End-of-Day report
Timeframe: Montag 30-06-2025 18:00 - Dienstag 01-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Root-Zugriff für alle: Kritische Sudo-Lücke gefährdet unzählige Linux-Systeme
Forscher haben eine gefährliche Sicherheitslücke im Kommandozeilentool Sudo entdeckt. Angreifer können mit wenig Aufwand Root-Rechte erlangen.
https://www.golem.de/news/root-zugriff-fuer-alle-kritische-sudo-luecke-gefaehrdet-unzaehlige-linux-systeme-2507-197635.html
Jasper Sleet: North Korean remote IT workers- evolving tactics to infiltrate organizations
Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.
https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/
Vulnerability & Patch Roundup - June 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website ..
https://blog.sucuri.net/2025/06/vulnerability-patch-roundup-june-2025.html
U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure
U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists ..
https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html
OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsofts ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas ..
https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html
Terrible tales of opsec oversights: How cybercrooks get themselves caught
The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that.
https://www.theregister.com/2025/07/01/terrible_tales_of_opsec_oversights/
Überwachungskameras aus China: Kanada ordnet Schließung von Hikvision Canada an
Hikvision kommt aus China und verkauft Überwachungstechnik. Seit Jahren gibt es Kritik an dem Konzern. Nun lässt Kanada den dortigen Ableger schließen.
https://www.heise.de/news/Ueberwachungskameras-aus-China-Kanada-ordnet-Schliessung-von-Hikvision-Canada-an-10465672.html
Webbrowser Chrome: Sicherheitslücke wird angegriffen
In der Nacht zum Dienstag hat Google den Chrome-Browser ungeplant aktualisiert. Eine Sicherheitslücke wird bereits attackiert.
https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitsluecke-10465615.html
Viele Sicherheitslücken in Dell OpenManage Network Integration geschlossen
Angreifer können Dell OpenManage Network Integration über verschiedene Wege attackieren. Sicherheitsupdates stehen zur Verfügung.
https://www.heise.de/news/Viele-Sicherheitsluecken-in-Dell-OpenManage-Network-Integration-geschlossen-10466507.html
Britischer IT-Angestellter rächte sich an Ex-Arbeitgeber: Sieben Monate Haft
Nur wenige Stunden nach seiner Entlassung startete der junge Mann eine Cyberattacke und sorgte für Schäden in Höhe von 200.000 Pfund
https://www.derstandard.at/story/3000000277498/britischer-it-angestellter-raechte-sich-an-ex-arbeitgeber-sieben-monate-haft
50 customers of French bank hit after insider helped SIM swap scammers
French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients.
https://www.bitdefender.com/en-us/blog/hotforsecurity/50-customers-of-french-bank-hit-after-insider-helped-sim-swap-scammers
Encryption vs. Lawful Interception: EU policy news
I-ve commented here on this blog (or its German twin) quite a few time already on various legislative proposals on how the law enforcement agencies can keep their traditional access to the communication of suspects. See Ein paar Thesen zu aktuellen Gesetzesentwürfen (2017) Ein paar Gedanken zur -Überwachung verschlüsselter Nachrichten" (2024) Roles in ..
https://www.cert.at/en/blog/2025/7/encryption-vs-lawful-interception-eu-policy-news
DOJ raids 29 -laptop farms- in crackdown on N. Korean IT worker scheme
The Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies.
https://therecord.media/doj-raids-laptop-farms-crackdown
International Criminal Court targeted by new -sophisticated- attack
The ICC credited its -alert and response mechanisms- for -swiftly- discovering, confirming and containing a cyberattack.
https://therecord.media/international-criminal-court-cyberattack-2025
Malware in Apps: Godfather 2.0 für Android; SparkKitty in App-Stores
Kleiner Sammelbeitrag rund um das Thema Smartphone-Apps mit Malware an Bord. Aktuell feiert die Android-Malware Godfather 2.0 ihr Comeback bzw. Erfolge beim Raubzügen beim Online-Banking. Zudem haben Sicherheitsforscher ..
https://www.borncity.com/blog/2025/06/30/malware-in-apps-godfather-2-0-fuer-android-sparkkitty-in-app-stores/
What the NULL?! Wing FTP Server RCE (CVE-2025-47812)
While performing a penetration test for one of our Continuous Penetration Testing customers, we-ve found a Wing FTP server instance that allowed anonymous connections. It was almost the only interesting thing exposed, but we still wanted to get a foothold into their perimeter and provide the customer with an impactful finding. So we ..
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
Django Joins curl in Pushing Back on AI Slop Security Reports
Django has updated its official security documentation with new guidance for AI-assisted vulnerability reports, responding to a rising number of submissions generated by large language models (LLMs) that cite fabricated code or non-existent features. The change was authored by Django Fellow Natalia Bidart, who helps maintain the project-s ..
https://socket.dev/blog/django-joins-curl-in-pushing-back-on-ai-slop-security-reports
How hacktivist cyber operations surged amid Israeli-Iranian conflict
In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the ..
https://outpost24.com/blog/hacktivist-cyber-operations-iran-israel/
Vulnerabilities
XSA-470
https://xenbits.xen.org/xsa/advisory-470.html
[R1] Nessus Version 10.8.5 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2025-13