End-of-Day report
Timeframe: Montag 17-11-2025 18:00 - Dienstag 18-11-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses
Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses.
https://www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/
RondoDox botnet malware now hacks servers using XWiki flaw
The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893.
https://www.bleepingcomputer.com/news/security/rondodox-botnet-malware-now-hacks-servers-using-xwiki-flaw/
The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA
Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed.
https://www.bleepingcomputer.com/news/security/the-tycoon-2fa-phishing-platform-and-the-collapse-of-legacy-mfa/
Sicherheitslücke in V8: Hacker attackieren Chrome-Nutzer über Javascript-Engine
Zur Ausnutzung der Chrome-Lücke reicht der bloße Aufruf einer bösartigen Webseite. Angreifer können daraufhin Schadcode zur Ausführung bringen.
https://www.golem.de/news/sicherheitsluecke-in-v8-angreifer-attackieren-chrome-nutzer-ueber-javascript-engine-2511-202288.html
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp-s contact discovery tool, researchers found -the most extensive exposure of phone numbers- ever-along with profile photos and more.
https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/
IT-Vorfall: Stadtwerke Detmold nicht mehr erreichbar
Die Stadtwerke Detmold sind Opfer eines IT-Angriffs geworden. Sie sind derzeit nicht mehr erreichbar. Die Versorgung soll gesichert sein.
https://www.heise.de/news/Stadtwerke-Detmold-nach-IT-Vorfall-offline-11082906.html
Common Kubernetes misconfigurations and how to avoid them
TL;DR Introduction Kubernetes has changed the way we deploy and scale workloads. It-s powerful, flexible, and very good at hiding a lot of complexity. It is also very good at hiding security problems until someone starts poking at it. Attackers usually take the path of least resistance. If they find an exposed API, dashboard, or port, that is often ..
https://www.pentestpartners.com/security-blog/common-kubernetes-misconfigurations-and-how-to-avoid-them/
ASFINAG Phishing-Welle fordert Bezahlung angeblicher Verkehrsstrafe
Eine Verkehrsstrafe möchte man meist schnell begleichen, um zusätzliche Kosten zu vermeiden. Genau diesen Reflex nutzen derzeit Kriminelle aus: Im Umlauf befindet sich eine gefälschte Mahn-SMS, die angeblich von der ASFINAG stammt.
https://www.watchlist-internet.at/news/asfinag-phishing-welle-fordert-bezahlung-angeblicher-verkehrsstrafe/
MI5 warns of Chinese spies using LinkedIn to gain intel on lawmakers
The alert identifies two specific LinkedIn profiles, featuring fake personas, that are being used by China-s Ministry of State Security in an attempt to build relationships in Westminster and gain intelligence.
https://therecord.media/mi5-warns-chinese-spies-using-linkedin-lawmakers
Russian suspect detained in Thailand is allegedly tied to Void Blizzard group
More details are emerging about a 35-year-old Russian man arrested by Thai police in Phuket earlier this month with reported help from the FBI.
https://therecord.media/russian-arrested-thailand-allegedly-void-blizzard-apt-member
Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One- Defenses
In this blog entry, Trend- Research explores how ransomware actors are shifting their focus to cloud-based assets, including the tactics used to compromise business-critical data in AWS environments.
https://www.trendmicro.com/en_us/research/25/k/s3-ransomware.html
When Bulletproof Hosting Proves Bulletproof: The Stark Industries Shell Game
EU sanctions hit Stark Industries in May 2025. GreyNoise data shows how the group quietly rebranded to THE.Hosting and kept its malicious infrastructure running.
https://www.greynoise.io/blog/stark-industries-shell-game
Nordkoreas Remote-Angestellte: Fünf Helfer in den USA bekennen sich schuldig
Schon seit Jahren lässt Nordkorea Menschen über das Internet in den USA arbeiten, um an Gehälter zu kommen. Nun zeigt sich in den USA, wie dabei geholfen wird.
https://heise.de/-11082874
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (libwebsockets), Fedora (chromium and fvwm3), Mageia (apache, firefox, and postgresql13, postgresql15), Oracle (idm:DL1), Red Hat (bind, bind9.18, firefox, and openssl), SUSE (alloy, ghostscript, and openssl-1_0_0), and Ubuntu (ffmpeg and freeglut).
https://lwn.net/Articles/1046891/