End-of-Day report
Timeframe: Donnerstag 10-07-2025 18:00 - Freitag 11-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
In Paris verhaftet: Russischer Basketballprofi soll Cyberbande unterstützt haben
Ein Spieler des MBA Moskau ist in Frankreich festgenommen worden. Die US-Justiz wirft ihm vor, für eine Ransomwarebande Lösegeldzahlungen ausgehandelt zu haben.
https://www.golem.de/news/in-paris-verhaftet-russischer-basketballprofi-soll-cyberbande-unterstuetzt-haben-2507-197991.html
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergys BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors.The vulnerabilities, ..
https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user sessions.
https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
Trend Micro: Mehrere Produkte mit hochriskanten Lücken
Trend Micro hat Schwachstellenbeschreibungen veröffentlicht, die Lücken in mehreren Produkten erörtern. Updates sind verfügbar.
https://www.heise.de/news/Trend-Micro-Mehrere-Produkte-mit-hochriskanten-Luecken-10483622.html
Hackergruppe soll 170 Cyberangriffe verübt haben
Mindestens 170 Angriffe mit Millionenschaden: Ermittler nehmen eine internationale Hackergruppe ins Visier.
https://www.heise.de/news/Hackergruppe-soll-170-Cyberangriffe-veruebt-haben-10484311.html
Kritische Codeschmuggel-Lücke in Wing FTP wird angegriffen
In der Datentransfersoftware Wing FTP attackieren Angreifer eine Sicherheitslücke, die das Einschleusen von Schadcode erlaubt.
https://www.heise.de/news/Codeschmuggel-Luecke-in-Wing-FTP-wird-angegriffen-10484503.html
UK Arrests Four in -Scattered Spider- Ransom Group
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/
Sil3ncer Deployed - RCE, Porn Diversion, and Ransomware on an SFTP-only Server
We investigated a ransomware incident on a Windows Server 2012 host running in an SFTP-only role. The attacker delivered an attack that combined remote code execution, persistence, tunnelling, and a diversionary visit to Pornhub, before launching a ransomware payload. Background & scope An easy way in The compromised server was ..
https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques
SLOW#TEMPEST malware uses dynamic jumps and obfuscated calls to evade detection. Unit 42 details these techniques and how to defeat them with emulation.
https://unit42.paloaltonetworks.com/slow-tempest-malware-obfuscation/
Former Mexican president investigated over allegedly taking bribes from spyware industry
The investigation comes in response to an account in the Israeli business publication TheMarker, which reported that the contracts included a deal to buy Pegasus - the powerful spyware manufactured by Israel-based NSO Group.
https://therecord.media/former-mexican-president-investigated-spyware-bribes
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
Welcome back to yet another day in this parallel universe of security.This time, we-re looking at Fortinet-s FortiWeb Fabric Connector. -What is that?- we hear you say. Thats a great question; no one ..
https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/