End-of-Day report
Timeframe: Donnerstag 20-03-2025 18:00 - Freitag 21-03-2025 18:00
Handler: Felician Fuchs
Co-Handler: Michael Schlagenhaufer
News
Angreifer machen sich an Hintertür in Cisco Smart Licensing Utility zu schaffen
Wie Sicherheitsforscher berichten, fangen Angreifer derzeit an, zwei Schwachstellen in Cisco Smart Licensing Utility auszunutzen. Darüber verschaffen sie sich Zugang mit Adminrechten. Sicherheitspatches sind schon länger verfügbar. [..] Die -kritischen- Lücken (CVE-2024-20439, CVE-2024-20440) sind seit Anfang September 2024 bekannt.
https://heise.de/-10323893
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsofts review process.
https://www.bleepingcomputer.com/news/security/vscode-extensions-found-downloading-early-stage-ransomware/
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools.
https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html
How to Avoid US-Based Digital Services-and Why You Might Want To
Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Heres what you need to know.
https://www.wired.com/story/trump-era-digital-expat/
Fake-Shops wie eu.stanlaystore.com locken mit günstigen Stanley Cups
Stanley Cups gehören aktuell zu den beliebtesten Thermoskannen auf dem Markt. Leider machen sich auch Kriminelle die hohe Nachfrage zunutze und bieten die trendigen Becher in Fake-Shops an. Wie zum Beispiel die Website eu.stanlaystore.com, die mit unschlagbar günstigen Preisen lockt.
https://www.watchlist-internet.at/news/fake-shops-wie-eustanlaystorecom-locken-mit-guenstigen-stanley-cups/
Achtung Phishing: So funktioniert der neue Debitkarten-Betrug
Kriminelle versenden derzeit vermehrt gefälschte E-Mails im Namen der Erste Bank. Darin wird behauptet, dass Ihre Debitkarte veraltet sei und Sie eine neue Karte beantragen müssen. Mit dieser Betrugsmasche versuchen Kriminelle, an Ihre Debitkarte samt PIN zu gelangen!
https://www.watchlist-internet.at/news/achtung-phishing-so-funktioniert-der-neue-debitkarten-betrug/
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21)
Updated March 20: The recent compromise of the GitHub action tj-actions/changed-files and additional actions within the reviewdog organization has captured the attention of the GitHub community, marking another major software supply chain attack. Our team conducted an in-depth investigation into this incident and uncovered many more details about how the attack occurred and its timeline. [..] Our team also discovered that the initial attack targeted Coinbase. The payload was focused on exploiting the public CI/CD flow of one of their open source projects - agentkit, probably with the purpose of leveraging it for further compromises. However, the attacker was not able to use Coinbase secrets or publish packages.
https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/
Major web services go dark in Russia amid reported Cloudflare block
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block Cloudflare services.
https://therecord.media/russia-websites-dark-reported-cloudflare-block
Vulnerabilities
Vulnerability in NAKIVO Backup - Replication
A vulnerability has been discovered in NAKIVO Backup - Replication 10.11.3.86570 and earlier. [..] We have already removed the affected versions from App Center and requested NAKIVO to provide a fixed version as soon as possible.
https://www.qnap.com/en-us/security-advisory/QSA-25-08
Siemens: SSA-656895 V1.2 (Last Update: 2025-03-20): Open Redirect Vulnerability in Teamcenter
https://cert-portal.siemens.com/productcert/html/ssa-656895.html
[R1] Nessus Agent Version 10.8.3 Fixes One Vulnerability
https://www.tenable.com/security/tns-2025-02
F5: K000150484: Apache Tomcat vulnerability CVE-2025-24813
https://my.f5.com/manage/s/article/K000150484