Tageszusammenfassung - 03.04.2025

End-of-Day report

Timeframe: Mittwoch 02-04-2025 18:00 - Donnerstag 03-04-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

GitHub expands security tools after 39 million secrets leaked in 2024

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks.

https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/


Hersteller warnt: Gefährliche Cisco-Backdoor wird aktiv ausgenutzt

Durch die Backdoor erhalten Angreifer dank statischer Zugangsdaten Admin-Zugriff auf ein Lizenzierungstool für Cisco-Produkte.

https://www.golem.de/news/hersteller-warnt-hacker-nutzen-eine-von-ciscos-backdoors-aus-2504-194970.html


Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say

A lawyer for Xiaofeng Wang and his wife says they are -safe- after FBI searches of their homes and Wang-s sudden dismissal from Indiana University, where he taught for over 20 years.

https://www.wired.com/story/xiaofeng-wang-indiana-university-research-probe-china/


Belohnung für gefundene Sicherheitslücken in Fediverse-Software ausgelobt

Für Mastodon, Pixelfed & Co. sind einzelne und kleine Teams verantwortlich. Um deren Dienste sicherer zu machen, wird jetzt etwas Geld zur Verfügung gestellt.

https://www.heise.de/news/Belohnung-fuer-gefundene-Sicherheitsluecken-in-Fediverse-Software-ausgelobt-10338830.html


Vorsicht Phishing: Fake-SMS zu angeblichen Mahnungen des Finanzministeriums

Haben Sie eine SMS im Namen des Bundesministeriums für Finanzen (BMF) erhalten, in der Ihnen offene Schulden vorgeworfen werden? Droht die Nachricht mit einer bevorstehenden Pfändung, weil Sie angeblich schon mehrfach gemahnt wurden? Achtung: Zahlen Sie die Forderung nicht! Die Nachricht kommt nicht vom Finanzministerium und Ihr Geld landet bei Kriminellen.

https://www.watchlist-internet.at/news/fake-sms-zu-mahnungen-des-finanzministeriums/


NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on -Fast Flux,- a National Security Threat

Today, CISA-in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate-s Australian Cyber Security Centre (ASD-s ACSC), Canadian Centre for Cyber Security ..

https://www.cisa.gov/news-events/alerts/2025/04/03/nsa-cisa-fbi-and-international-partners-release-cybersecurity-advisory-fast-flux-national-security


New guidance on securing HTTP-based APIs

Why it-s essential to secure your APIs to build trust with your customers and partners.

https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis


DPRK IT Workers Expanding in Scope and Scale

Since our September 2024 report outlining the Democratic Peoples Republic of Korea (DPRK) IT worker threat, the scope and scale of their operations has continued to expand. These individuals ..

https://cloud.google.com/blog/topics/threat-intelligence/dprk-it-workers-expanding-scope-scale/


Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)

On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (-ICS-) VPN appliances version 22.7R2.5 and earlier. CVE-2025-22457 is a buffer overflow vulnerability, and successful exploitation ..

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/


RolandSkimmer: Silent Credit Card Thief Uncovered

Web-based credit card skimming remains a widespread and persistent threat, known for its ability to adapt and evolve over time. FortiGuard Labs recently observed a sophisticated campaign dubbed -RolandSkimmer,- named ..

https://www.fortinet.com/blog/threat-research/rolandskimmer-silent-credit-card-thief-uncovered


Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks

The Socket research team recently discovered a malicious Python package on PyPI named disgrasya, which contains a fully automated carding script targeting WooCommerce stores. Unlike typical supply chain attacks that rely on deception or typosquatting, disgrasya made no attempt to appear legitimate. It was openly malicious, abusing PyPI as a distribution ..

https://socket.dev/blog/malicious-pypi-package-targets-woocommerce-stores-with-automated-carding-attacks


Vulnerabilities

Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029

https://www.drupal.org/sa-contrib-2025-029


Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028

https://www.drupal.org/sa-contrib-2025-028


SVD-2025-0402: Third-Party Package Updates in Splunk/UniversalForwarder Docker - April 2025

https://advisory.splunk.com//advisories/SVD-2025-0402


SVD-2025-0401: Third-Party Package Updates in Splunk/Splunk Docker - April 2025

https://advisory.splunk.com//advisories/SVD-2025-0401


Security Update: Pulse Connect Secure, Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways

https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways