Tageszusammenfassung - 18.03.2025

End-of-Day report

Timeframe: Montag 17-03-2025 18:00 - Dienstag 18-03-2025 18:00 Handler: Alexander Riepl Co-Handler: Felician Fuchs

News

Critical AMI MegaRAC bug can let attackers hijack, brick servers

-A new critical severity vulnerability found in American Megatrends Internationals MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers.

https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft

Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll module that contains the RAT capabilities and summarizes ..

https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/

New -Rules File Backdoor- Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious ..

https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html

Britische Hintertüren: Verdacht nach Apple auch bei Google

Britische Überwacher verlangen weltweiten Zugriff auf Apple-Backups. Apple darf das nicht bestätigen und ist damit offenbar kein Einzelfall.

https://www.heise.de/news/Auch-Google-kann-britischen-Ueberwachungsbefehl-nicht-verleugnen-10318842.html

FBI-Warnung: Betrügerische Online-Dateikonverter schleusen Trojaner in Dokumente

Wer kostenlose Onlinedienste zum Umwandeln von etwa Textdateien nutzt, kann sich Malware einfangen. Darauf weist das FBI hin.

https://www.heise.de/news/Malwareverteiler-FBI-warnt-vor-betruegerischen-Online-Dateikonvertern-10319049.html

Bogus -DeepSeek- AI Installers Are Infecting Devices with Malware, Research Finds

In a digital landscape hungry for the next big thing in Artificial Intelligence, a new contender called DeepSeek recently burst ..

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/bogus-deepseek-ai-installers-are-infecting-devices-with-malware-research-finds/

Betrügerisches Gewinnspiel: Abofalle statt günstigem Thermomix!

Frau S. wünscht sich schon lange einen Thermomix. Bisher schreckte sie jedoch der hohe Preis der Küchenmaschine ab. Umso größer ist ihre Freude, als sie im Internet sieht, dass sie nach der Teilnahme an einer Umfrage den Thermomix für nur zwei Euro erhalten kann. Doch Vorsicht: Statt eines günstigen Thermomix erwartet sie eine teure Abofalle!

https://www.watchlist-internet.at/news/betruegerisches-gewinnspiel-abofalle-statt-guenstigem-thermomix/

Google-Mutter Alphabet bietet für Cybersecurity-Startup Wiz 30 Milliarden Dollar

Es wäre die größte Transaktion von Alphabet. Ein Angebot über 23 Milliarden Dollar war im Vorjahr abgelehnt worden

https://www.derstandard.at/story/3000000261775/wsj-alphabet-bietet-f252r-cybersecurity-startup-wiz-30-mrd-dollar

Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds

OKX said it detected a coordinated effort by one of North Korea-s most prolific hacking outfits to misuse its decentralized finance (DeFi) services.

https://therecord.media/crypto-okx-shuts-down-exchange

Password reuse is rampant: nearly half of observed user logins are compromised

Accessing private content online, whether it's checking email or streaming your favorite show, almost always starts with a -login- step. Beneath this everyday task lies a widespread human mistake we still have not resolved: password reuse. Many users recycle passwords across multiple services, creating a ripple effect of risk when their credentials are leaked.

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

Offline PKI using 3 YubiKeys and an ARM single board computer

An offline PKI enhances security by physically isolating the certificate authority from network threats. A YubiKey is a low-cost solution to store a root certificate. You also need an air-gapped environment to operate the root CA.

https://vincent.bernat.ch/en/blog/2025-offline-pki-yubikeys

Security Risks of Setting Access Control Allow Origin: *

Wildcard CORS: convenient or careless? What are the ACTUAL scenarios that could lead to a loose CORS policy being exploited?

https://projectblack.io/blog/security-risks-of-setting-access-control-allow-origin/

Vulnerabilities

TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension -[clickstorm] SEO- (cs_seo)

https://typo3.org/security/advisory/typo3-ext-sa-2025-003

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension -Additional TCA- (additional_tca)

https://typo3.org/security/advisory/typo3-ext-sa-2025-002