End-of-Day report
Timeframe: Donnerstag 06-11-2025 18:00 - Freitag 07-11-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
ID verification laws are fueling the next wave of breaches
ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit.
https://www.bleepingcomputer.com/news/security/id-verification-laws-are-fueling-the-next-wave-of-breaches/
Test der EFF: Diese Anti-Virus-Tools schützen am besten vor Spionage-Apps
Mit Stalkerware lassen sich leicht Mitmenschen ausspionieren. Ein neuer Test zeigt, welche Anti-Virus-Tools für Android den besten Schutz bieten.
https://www.golem.de/news/test-der-eff-diese-anti-virus-tools-schuetzen-am-besten-vor-spionage-apps-2511-201941.html
The Cats Out of the Bag: A Meow Attack Data Corruption Campaign Simulation via MAD-CAT
In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020. That article focused on demonstrating the attack against a single MongoDB instance using a simple Python script. A proof-of-concept that illustrates how devastating misconfigurations can be.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-cats-out-of-the-bag-a-meow-attack-data-corruption-campaign-simulation-via-mad-cat/
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Google on Thursday said its rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative ..
https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html
Gootloader malware back for the attack, serves up ransomware
Move fast - miscreants compromised a domain controller in 17 hours Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.
https://www.theregister.com/2025/11/06/gootloader_back_ransomware/
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Multi-year wait for destruction comes to an end for mystery attackers Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in advance, with some payloads not due to hit ..
https://www.theregister.com/2025/11/07/cybercriminals_plant_destructive_time_bomb/
Cisco: Tausende Firewalls verwundbar, neue Angriffswege beobachtet
Zum Missbrauch der seit Ende September bekannten Sicherheitslücken in Cisco-Firewalls haben Angreifer neue Wege gefunden. Tausende sind verwundbar.
https://www.heise.de/news/Cisco-Tausende-Firewalls-verwundbar-neue-Angriffswege-beobachtet-11068989.html
Groupware Zimbra: Updates stopfen mehrere Sicherheitslücken
In der Groupware Zimbra haben die Entwickler mit aktualisierten Paketen mehrere Sicherheitslücken geschlossen.
https://www.heise.de/news/Groupware-Zimbra-Updates-stopfen-mehrere-Sicherheitsluecken-11069504.html
Supply-Chain-Attacken: Fast jedes dritte Unternehmen betroffen
Ist die Firmen-IT zu gut geschützt, attackieren Angreifer gezielt Zulieferer. Knapp 28 Prozent der Firmen sind betroffen - viele davon mit spürbaren Folgen.
https://www.heise.de/news/Supply-Chain-Attacken-Fast-jedes-dritte-Unternehmen-betroffen-11070823.html
Exploiting AgTech connectivity to corner the grain market
I live in the countryside & as a result, know quite a few farmers. The subject of connected farming systems comes up quite a lot in the local pub. Those of you who have watched Clarkson-s Farm will understand just how complex and confusing some tractor systems ..
https://www.pentestpartners.com/security-blog/exploiting-agtech-connectivity-to-corner-the-grain-market/
-Pay up or we share the tapes-: Hackers target massage parlour clients in blackmail scheme
South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele.
https://www.bitdefender.com/en-us/blog/hotforsecurity/pay-up-or-we-share-the-tapes-hackers-target-massage-parlour-clients-in-blackmail-scheme
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android-s image processing library. The spyware was embedded in malicious DNG files.
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
-I Paid Twice- Scam Infects Booking.com Users with PureRAT via ClickFix
Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.
https://hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
What-s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
Happy Friday, friends and.. others.We-re glad/sorry to hear that your week has been good/bad, and it-s the weekend/but at least it-s almost the weekend!What-re We Doing Today, Mr Fox?Today, in a tale that seems all too
https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
Hausärztin: "Elektronische Patientenakte ist ein digitaler Pappkarton"
Datenschutz, Technik und Vertrauen bei der elektronischen Patientenakte. Darüber diskutierten Fachleute im rheinland-pfälzischen Landtag.
https://heise.de/-11069279
Kubevirt security audit
Security is a core concern in the development of any open-source project. To ensure reliability and resilience, many teams choose to conduct independent audits that help identify potential weaknesses and strengthen their systems. In this context, Quarkslab experts recently performed a security assessment of the KubeVirt with the goal of supporting its ..
http://blog.quarkslab.com/kubevirt-security-audit.html
Results from Testing Six AI Models on Advanced Security Exploits
We ran three advanced security vulnerabilities through GPT-5, o3, Claude, Gemini, and Grok.
https://blog.kilocode.ai/p/we-tested-6-ai-models-on-3-advanced
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
Sockets Threat Research Team discovered nine malicious NuGet packages that inject time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 between 2023 and 2024, these packages terminate the host application process with 20% probability on each database query after specific ..
https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads