End-of-Day report
Timeframe: Dienstag 18-03-2025 18:00 - Mittwoch 19-03-2025 18:00
Handler: Alexander Riepl
Co-Handler: Felician Fuchs
News
Malicious Android Vapor apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information.
https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/
Why its time for phishing prevention to move beyond email
While phishing has evolved, email security hasnt kept up. Attackers now bypass MFA & detection tools with advanced phishing kits, making credential theft harder to prevent. Learn how Push Securitys browser-based security stops attacks as they happen.
https://www.bleepingcomputer.com/news/security/why-its-time-for-phishing-prevention-to-move-beyond-email/
iOS-Nutzer gefährdet: Phishing-Lücke in Passwords-App erst nach Monaten gepatcht
Apples Passwords-App hat Weiterleitungen zur Passwortänderung über unsicheres HTTP abgewickelt. Angreifer hätten auf Phishingseiten umleiten können.
https://www.golem.de/news/unsicheres-http-ios-nutzer-durch-phishing-luecke-in-passwords-app-gefaehrdet-2503-194452.html
Malware im Anmarsch: Ungepatchte Windows-Lücke wird seit 8 Jahren ausgenutzt
Hacker nutzen die Schwachstelle schon mindestens seit 2017 aus. Ein Patch ist bisher nicht in Sicht. Auch Ziele in Deutschland sind bereits attackiert worden.
https://www.golem.de/news/malware-im-anmarsch-ungepatchte-windows-luecke-wird-seit-8-jahren-ausgenutzt-2503-194461.html
Arcane stealer: We want all your data
The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers.
https://securelist.com/arcane-stealer/115919/
Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Today, were thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities ..
https://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Buying browser extensions for fun and profit
Your browser extensions could be secretly sold to malicious actors without your knowledge. What starts as helpful tools created by passionate developers can transform into dangerous spyware when sold to the highest bidder. As these extensions grow to hundreds of thousands of users, their creators-overwhelmed by maintenance and lacking ..
https://secureannex.com/blog/buying-browser-extensions/
Which passwords are attackers using against RDP ports right now?
The Specops research team has been analyzing 15 million passwords being used to attack RDP ports, in live attacks happening against networks right now. Our team have found the ten most common passwords attackers are using and analyzed their wordlists for the most common complexity rules and password lengths. We shared the results of a ..
https://specopssoft.com/blog/passwords-used-in-attacking-rdp-ports/
AMOS and Lumma stealers actively spread to Reddit users
Reddit users from trading and crypto subreddits are being lured into installing malware disguised as premium cracked software.
https://www.malwarebytes.com/blog/scams/2025/03/amos-and-lumma-stealers-actively-spread-to-reddit-users
Website-Kidnapping: So schützen Sie Ihre Website vor Hackingangriffen!
Immer öfter geraten österreichische Unternehmen ins Visier von Kriminellen, die ihre Website unbemerkt manipulieren, um Kund:innen auf Fake-Shops oder andere illegale Inhalte weiterzuleiten. Besonders gefährdet sind kleine und mittlere Unternehmen (KMU), da sie oft nicht über ausreichende IT-Sicherheitsmaßnahmen verfügen.
https://www.watchlist-internet.at/news/website-kidnapping-so-schuetzen-sie-ihre-website-vor-hackingangriffen/
Russland vergiftet KI-Chatbots wie ChatGPT gezielt mit Propaganda
Rund 3,6 Millionen Artikel des russischen Pravda-Netzwerks sollen in das Trainingsmaterial westlicher KI-Systeme eingeflossen sein. So werden Fake News via KI verbreitet
https://www.derstandard.at/story/3000000261876/russland-vergiftet-ki-chatbots-wie-chatgpt-gezielt-mit-propaganda
The Citizen Lab-s director dissects spyware and the -proliferating- market for it
In an interview with Recorded Future News, Deibert explained the technical aspects of the Citizen Lab-s methods and how spyware companies continue to evolve to evade detection.
https://therecord.media/ron-deibert-citizen-lab-spyware-interview
Vulnerabilities
ZDI-25-149: Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-271561.
http://www.zerodayinitiative.com/advisories/ZDI-25-149/
ZDI-25-151: Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-1758.
http://www.zerodayinitiative.com/advisories/ZDI-25-151/
ZDI-25-150: Microsoft Windows MSC File Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-26633.
http://www.zerodayinitiative.com/advisories/ZDI-25-150/
ZDI-25-172: Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-24124.
http://www.zerodayinitiative.com/advisories/ZDI-25-172/
Multiple Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based Products
Autodesk AutoCAD and certain AutoCAD-based products are affected by multiple vulnerabilities. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001