End-of-Day report
Timeframe: Donnerstag 27-03-2025 18:00 - Freitag 28-03-2025 18:00
Handler: Alexander Riepl
Co-Handler: Michael Schlagenhaufer
News
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection.
https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operation-uses-dns-over-https-for-evasion/
Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt
Nicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox.
https://www.golem.de/news/notfallupdate-kritische-sandbox-luecke-in-firefox-und-tor-browser-entdeckt-2503-194773.html
Stealing user credentials with evilginx
A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there's hope.
https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evilginx/
Quick Guide to Magento Security Patches
Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by attackers. These patches help prevent issues like data breaches, website defacement, or unauthorized access, ensuring the safety of customer data and store operations. Given the platform-s ..
https://blog.sucuri.net/2025/03/quick-guide-to-magento-security-patches.html
China-s FamousSparrow flies back into action, breaches US org after years off the radar
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.
https://www.theregister.com/2025/03/27/china_famoussparrow_back/
Storage-Appliances: Dell schließt unzählige Sicherheitslücken in Unity-Serien
Die Dell-Entwickler haben unter anderem eine 19 Jahre alte Schwachstelle in diversen Unity-Modellen geschlossen.
https://www.heise.de/news/Storage-Appliances-Dell-schliesst-unzaehlige-Sicherheitsluecken-in-Unity-Serien-10331922.html
New security requirements adopted by HTTPS certificate industry
The Chrome Root Program launched in 2022 as part of Google-s ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying ..
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Money Laundering 101, and why Joe is worried
In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.
https://blog.talosintelligence.com/money-laundering-101-and-why-joe-is-worried/
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.
https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
Obfuscation 101: Unmasking the Tricks Behind Malicious Code
-The malicious package was right in front of our eyes, but we didnt see it until it was too late.-Attackers frequently rely on obfuscation-the technique of deliberately making source code confusing and unreadable-to sneak malicious payloads past security defenses and code reviewers alike. Understanding these obfuscation techniques across ..
https://socket.dev/blog/obfuscation-101-the-tricks-behind-malicious-code
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025
The National Vulnerability Database (NVD) issued a new status update on March 19, attempting to clarify the current state of its vulnerability processing pipeline. The agency says it has resumed processing new CVEs at the same rate it maintained before last year-s slowdown, but with vulnerability volumes surging, that-s no longer enough.We are currently ..
https://socket.dev/blog/nvd-backlog-crisis-deepens-amid-surging-cve-disclosures
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (mercurial and opensaml), Fedora (augeas, mingw-libxslt, and nodejs-nodemon), Mageia (chromium-browser-stable), Red Hat (grafana, kernel, kernel-rt, opentelemetry-collector, and podman), SUSE (apache-commons-vfs2, python3, and python36), and Ubuntu (ghostscript, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, ..
https://lwn.net/Articles/1015718/