End-of-Day report
Timeframe: Donnerstag 18-09-2025 18:00 - Freitag 19-09-2025 18:00
Handler: Felician Fuchs
Co-Handler: Michael Schlagenhaufer
News
Backup-Diebstahl: Angreifer stahlen bei Sonicwall Firewallkonfigurationen
Der Firewallhersteller Sonicwall meldet einen Einbruch in Cloud-Konten seiner Kunden. Dabei haben Unbekannte Sicherungskopien von Firewallkonfigurationsdateien unerlaubt vervielfältigt und exfiltriert. Es handelt sich jedoch nicht um einen Cyberangriff auf Sonicwall, sondern offenbar um massenhaftes Durchprobieren von Zugangsdaten. [..] Die entwendeten Konfigurationsdateien können sensible Informationen enthalten und Angriffe erleichtern. Offenbar sind nur wenige Kunden betroffen.
https://heise.de/-10662565
CISA exposes malware kits deployed in Ivanti EPMM attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The flaws are an authentication bypass in EPMM-s API component (CVE-2025-4427) and a code injection vulnerability (CVE-2025-4428) that allows execution of arbitrary code.
https://www.bleepingcomputer.com/news/security/cisa-exposes-malware-kits-deployed-in-ivanti-epmm-attacks/
New attack on ChatGPT research agent pilfers secrets from Gmail inboxes
Today-s installment hits OpenAI-s Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user-s Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of the victim and no sign of exfiltration.
https://arstechnica.com/information-technology/2025/09/new-attack-on-chatgpt-research-agent-pilfers-secrets-from-gmail-inboxes/
Threat landscape for industrial automation systems in Q2 2025
Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025.
https://securelist.com/industrial-threat-report-q2-2025/117532/
How AI-Native Development Platforms Enable Fake Captcha Pages
Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns.
https://www.trendmicro.com/en_us/research/25/i/ai-development-platforms-enable-fake-captcha-pages.html
Vulnerabilities
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity. "A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection," Fortra said in an advisory released Thursday.
https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html
Security updates for Friday
Security updates have been issued by Debian (chromium, cjson, and firefox-esr), Fedora (expat, gh, scap-security-guide, and xen), Oracle (container-tools:rhel8, firefox, grub2, and mysql:8.4), SUSE (busybox, busybox-links, element-web, kernel, shadowsocks-v2ray-plugin, and yt-dlp), and Ubuntu (imagemagick, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-oracle-6.8, linux-realtime, and openjpeg2).
https://lwn.net/Articles/1038802/
CISA Releases Nine Industrial Control Systems Advisories
ICSA-25-261-01 Westermo Network Technologies WeOS 5,
ICSA-25-261-02 Westermo Network Technologies WeOS 5,
ICSA-25-261-03 Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit,
ICSA-25-261-04 Hitachi Energy Asset Suite,
ICSA-25-261-05 Hitachi Energy Service Suite,
ICSA-25-261-06 Cognex In-Sight Explorer and In-Sight Camera Firmware,
ICSA-25-261-07 Dover Fueling Solutions ProGauge MagLink LX4 Devices
https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-nine-industrial-control-systems-advisories