Tageszusammenfassung - 24.06.2025

End-of-Day report

Timeframe: Montag 23-06-2025 18:00 - Dienstag 24-06-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Auswirkungen des militärischen Konfliktes zwischen Israel und dem Iran auf Österreich

Vorliegende Analysen internationaler Behörden und Sicherheitsunternehmen verzeichnen seit dem Beginn der aktuellen militärischen Auseinandersetzung zwischen Israel und dem Iran verstärkte Aktivitäten von Bedrohungsakteuren aller Konfliktparteien. [..] Laut unseren bisherigen Beobachtungen gab es bisher noch keine direkten Angriffe oder Auswirkungen auf lokale Unternehmen oder Organisationen.

https://www.cert.at/de/aktuelles/2025/6/auswirkungen


FileFix attack weaponizes Windows File Explorer for stealthy commands

A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows.

https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands/


Polizei-Handys seit Cyberangriff nicht nutzbar

Ein Angriff auf die Diensthandys der Polizei in Mecklenburg-Vorpommern könnte größere Folgen haben als angenommen. Derzeit sind die Handys nicht im Einsatz.

https://heise.de/-10456563


BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter

Eine neue Untersuchung des BSI zeigt einen bedenklichen Trend. Menschen verhalten sich im Netz trotz hoher Bedrohungslage immer unvorsichtiger.

https://www.golem.de/news/bsi-warnt-immer-weniger-menschen-nutzen-2fa-und-sichere-passwoerter-2506-197389.html


Remote code execution in CentOS Web Panel - CVE-2025-48703

This exploitation scenario has been tested on versions 0.9.8.1204 and 0.9.8.1188 on Centos7 and reported to CWP developers the 13th of May 2025 as CVE-2025-48703. It allows a remote attacker who knows a valid username on a CWP instance to execute pre-authenticated arbitrary commands on the server. The vulnerability has been patched on latest version 0.9.8.1205 during June 2025.

https://fenrisk.com/rce-centos-webpanel


The State of Ransomware 2025

Explore the causes and consequences of ransomware in 2025 based on findings from a vendor-agnostic survey of 3,400 organizations hit by ransomware in the last year.

https://news.sophos.com/en-us/2025/06/24/the-state-of-ransomware-2025/


Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content

Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place.

https://thehackernews.com/2025/06/echo-chamber-jailbreak-tricks-llms-like.html


Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments.

https://thehackernews.com/2025/06/hackers-exploit-misconfigured-docker.html


A Deep Dive into a Modular Malware Family

In today-s blog post we highlighted an interesting malware family targeting various systems with diverse capabilities, including stealing credit card information and WordPress credentials. Additionally, we detailed a novel bundle of credit card skimmers and malicious WordPress plugins which combines malicious actions with features developed for the attacker-s convenience.

https://www.wordfence.com/blog/2025/06/a-deep-dive-into-a-modular-malware-family/

Vulnerabilities

Splunk Security Advisories 2025-06-23

Splunk released 4 security advisories (1x critical).

https://advisory.splunk.com//advisories


Security updates for Tuesday

Security updates have been issued by Debian (dns-root-data and xorg-server), Fedora (glibc, mingw-glib2, and optipng), Red Hat (iputils, kernel, kernel-rt, krb5, libarchive, mod_auth_openidc, mod_proxy_cluster, and xorg-x11-server-Xwayland), SUSE (python313), and Ubuntu (fig2dev, gnuplot, gss-ntlmssp, linux, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-aws-5.15, linux-gcp-5.15, linux-ibm-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-aws-fips, linux-fips, linux-gcp-fips, linux-hwe-5.15, and linux-intel-iot-realtime, linux-realtime).

https://lwn.net/Articles/1026646/


Kanboard: Sicherheitslücke ermöglicht Kontoübernahme

In dem Open-Source-Kanban Kanboard können Angreifer Links fälschen, die zur Kontoübernahme führen. [..] Die Kanboard-Entwickler stellen aktualisierte Quellen und auch Docker-Container bereit, sie verlinken sie in den Release-Notes und erörtern das Docker-Update.

https://heise.de/-10457116


Mozilla Firefox June 24, 2025

https://www.mozilla.org/en-US/security/advisories/


f5: K000151924: runc vulnerability CVE-2024-45310

https://my.f5.com/manage/s/article/K000151924


Case update: DIVD-2025-00032 - Unauthenticated Arbitrary Remote Code Execution in Pterodactyl

https://csirt.divd.nl/cases/DIVD-2025-00032/