End-of-Day report
Timeframe: Dienstag 09-09-2025 18:00 - Mittwoch 10-09-2025 18:00
Handler: Felician Fuchs
Co-Handler: Michael Schlagenhaufer
News
Phishing im Namen der WKO: Sensible Daten im Visier
Kriminelle kopieren aktuell eine echte E-Mail-Nachricht der Wirtschaftskammer Österreich. Über ein angehängtes HTML-Dokument wollen sie Ihre Opfer auf ein Fake-Portal locken und dort sensible Daten erbeuten. Wir zeigen Ihnen, woran Sie den Betrugsversuch erkennen können.
https://www.watchlist-internet.at/news/phishing-wko/
You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)
Today, inside this hellscape we call the Internet, a mean person has discovered a zero-day(s) in FreePBX (now lovingly called CVE-2025-57819). But they didn-t stop there - the dastardly individual(s) then proceeded to exploit FreePBX hosts en-masse. [..] Today, we are publishing our Detection Artefact Generator which you can find here.
https://labs.watchtowr.com/you-already-have-our-personal-data-take-our-phone-calls-too-freepbx-cve-2025-57819/
US Investment in Spyware Is Skyrocketing
A new report warns that the number of US investors in powerful commercial spyware rose sharply in 2024 and names new countries linked to the dangerous technology.
https://www.wired.com/story/us-spyware-investment/
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.
https://thehackernews.com/2025/09/chillyhell-macos-backdoor-and-zynorrat.html
Pwn My Ride: Exploring the CarPlay Attack Surface
At the recent DefCon conference, we had the opportunity to present Pwn My Ride, a comprehensive exploration of the Apple CarPlay attack surface. With vehicles becoming increasingly connected, the security of in-car systems like CarPlay is critical.
https://www.oligo.security/blog/pwn-my-ride-exploring-the-carplay-attack-surface
Kerberoasting
These -Kerberoasting- attacks have been around for ages: the technique and name is credited to Tim Medin who presented it in 2014 (and many popular blogs followed up on it) but the vulnerabilities themselves are much older. [..] I-ll bet most Windows people already know this stuff, but I only happened to learn about it today, after seeing a letter from Senator Wyden to Microsoft, describing how this vulnerability was used in the May 2024 ransomware attack on the Ascension Health hospital system.
https://blog.cryptographyengineering.com/2025/09/10/kerberoasting/
New Linux Botnet Combines Cryptomining and DDoS Attacks
Cyble threat intelligence researchers have identified a sophisticated Linux botnet built for cryptocurrency mining, remote command execution, and dozens of DDoS attack types. Cyble Research and Intelligence Labs (CRIL) researchers have dubbed the campaign -Luno.-
https://thecyberexpress.com/linux-botnet-combines-cryptomining-and-ddos/
Apple Introduces Memory Integrity Enforcement in iPhone 17 to Fight Spyware Exploits
Apple has introduced Memory Integrity Enforcement (MIE), a system-wide security feature designed to crush one of the most persistent threats to iPhone users-that of Spyware. The company describes MIE as -the most significant upgrade to memory safety in the history of consumer operating systems.-
https://thecyberexpress.com/memory-integrity-enforcement-in-iphone-17/
Vulnerabilities
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsofts September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities. [..] The two publicly disclosed zero-days are: CVE-2025-55234 - Windows SMB Elevation of Privilege Vulnerability [..] CVE-2024-21907 - VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-patch-tuesday-fixes-81-flaws-two-zero-days/
Patchday Adobe: Lücken in Acrobat & Co. können Schadcode auf PCs lassen
Auflistung der Sicherheitspatches: Acrobat and Reader, After Effects, ColdFusion, Commerce, Dreamweaver, Experience Manager, Premiere Pro, Substance 3D Modeler, Substance 3D Viewer
https://www.heise.de/news/Patchday-Adobe-Luecken-in-Acrobat-Co-koennen-Schadcode-auf-PCs-lassen-10639095.html
Security updates for Wednesday
Security updates have been issued by Fedora (buildah, containers-common, glycin, loupe, podman, rust-matchers, and rust-tracing-subscriber), Red Hat (fence-agents, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base, pki-deps:10.6, python-requests, python3.12-cryptography, redis:6, redis:7, and resource-agents), Slackware (libssh), SUSE (aide, cloud-init, iperf, java-1_8_0-openjdk, jq, kernel-devel, python-deepdiff, regionServiceClientConfigAzure, regionServiceClientConfigEC2, and regionServiceClientConfigGCE), and Ubuntu (gnutls28).
https://lwn.net/Articles/1037471/
CISA Releases Fourteen Industrial Control Systems Advisories
ICSA-25-252-01 Rockwell Automation ThinManager,
ICSA-25-252-02 ABB Cylon Aspect BMS/BAS,
ICSA-25-252-03 Rockwell Automation Stratix IOS,
ICSA-25-252-04 Rockwell Automation FactoryTalk Optix,
ICSA-25-252-05 Rockwell Automation FactoryTalk Activation Manager,
ICSA-25-252-06 Rockwell Automation CompactLogix® 5480,
ICSA-25-252-07 Rockwell Automation ControlLogix 5580,
ICSA-25-252-08 Rockwell Automation Analytics LogixAI,
ICSA-25-252-09 Rockwell Automation 1783-NATR
https://www.cisa.gov/news-events/alerts/2025/09/09/cisa-releases-fourteen-industrial-control-systems-advisories
Google Chrome: Stable Channel Update for Desktop
http://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html