End-of-Day report
Timeframe: Montag 31-03-2025 18:00 - Dienstag 01-04-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Felician Fuchs
News
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucids unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.
https://thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html
Rechnung ohne Auftrag: Betreiber gefälschter Firmenverzeichnisse versenden Mahnungen
Fake-Portale nehmen Unternehmen ohne deren Wissen in ihr Firmenverzeichnis auf und stellen anschließend per E-Mail eine Rechnung zu. Diese Schreiben sorgen für Verunsicherung, sind grundsätzlich aber substanzlos. Wer keine Registrierung beantragt hat, muss auch nichts bezahlen.
https://www.watchlist-internet.at/news/rechnungen-fake-firmenverzeichnisse/
Hacker Claims Breach of Check Point Cybersecurity Firm, Sells Access
Hacker claims breach of Israeli cybersecurity firm Check Point, offering network access and sensitive data for sale; company denies any recent incident.
https://hackread.com/hacker-breach-check-point-cybersecurity-firm-access/
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access these portals. The pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation.
https://www.greynoise.io/blog/surge-palo-alto-networks-scanner-activity
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
Wiz Threat Research identified a new variant of an ongoing malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers. [..] Based on our analysis, the threat actor is assigning a unique mining worker to each victim.
https://www.wiz.io/blog/postgresql-cryptomining
Vulnerabilities
Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below -CVE-2025-24085 (CVSS score: 7.3)
https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html
Apple security releases
Safari 18.4, Xcode 16.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4
https://support.apple.com/en-us/100100
CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw
Dell has released a security update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that expose the popular enterprise storage systems-Unity, UnityVSA, and Unity XT-to unauthenticated remote command execution, file deletion, open redirects, and privilege escalation.
https://securityonline.info/cve-2025-22398-dell-unity-hit-by-9-8-cvss-root-level-command-injection-flaw/
Websites kompromittierbar: Lücken in WordPress-Plug-in WP Ultimate CSV Importer
In einem Bericht warnen Sicherheitsforscher von Wordfence vor zwei Schwachstellen (CVE-2025-2007 "hoch", CVE-2025-2008 "hoch"). In beiden Fällen können entfernte Angreifer aufgrund unzureichender Überprüfungen Schadcode auf Websites laden und ausführen. Dafür müssen sie aber bereits authentifiziert sein (Subscriber-Level). [..] Ein Sicherheitspatch steht zum Download.
https://www.heise.de/news/Websites-kompromittierbar-Luecken-in-WordPress-Plug-in-WP-Ultimate-CSV-Importer-10335977.html
Security updates for Tuesday
Security updates have been issued by AlmaLinux (freetype, grub2, kernel, kernel-rt, and python-jinja2), Debian (freetype, linux-6.1, suricata, tzdata, and varnish), Fedora (mingw-libxslt and qgis), Mageia (elfutils, mercurial, and zvbi), Oracle (grafana, kernel, libxslt, nginx:1.22, and postgresql:12), Red Hat (opentelemetry-collector), SUSE (corosync, opera, and restic), and Ubuntu (aom, libtar, mariadb, ovn, php7.4, php8.1, php8.3, rabbitmq-server, and webkit2gtk).
https://lwn.net/Articles/1016076/
Reparierter Sicherheitspatch schließt Schadcode-Lücke in IBM App Connect
Die Schwachstelle (CVE-2025-1302 "kritisch") betrifft das jsonpath-plus-Modul zum Verarbeiten von JSON-Konfigurationen. [..] Das wurde schon mal gepatcht, das Sicherheitsupdate war aber unvollständig. Nun haben die Entwickler einen reparierten Patch veröffentlicht.
https://heise.de/-10335184
Mozilla: Security Vulnerabilities fixed in Thunderbird ESR 128.9
https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
Mozilla: Security Vulnerabilities fixed in Thunderbird 137
https://www.mozilla.org/en-US/security/advisories/mfsa2025-23/
Mozilla: Security Vulnerabilities fixed in Firefox ESR 128.9
https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/
Mozilla: Security Vulnerabilities fixed in Firefox ESR 115.22
https://www.mozilla.org/en-US/security/advisories/mfsa2025-21/
Mozilla: Security Vulnerabilities fixed in Firefox 137
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security
https://thecyberexpress.com/canon-printer-vulnerability-cve-2025-1268/