End-of-Day report
Timeframe: Donnerstag 04-09-2025 18:00 - Freitag 05-09-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
The number of mis-issued 1.1.1.1 certificates grows. Here-s the latest.
Everything to know about the mishap that threatened to expose millions of users queries.
https://arstechnica.com/information-technology/2025/09/the-number-of-mis-issued-1-1-1-1-certificates-grows-heres-the-latest/
Max severity Argo CD API flaw leaks repository credentials
An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project.
https://www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/
Seit Mai 2024 bekannt: TP-Link bestätigt Zero-Day-Lücke in Archer-Routern
Es sind auch hierzulande angebotene TP-Link-Modelle betroffen. Angreifer können unter Umständen aus der Ferne Schadcode einschleusen.
https://www.golem.de/news/seit-mai-2024-bekannt-tp-link-bestaetigt-zero-day-luecke-in-archer-routern-2509-199815.html
IT threat evolution in Q2 2025. Mobile statistics
The report contains statistics on mobile threats (malware, adware, and unwanted software for Android) for Q2 2025, as well as a description of the most notable malware types identified during the reporting period.
https://securelist.com/malware-report-q2-2025-mobile-statistics/117349/
IT threat evolution in Q2 2025. Non-mobile statistics
The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q2 2025.
https://securelist.com/malware-report-q2-2025-pc-iot-statistics/117421/
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of ..
https://thehackernews.com/2025/09/sap-s4hana-critical-vulnerability-cve.html
Schwachstellen: KI- und Netzwerktechnik von Nvidia ist angreifbar
Sicherheitsupdates schließen Lücken in unter anderem Nvidias KI-Plattformen DGX und HGX.
https://www.heise.de/news/Sicherheitsluecken-Nvidia-KI-und-Netzwerktechnik-als-Einfallstor-fuer-Angreifer-10633280.html
Stealerium-Malware macht heimlich Webcam-Fotos für Erpressung
Die frei verfügbare Malware Stealerium erkennt Pornokonsum und fertigt heimlich Webcam-Aufnahmen an. Cyberkriminelle nutzen die Fotos für Erpressung.
https://www.heise.de/news/Malware-fotografiert-Nutzer-heimlich-bei-Porno-Konsum-10634665.html
Cyberattack forces Jaguar Land Rover to tell staff to stay at home
Luxury automaker Jaguar Land Rover says employees should stay home through the weekend as it works to mitigate the impact of a cyberattack.
https://therecord.media/jaguar-land-rover-cyberattack-workers-stay-home
SEO fraud-as-a-service scheme hijacks Windows servers to promote gambling websites
A malware campaign dubbed GhostRedirector by researchers at ESET attempts to compromise websites to drive traffic to gambling sites.
https://therecord.media/seo-scheme-windows-malware-gambling-sites-ghostredirector
Scammers Exploit Grok AI With Video Ad Scam to Push Malware on X
Researchers at Guardio Labs have uncovered a new -Grokking- scam where attackers trick Grok AI into spreading malicious-
https://hackread.com/scammers-exploit-grok-ai-video-ad-scam-x-malware/
Microsoft erzwingt mehr Multifaktorauthentifizierung
Microsoft aktualisiert die Pläne für "Phase 2" der erzwungenen Multifaktorauthentifizierung für Azure. Am 1.10. sind mehr Dienste fällig.
https://heise.de/-10633932
Czechia Warns of Chinese Data Transfers and Remote Administration for Espionage
Czechia-s national cybersecurity watchdog has issued a warning about foreign cyber operations, focussed on Chinese data transfers and remote administration, urging both government bodies and private businesses to bolster defenses amid rising espionage campaigns tied to China and Russia. The alert, published this week by the National Cyber and I..
https://thecyberexpress.com/czechia-warns-of-chinese-data-transfer/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (udisks2), Oracle (httpd:2.4 and kernel), Red Hat (python-requests), and SUSE (chromium, gn, dcmtk, firefox, himmelblau, nginx, perl-Authen-SASL, perl-Crypt-URandom, postgresql15, python-Django, and python-maturin).
https://lwn.net/Articles/1036907/