Tageszusammenfassung - 02.10.2025

End-of-Day report

Timeframe: Mittwoch 01-10-2025 18:00 - Donnerstag 02-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs

News

That annoying SMS phish you just got may have come from a box like this

Smishers looking for new infrastructure are getting creative.

https://arstechnica.com/security/2025/10/that-annoying-sms-phish-you-just-got-may-have-come-from-a-box-like-this/

Adobe Analytics bug leaked customer tracking data to other tenants

Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day.

https://www.bleepingcomputer.com/news/security/adobe-analytics-bug-leaked-customer-tracking-data-to-other-tenants/

Clop extortion emails claim theft of Oracle E-Business Suite data

Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems.

https://www.bleepingcomputer.com/news/security/clop-extortion-emails-claim-theft-of-oracle-e-business-suite-data/

Android spyware campaigns impersonate Signal and ToTok messengers

Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data.

https://www.bleepingcomputer.com/news/security/android-spyware-campaigns-impersonate-signal-and-totok-messengers/

Shutdown Threatens US Intel Sharing, Cyber Defense

Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns.

https://www.darkreading.com/cyber-risk/shutdown-us-intel-sharing-cyber-defense

Datenleck: Schufa-Tochter Bonify bestätigt Sicherheitsvorfall

Unbekannte erbeuten Identifizierungsdaten von Bonify-Nutzern. Darunter sind auch Ausweisdaten und Fotos.

https://www.golem.de/news/datenleck-schufa-tochter-bonify-bestaetigt-sicherheitsvorfall-2510-200731.html

570 GByte Github-Daten: Red Hat meldet Sicherheitsvorfall

Die Erpressergruppe Crimson Collective ist angeblich im Besitz vertraulicher Kundendaten von Red Hat - und verlangt ein Lösegeld.

https://www.golem.de/news/570-gbyte-github-daten-red-hat-meldet-sicherheitsvorfall-2510-200760.html

New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer

In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intels Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data.

https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html

Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.

https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.html

EU funds are flowing into spyware companies, and politicians are demanding answers

Experts say Commission is -fanning the flames- of the continent-s own Watergate. An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.

https://go.theregister.com/feed/www.theregister.com/2025/10/02/eu_spyware_funding/

ENISA Threat Landscape 2025

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025.

https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025

Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.

https://hackread.com/spamgpt-matrixpdf-ai-toolkits-malware-attacks/

Malicious ZIP Files Use Windows Shortcuts to Drop Malware

Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging living off the land tactics, and a unique Anti-Virus check to deliver a custom payload.

https://hackread.com/malicious-zip-files-windows-shortcuts-malware/

$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

https://hackread.com/20-yolink-iot-gateway-vulnerabilities-home-security/

Confucius Espionage: From Stealer to Backdoor

The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region.

https://feeds.fortinet.com/~/925674278/0/fortinet/blogs~Confucius-Espionage-From-Stealer-to-Backdoor

Vulnerabilities

Chrome 141: Google schließt schwerwiegende Sicherheitslücken

Google hat seinen Browser Chrome auf die Version 141 aktualisiert. Das Update beinhaltet den Versionshinweisen zufolge Patches für 21 Sicherheitslücken. Von mindestens zwei Anfälligkeiten geht demnach ein hohes Risiko aus. Sie erlauben unter Umständen das Einschleusen und Ausführen von Schadcode aus der Ferne und innerhalb der Sandbox des Browsers.

https://www.golem.de/news/chrome-141-google-schliesst-schwerwiegende-sicherheitsluecken-2510-200739.html

Security updates for Thursday

Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-hwe-6.14, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux, linux-kvm, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-hwe-6.8, linux-kvm, linux-oracle-5.15, linux-oracle-6.14, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux-realtime-6.14, and python-django).

https://lwn.net/Articles/1040591/

Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0

Tenable has released Security Center Patch SC-202509.2.1 to address these issues.

https://www.tenable.com/security/tns-2025-20

Sicherheitspatches: OpenSSL für Schadcode-Attacken anfällig

In aktuellen OpenSSL-Versionen haben die Entwickler drei Sicherheitslücken geschlossen. Bislang gibt es keine Berichte zu Attacken.

https://www.heise.de/news/OpenSSL-Angreifer-koennen-auf-ARM-Systemen-private-Schluessel-rekonstruieren-10699690.html