End-of-Day report
Timeframe: Montag 06-10-2025 18:00 - Dienstag 07-10-2025 18:30
Handler: Guenes Holler
Co-Handler: Felician Fuchs
News
Kritische Redis Sicherheitslücke (CVE-2025-49844) erlaubt Authenticated Remote Code Execution
Die kritische Redis Sicherheitslücke erlaubt Remote Code Execution, wenn LUA-Scripting aktiviert ist und ein speziell präpariertes Script im Kontext eines authentifiziertem Benutzer ausgeführt wird.
https://www.cert.at/de/aktuelles/2025/10/kritische-redis-sicherheitslucke-cve-2025-49844-erlaubt-authenticated-remote-code-execution
Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk - in detail
Last week, a little known extortion group called Crimson Collective caught my attention. At the time they only had 22 followers on Telegram. Red Hat confirmed the breach later that day, and started notifying impacted customers. Red Hat Consulting are consultants who come in to large enterprises to deal with complex technology problems. It is pretty clear their documentation and source code around customers has been stolen.
https://doublepulsar.com/red-hat-consulting-breach-puts-over-5000-high-profile-enterprise-customers-at-risk-in-detail-90114f18f706
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware.
https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html
Das passiert, wenn der KI-Betreiber die Sicherheit vernachlässigt
Verträge, Rechnungen und weitere sensible Daten erreichten uns via E-Mail. Die Quelle: eine österreichische KI-Firma, die demnach bei der Sicherheit schlampte.
https://www.heise.de/news/Sensible-Unternehmensdaten-ueber-Sicherheitsprobleme-bei-KI-Firma-kompromittiert-10731728.html
Phishers target 1Password users with convincing fake breach alert
Attackers are using realistic-looking 1Password emails to trick users into handing over their vault logins.
https://www.malwarebytes.com/blog/news/2025/10/phishers-target-1password-users-with-convincing-fake-breach-alert
Well, Well, Well. It-s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
We bet you thought you-d be allowed to sit there, breathe, and savour the few moments of peace you-d earned after a painful week in cyber security. Obviously, you were horribly wrong, and you need to wake up now.
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Fedora (chromium), Red Hat (kernel, open-vm-tools, and postgresql), SUSE (chromedriver and chromium), and Ubuntu (haproxy and pam-u2f).
https://lwn.net/Articles/1041069/
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. ICSA-25-280-01 Delta Electronics DIAScreen and ICSA-25-226-31 Rockwell Automation 1756-EN4TR, 1756-EN4TRXT.
https://www.cisa.gov/news-events/alerts/2025/10/07/cisa-releases-two-industrial-control-systems-advisories
Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration
A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the flaw originates from the way these agents handle the OpenSSL configuration file on Windows systems.
https://thecyberexpress.com/zabbix-agent-cve-2025-27237/
Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin
On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers. This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts with the -administrator- role.
https://www.wordfence.com/blog/2025/10/attackers-actively-exploiting-critical-vulnerability-in-service-finder-bookings-plugin/
ABB Security Advisory: EIBPORT Reflected XSS (CVE-2021-22291)
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A7808&LanguageCode=en&DocumentPartId=pdf