End-of-Day report
Timeframe: Mittwoch 02-07-2025 18:00 - Donnerstag 03-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
DOJ investigates ex-ransomware negotiator over extortion kickbacks
An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals.
https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomware-negotiator-over-extortion-kickbacks/
Data Breach Reveals Catwatchful Stalkerware Is Spying On Thousands of Phones
An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware apps full database of email addresses and plaintext passwords that ..
https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatchful-stalkerware-is-spying-on-thousands-of-phones
Fake Spam Plugin Uses Victim-s Domain Name to Evade Detection
During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting ..
https://blog.sucuri.net/2025/07/fake-spam-plugin-uses-victims-domain-name-to-evade-detection.html
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are frequent attack vectors for malicious cyber actors The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.
https://www.theregister.com/2025/07/02/cisa_telemessage_patch/
ChatGPT creates phisher-s paradise by recommending the wrong URLs for major companies
Crims have cottoned on to a new way to lead you astray AI-powered chatbots often deliver incorrect information when asked to name the address for major companies- websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.
https://www.theregister.com/2025/07/03/ai_phishing_websites/
Cisco entfernt SSH-Hintertür in Unified Communications Manager
Der Netzwerkausrüster Cisco hat Sicherheitslücken in verschiedenen Produkten geschlossen. Eine Lücke gilt als kritisch.
https://www.heise.de/news/Cisco-entfernt-SSH-Hintertuer-in-Unified-Communications-Manager-10472981.html
Apache Under the Lens: Tomcat-s Partial PUT and Camel-s Header Hijack
We analyze CVE-2025-24813 (Tomcat Partial PUT RCE), CVE-2025-27636 and CVE-2025-29891 (Camel Header Hijack RCE).
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
Hunters International ransomware group claims to be shutting down
-After careful consideration and in light of recent developments, we have decided to close the Hunters International project,- the prolific cybercrime gang wrote on its darknet site.
https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
Russian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure.
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
Vulnerabilities
Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
https://www.drupal.org/sa-contrib-2025-085
Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
https://www.drupal.org/sa-contrib-2025-086
Security Vulnerabilities fixed in Thunderbird 140
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/
Security Vulnerabilities fixed in Thunderbird 128.12
https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/