Tageszusammenfassung - 03.07.2025

End-of-Day report

Timeframe: Mittwoch 02-07-2025 18:00 - Donnerstag 03-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

DOJ investigates ex-ransomware negotiator over extortion kickbacks

An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals.

https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomware-negotiator-over-extortion-kickbacks/

Data Breach Reveals Catwatchful Stalkerware Is Spying On Thousands of Phones

An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware apps full database of email addresses and plaintext passwords that ..

https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatchful-stalkerware-is-spying-on-thousands-of-phones

Fake Spam Plugin Uses Victim-s Domain Name to Evade Detection

During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting ..

https://blog.sucuri.net/2025/07/fake-spam-plugin-uses-victims-domain-name-to-evade-detection.html

CISA warns the Signal clone used by natsec staffers is being attacked, so patch now

Two flaws in TeleMessage are frequent attack vectors for malicious cyber actors The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.

https://www.theregister.com/2025/07/02/cisa_telemessage_patch/

ChatGPT creates phisher-s paradise by recommending the wrong URLs for major companies

Crims have cottoned on to a new way to lead you astray AI-powered chatbots often deliver incorrect information when asked to name the address for major companies- websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.

https://www.theregister.com/2025/07/03/ai_phishing_websites/

Cisco entfernt SSH-Hintertür in Unified Communications Manager

Der Netzwerkausrüster Cisco hat Sicherheitslücken in verschiedenen Produkten geschlossen. Eine Lücke gilt als kritisch.

https://www.heise.de/news/Cisco-entfernt-SSH-Hintertuer-in-Unified-Communications-Manager-10472981.html

Apache Under the Lens: Tomcat-s Partial PUT and Camel-s Header Hijack

We analyze CVE-2025-24813 (Tomcat Partial PUT RCE), CVE-2025-27636 and CVE-2025-29891 (Camel Header Hijack RCE).

https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/

Hunters International ransomware group claims to be shutting down

-After careful consideration and in light of recent developments, we have decided to close the Hunters International project,- the prolific cybercrime gang wrote on its darknet site.

https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown

Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure

Russian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure.

https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks

Vulnerabilities

Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085

https://www.drupal.org/sa-contrib-2025-085