days, according to cybersecurity researchers.

https://therecord.media/scattered-spider-targeting-insurance-sector-following-retail-attacks

When legitimate tools go rogue

Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

https://blog.talosintelligence.com/when-legitimate-tools-go-rogue/

CVE Trends to Watch: Real-World Risks to Telecom and Professional Services

Between 2023-2025, there was a 38% increase in CVEs. Learn which industry sectors have seen the highest levels of CVEs, & which CVEs had the highest impact.

https://www.bitsight.com/blog/cve-trends-by-sector

Achtstellige Passwörter unzureichend: Datenschutzstrafe für Genfirma 23andme

2023 wurden fast 7 Millionen Datensätze von Kunden 23andmes im Darknet feilgeboten. Großbritannien verhängt eine Millionenstrafe.

https://heise.de/-10450679

AMD stopft Sicherheitslecks in Krypto-Coprozessor und TPM

AMD hat im Juni aktualisierte Firmware veröffentlicht, die teils hochriskante Sicherheitslücken in den Prozessoren schließt. Betroffen sind etwa die Krypto-Coprozessoren sowie das Firmware-TPM moderner Ryzen- und zum Teil auch der abgespeckten Athlon-CPUs.

https://heise.de/-10451026

Malvertising: Bösartige Werbung schiebt Anbieterseiten falsche Nummern unter

Betrüger schieben mit Werbelinks in Suchergebnissen echten Anbieterseiten falsche Telefonnummern unter, warnen IT-Sicherheitsforscher.

https://heise.de/-10451518

2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain

An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.

https://socket.dev/blog/2025-blockchain-and-cryptocurrency-threat-report?utm_medium=feed

libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden

Libxml2-s solo maintainer drops embargoed security fixes, highlighting the burden on unpaid volunteers who keep critical open source software secure.

https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports?utm_medium=feed

Vulnerabilities

BeyondTrust warns of pre-auth RCE in Remote Support software

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers.

https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-pre-auth-rce-in-remote-support-software/

Security updates for Wednesday

Security updates have been issued by Debian (gst-plugins-bad1.0, konsole, and libblockdev), Oracle (buildah, containernetworking-plugins, gimp, git-lfs, gvisor-tap-vsock, kernel, libvpx, podman, and skopeo), Red Hat (apache-commons-beanutils and thunderbird), Slackware (xorg), SUSE (gdm, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, govulncheck-vulndb, grafana, kernel, Multi-Linux Manager, Multi-Linux Manager Client Tools, openssl-3, pam, python-cryptography, python-requests, python-setuptools, python3-requests, SUSE Manager Server, systemd, ucode-intel, xorg-x11-server, and xwayland), and Ubuntu (dwarfutils, mujs, node-katex, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, and xorg-server, xwayland).

https://lwn.net/Articles/1025862/

Citrix Netscaler ADC: Kritische Sicherheitslücken dringend fixen

Von den Schwachstellen sind die NetScaler ADC- und Gateway-Versionen 14.1 vor 14.1-43.56, 13.1 vor 13.1-58.32 sowie diverse FIPS-Varianten betroffen. Wichtig: Ältere Versionen (12.1 und 13.0) sind End-of-Life (EOL) und erhalten keine Sicherheitsupdates mehr. Von Citrix ist die empfohlene Maßnahme ein umgehendes Update auf die gepatchten Versionen (z.B. 14.1-43.56, 13.1-58.32). Nach dem Update sollten alle aktiven ICA- und PCoIP-Sitzungen auf allen NetScaler-Appliances beendet werden, um eine vollständige Absicherung zu gewährleisten.

https://www.borncity.com/blog/2025/06/18/citrix-netscaler-adc-kritische-sicherheitsluecken-dringend-fixen/

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on June 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-releases-five-industrial-control-systems-advisories

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386. The vulnerability, which carries a CVSS score of 7.8, is categorized as a Linux Kernel Privilege Escalation flaw. It stems from improper ownership management within the Linux kernel-s OverlayFS subsystem. If exploited successfully, attackers can escalate privileges on affected systems, gain unauthorized access, and potentially execute arbitrary code with elevated rights.

https://thecyberexpress.com/cisa-warns-cve-2023-0386-linux-vulnerability/

Windows 11: Out-of-Band-Update KB5063060 mit Error 0x800f0818 / 0x80070306

Noch ein kurzer Nachtrag zu den im Juni 2025 veröffentlichten Sicherheitsupdates für Windows 10 und Windows 11. Diese verursachen bei manchen Anwendern diverse Probleme. So wirft das zum 11. Juni 2025 nachgeschobene Out-of-Band-Update KB5063060 bei manchen Nutzern den Installationsfehler 0x800f0818 oder 0x80070306.

https://www.borncity.com/blog/2025/06/18/windows-11-out-of-band-update-kb5063060-mit-error-0x800f0818/