Tageszusammenfassung - 01.07.2025

End-of-Day report

Timeframe: Montag 30-06-2025 18:00 - Dienstag 01-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Root-Zugriff für alle: Kritische Sudo-Lücke gefährdet unzählige Linux-Systeme

Forscher haben eine gefährliche Sicherheitslücke im Kommandozeilentool Sudo entdeckt. Angreifer können mit wenig Aufwand Root-Rechte erlangen.

https://www.golem.de/news/root-zugriff-fuer-alle-kritische-sudo-luecke-gefaehrdet-unzaehlige-linux-systeme-2507-197635.html


Jasper Sleet: North Korean remote IT workers- evolving tactics to infiltrate organizations

Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.

https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/


Vulnerability & Patch Roundup - June 2025

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website ..

https://blog.sucuri.net/2025/06/vulnerability-patch-roundup-june-2025.html


U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists ..

https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html


OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsofts ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas ..

https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html


Terrible tales of opsec oversights: How cybercrooks get themselves caught

The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that.

https://www.theregister.com/2025/07/01/terrible_tales_of_opsec_oversights/


Überwachungskameras aus China: Kanada ordnet Schließung von Hikvision Canada an

Hikvision kommt aus China und verkauft Überwachungstechnik. Seit Jahren gibt es Kritik an dem Konzern. Nun lässt Kanada den dortigen Ableger schließen.

https://www.heise.de/news/Ueberwachungskameras-aus-China-Kanada-ordnet-Schliessung-von-Hikvision-Canada-an-10465672.html


Webbrowser Chrome: Sicherheitslücke wird angegriffen

In der Nacht zum Dienstag hat Google den Chrome-Browser ungeplant aktualisiert. Eine Sicherheitslücke wird bereits attackiert.

https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitsluecke-10465615.html


Viele Sicherheitslücken in Dell OpenManage Network Integration geschlossen

Angreifer können Dell OpenManage Network Integration über verschiedene Wege attackieren. Sicherheitsupdates stehen zur Verfügung.

https://www.heise.de/news/Viele-Sicherheitsluecken-in-Dell-OpenManage-Network-Integration-geschlossen-10466507.html


Britischer IT-Angestellter rächte sich an Ex-Arbeitgeber: Sieben Monate Haft

Nur wenige Stunden nach seiner Entlassung startete der junge Mann eine Cyberattacke und sorgte für Schäden in Höhe von 200.000 Pfund

https://www.derstandard.at/story/3000000277498/britischer-it-angestellter-raechte-sich-an-ex-arbeitgeber-sieben-monate-haft


50 customers of French bank hit after insider helped SIM swap scammers

French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients.

https://www.bitdefender.com/en-us/blog/hotforsecurity/50-customers-of-french-bank-hit-after-insider-helped-sim-swap-scammers


Encryption vs. Lawful Interception: EU policy news

I-ve commented here on this blog (or its German twin) quite a few time already on various legislative proposals on how the law enforcement agencies can keep their traditional access to the communication of suspects. See Ein paar Thesen zu aktuellen Gesetzesentwürfen (2017) Ein paar Gedanken zur -Überwachung verschlüsselter Nachrichten" (2024) Roles in ..

https://www.cert.at/en/blog/2025/7/encryption-vs-lawful-interception-eu-policy-news


DOJ raids 29 -laptop farms- in crackdown on N. Korean IT worker scheme

The Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies.

https://therecord.media/doj-raids-laptop-farms-crackdown


International Criminal Court targeted by new -sophisticated- attack

The ICC credited its -alert and response mechanisms- for -swiftly- discovering, confirming and containing a cyberattack.

https://therecord.media/international-criminal-court-cyberattack-2025


Malware in Apps: Godfather 2.0 für Android; SparkKitty in App-Stores

Kleiner Sammelbeitrag rund um das Thema Smartphone-Apps mit Malware an Bord. Aktuell feiert die Android-Malware Godfather 2.0 ihr Comeback bzw. Erfolge beim Raubzügen beim Online-Banking. Zudem haben Sicherheitsforscher ..

https://www.borncity.com/blog/2025/06/30/malware-in-apps-godfather-2-0-fuer-android-sparkkitty-in-app-stores/


What the NULL?! Wing FTP Server RCE (CVE-2025-47812)

While performing a penetration test for one of our Continuous Penetration Testing customers, we-ve found a Wing FTP server instance that allowed anonymous connections. It was almost the only interesting thing exposed, but we still wanted to get a foothold into their perimeter and provide the customer with an impactful finding. So we ..

https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/


Django Joins curl in Pushing Back on AI Slop Security Reports

Django has updated its official security documentation with new guidance for AI-assisted vulnerability reports, responding to a rising number of submissions generated by large language models (LLMs) that cite fabricated code or non-existent features. The change was authored by Django Fellow Natalia Bidart, who helps maintain the project-s ..

https://socket.dev/blog/django-joins-curl-in-pushing-back-on-ai-slop-security-reports


How hacktivist cyber operations surged amid Israeli-Iranian conflict

In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the ..

https://outpost24.com/blog/hacktivist-cyber-operations-iran-israel/


Vulnerabilities

XSA-470

https://xenbits.xen.org/xsa/advisory-470.html


[R1] Nessus Version 10.8.5 Fixes Multiple Vulnerabilities

https://www.tenable.com/security/tns-2025-13