End-of-Day report
Timeframe: Mittwoch 01-10-2025 18:00 - Donnerstag 02-10-2025 18:00
Handler: Guenes Holler
Co-Handler: Felician Fuchs
News
That annoying SMS phish you just got may have come from a box like this
Smishers looking for new infrastructure are getting creative.
https://arstechnica.com/security/2025/10/that-annoying-sms-phish-you-just-got-may-have-come-from-a-box-like-this/
Adobe Analytics bug leaked customer tracking data to other tenants
Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day.
https://www.bleepingcomputer.com/news/security/adobe-analytics-bug-leaked-customer-tracking-data-to-other-tenants/
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems.
https://www.bleepingcomputer.com/news/security/clop-extortion-emails-claim-theft-of-oracle-e-business-suite-data/
Android spyware campaigns impersonate Signal and ToTok messengers
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data.
https://www.bleepingcomputer.com/news/security/android-spyware-campaigns-impersonate-signal-and-totok-messengers/
Shutdown Threatens US Intel Sharing, Cyber Defense
Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns.
https://www.darkreading.com/cyber-risk/shutdown-us-intel-sharing-cyber-defense
Datenleck: Schufa-Tochter Bonify bestätigt Sicherheitsvorfall
Unbekannte erbeuten Identifizierungsdaten von Bonify-Nutzern. Darunter sind auch Ausweisdaten und Fotos.
https://www.golem.de/news/datenleck-schufa-tochter-bonify-bestaetigt-sicherheitsvorfall-2510-200731.html
570 GByte Github-Daten: Red Hat meldet Sicherheitsvorfall
Die Erpressergruppe Crimson Collective ist angeblich im Besitz vertraulicher Kundendaten von Red Hat - und verlangt ein Lösegeld.
https://www.golem.de/news/570-gbyte-github-daten-red-hat-meldet-sicherheitsvorfall-2510-200760.html
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intels Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data.
https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html
Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.
https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.html
EU funds are flowing into spyware companies, and politicians are demanding answers
Experts say Commission is -fanning the flames- of the continent-s own Watergate. An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.
https://go.theregister.com/feed/www.theregister.com/2025/10/02/eu_spyware_funding/
ENISA Threat Landscape 2025
Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025.
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks
Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.
https://hackread.com/spamgpt-matrixpdf-ai-toolkits-malware-attacks/
Malicious ZIP Files Use Windows Shortcuts to Drop Malware
Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging living off the land tactics, and a unique Anti-Virus check to deliver a custom payload.
https://hackread.com/malicious-zip-files-windows-shortcuts-malware/
$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk
Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.
https://hackread.com/20-yolink-iot-gateway-vulnerabilities-home-security/
Confucius Espionage: From Stealer to Backdoor
The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region.
https://feeds.fortinet.com/~/925674278/0/fortinet/blogs~Confucius-Espionage-From-Stealer-to-Backdoor
Vulnerabilities
Chrome 141: Google schließt schwerwiegende Sicherheitslücken
Google hat seinen Browser Chrome auf die Version 141 aktualisiert. Das Update beinhaltet den Versionshinweisen zufolge Patches für 21 Sicherheitslücken. Von mindestens zwei Anfälligkeiten geht demnach ein hohes Risiko aus. Sie erlauben unter Umständen das Einschleusen und Ausführen von Schadcode aus der Ferne und innerhalb der Sandbox des Browsers.
https://www.golem.de/news/chrome-141-google-schliesst-schwerwiegende-sicherheitsluecken-2510-200739.html
Security updates for Thursday
Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-hwe-6.14, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux, linux-kvm, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-hwe-6.8, linux-kvm, linux-oracle-5.15, linux-oracle-6.14, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux-realtime-6.14, and python-django).
https://lwn.net/Articles/1040591/
Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0
Tenable has released Security Center Patch SC-202509.2.1 to address these issues.
https://www.tenable.com/security/tns-2025-20
Sicherheitspatches: OpenSSL für Schadcode-Attacken anfällig
In aktuellen OpenSSL-Versionen haben die Entwickler drei Sicherheitslücken geschlossen. Bislang gibt es keine Berichte zu Attacken.
https://www.heise.de/news/OpenSSL-Angreifer-koennen-auf-ARM-Systemen-private-Schluessel-rekonstruieren-10699690.html