End-of-Day report
Timeframe: Mittwoch 23-04-2025 18:00 - Donnerstag 24-04-2025 18:00
Handler: Guenes Holler
Co-Handler: Michael Schlagenhaufer
News
Linux io_uring security blindspot allows stealthy rootkit attacks
A significant security gap in Linux runtime security caused by the io_uring interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software.
https://www.bleepingcomputer.com/news/security/linux-io-uring-security-blindspot-allows-stealthy-rootkit-attacks/
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a new report shared with The Hacker News."
https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
Erlang/OTP SSH: Namhafte Hersteller von kritischer Lücke betroffen
Erlang/OTP SSH wird von vielen namhaften Herstellern mitgeliefert. Daher betrifft eine kritische Lücke auch Cisco und Ericsson. Zu den weiteren verwundbaren Anbietern gehört nach jetzigem Stand EMQ Technologies. Nicht standardmäßig installiert, aber optional verfügbar ist Erlang/OTP SSH bei National Instruments, Broadcom (insbesondere RabbitMQ), Very Technology, Apache (CouchDB) und Riak Technologies. Hier müssen Admins prüfen, ob sie Erlang/OTP SSH installiert haben und gegebenenfalls die verfügbaren Aktualisierungen installieren.
https://www.heise.de/news/Erlang-OTP-SSH-Namhafte-Hersteller-von-kritischer-Luecke-betroffen-10361103.html
9X Surge in Ivanti Connect Secure Scanning Activity
GreyNoise observed a 9X spike in suspicious scanning activity targeting Ivanti Connect Secure or Ivanti Pulse Secure VPN systems. More than 230 unique IPs probed ICS/IPS endpoints. This surge may indicate coordinated reconnaissance and possible preparation for future exploitation.
https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity
Vulnerabilities
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0.
https://thehackernews.com/2025/04/critical-commvault-command-center-flaw.html
Drupal: Security advisories
Drupal has released new security advisories.
https://www.drupal.org/security
Security updates for Thursday
Security updates have been issued by Debian (haproxy and openrazer), Fedora (c-ares and mingw-poppler), Red Hat (thunderbird), SUSE (epiphany, ffmpeg-6, gopass, and libsoup-3_0-0), and Ubuntu (erlang, haproxy, libapache2-mod-auth-openidc, libarchive, linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws-6.8, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gke, linux-gkeop, linux-gcp-6.8, linux-ibm-5.15, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-realtime, perl, and yelp, yelp-xsl).
https://lwn.net/Articles/1018717/
ZDI-25-250: (0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-250/
ZDI-25-249: (0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-249/
ZDI-25-248: (0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-248/
ZDI-25-247: (0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-247/
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025)
https://www.wordfence.com/blog/2025/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-14-2025-to-april-20-2025/
ALBEDO Telecom Net.Time - PTP/NTP Clock
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02
Sonicwall warnt vor DoS-Lücke in SSLVPN
https://heise.de/-10360960