End-of-Day report
Timeframe: Mittwoch 02-04-2025 18:00 - Donnerstag 03-04-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
GitHub expands security tools after 39 million secrets leaked in 2024
Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks.
https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/
Hersteller warnt: Gefährliche Cisco-Backdoor wird aktiv ausgenutzt
Durch die Backdoor erhalten Angreifer dank statischer Zugangsdaten Admin-Zugriff auf ein Lizenzierungstool für Cisco-Produkte.
https://www.golem.de/news/hersteller-warnt-hacker-nutzen-eine-von-ciscos-backdoors-aus-2504-194970.html
Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say
A lawyer for Xiaofeng Wang and his wife says they are -safe- after FBI searches of their homes and Wang-s sudden dismissal from Indiana University, where he taught for over 20 years.
https://www.wired.com/story/xiaofeng-wang-indiana-university-research-probe-china/
Belohnung für gefundene Sicherheitslücken in Fediverse-Software ausgelobt
Für Mastodon, Pixelfed & Co. sind einzelne und kleine Teams verantwortlich. Um deren Dienste sicherer zu machen, wird jetzt etwas Geld zur Verfügung gestellt.
https://www.heise.de/news/Belohnung-fuer-gefundene-Sicherheitsluecken-in-Fediverse-Software-ausgelobt-10338830.html
Vorsicht Phishing: Fake-SMS zu angeblichen Mahnungen des Finanzministeriums
Haben Sie eine SMS im Namen des Bundesministeriums für Finanzen (BMF) erhalten, in der Ihnen offene Schulden vorgeworfen werden? Droht die Nachricht mit einer bevorstehenden Pfändung, weil Sie angeblich schon mehrfach gemahnt wurden? Achtung: Zahlen Sie die Forderung nicht! Die Nachricht kommt nicht vom Finanzministerium und Ihr Geld landet bei Kriminellen.
https://www.watchlist-internet.at/news/fake-sms-zu-mahnungen-des-finanzministeriums/
NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on -Fast Flux,- a National Security Threat
Today, CISA-in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate-s Australian Cyber Security Centre (ASD-s ACSC), Canadian Centre for Cyber Security ..
https://www.cisa.gov/news-events/alerts/2025/04/03/nsa-cisa-fbi-and-international-partners-release-cybersecurity-advisory-fast-flux-national-security
New guidance on securing HTTP-based APIs
Why it-s essential to secure your APIs to build trust with your customers and partners.
https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis
DPRK IT Workers Expanding in Scope and Scale
Since our September 2024 report outlining the Democratic Peoples Republic of Korea (DPRK) IT worker threat, the scope and scale of their operations has continued to expand. These individuals ..
https://cloud.google.com/blog/topics/threat-intelligence/dprk-it-workers-expanding-scope-scale/
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (-ICS-) VPN appliances version 22.7R2.5 and earlier. CVE-2025-22457 is a buffer overflow vulnerability, and successful exploitation ..
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/
RolandSkimmer: Silent Credit Card Thief Uncovered
Web-based credit card skimming remains a widespread and persistent threat, known for its ability to adapt and evolve over time. FortiGuard Labs recently observed a sophisticated campaign dubbed -RolandSkimmer,- named ..
https://www.fortinet.com/blog/threat-research/rolandskimmer-silent-credit-card-thief-uncovered
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks
The Socket research team recently discovered a malicious Python package on PyPI named disgrasya, which contains a fully automated carding script targeting WooCommerce stores. Unlike typical supply chain attacks that rely on deception or typosquatting, disgrasya made no attempt to appear legitimate. It was openly malicious, abusing PyPI as a distribution ..
https://socket.dev/blog/malicious-pypi-package-targets-woocommerce-stores-with-automated-carding-attacks
Vulnerabilities
Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029
https://www.drupal.org/sa-contrib-2025-029
Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028
https://www.drupal.org/sa-contrib-2025-028
SVD-2025-0402: Third-Party Package Updates in Splunk/UniversalForwarder Docker - April 2025
https://advisory.splunk.com//advisories/SVD-2025-0402
SVD-2025-0401: Third-Party Package Updates in Splunk/Splunk Docker - April 2025
https://advisory.splunk.com//advisories/SVD-2025-0401
Security Update: Pulse Connect Secure, Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways