Tageszusammenfassung - 13.10.2025

End-of-Day report

Timeframe: Freitag 10-10-2025 18:01 - Montag 13-10-2025 18:00 Handler: Felician Fuchs Co-Handler: Felician Fuchs

News

Oracle releases emergency patch for new E-Business Suite flaw

Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers.

https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-patch-for-new-e-business-suite-flaw/

Windows 11 23H2 Home and Pro reach end of support in 30 days

Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month.

https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-30-days/

Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks

In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks.

https://www.darkreading.com/cybersecurity-operations/chinese-hackers-velociraptor-ir-tool-ransomware-attacks

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims PCs

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.

https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.

https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users devices.

https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html

Invoicely Database Leak Exposes 180,000 Sensitive Records

Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide.

https://hackread.com/invoicely-database-leak-expose-sensitive-records/

100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure

Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in the United States.

https://www.greynoise.io/blog/botnet-launches-coordinated-rdp-attack-wave

Kundendaten von Qantas im Netz - auch die von Troy Hunt

Im Juli erbeuteten Angreifer wichtige Daten bei der australischen Airline. Noch ist nicht klar, was davon jetzt im Netz kursiert.

https://heise.de/-10750869

Critical GitHub Copilot Vulnerability Leaks Private Source Code

In June 2025, I found a critical vulnerability in GitHub Copilot Chat (CVSS 9.6) that allowed silent exfiltration of secrets and source code from private repos, and gave me full control over Copilot-s responses, including suggesting malicious code or links.

https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code

North Korea-s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads

The Contagious Interview operation continues to weaponize the npm registry with a repeatable playbook. Since our July 14, 2025 update, we have identified and analyzed more than 338 malicious packages with over 50,000 cumulative downloads.

https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malicious-npm-packages

Vulnerabilities

VU#538470: Clevo UEFI firmware embedded BootGuard keys compromising Clevos implementation of BootGuard

Clevo-s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo-s Boot Guard trust chain, potentially compromising the pre-boot UEFI environment on systems where Clevo-s implementation has been adopted.

https://kb.cert.org/vuls/id/538470

Oracle Security Alert for CVE-2025-61884 - 11 October 2025

This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources.

https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

Security updates for Monday

Security updates have been issued by AlmaLinux (compat-libtiff3, iputils, kernel, open-vm-tools, and vim), Debian (asterisk, ghostscript, kernel, linux-6.1, and tiff), Fedora (cef, chromium, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildx, log4cxx, mingw-poppler, openssl, podman-tui, prometheus-podman-exporter, python-socketio, python3.10, python3.11, python3.12, python3.9, skopeo, and valkey), Mageia (open-vm-tools), Red Hat (compat-libtiff3, kernel, kernel-rt, vim, and webkit2gtk3), and SUSE (distrobuilder, docker-stable, expat, forgejo, forgejo-longterm, gitea-tea, go1.25, haproxy, headscale, open-vm-tools, openssl-3, podman, podofo, ruby3.4-rubygem-rack, and weblate).

https://lwn.net/Articles/1041779/

Two High Checkmk advisories released

SBAResearch published the following advisories for checkmk: SBA-ADV-20250724-01: Checkmk Agent Privilege Escalation via Insecure Temporary Files, SBA-ADV-20250730-01: Checkmk Path Traversal.

https://github.com/sbaresearch/advisories/commit/e84ca741ae34d372b4f7b294ad91120f78a211b4

Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit

An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately.

https://hackread.com/auth-bypass-service-finder-wordpress-plugin-exploit/

BigBlueButton: Update fürs Webkonferenz-System fixt Denial-of-Service-Lücken

Die Entwickler des quelloffenen Webkonferenz-Systems BigBlueButton (BBB) für Windows- und Linux-Server haben mit einem Update auf Version 3.0.13 mehrere Angriffsmöglichkeiten beseitigt.

https://heise.de/-10751398