End-of-Day report
Timeframe: Mittwoch 16-04-2025 18:00 - Donnerstag 17-04-2025 18:00
Handler: Felician Fuchs
Co-Handler: Michael Schlagenhaufer
News
MITRE CVE Program - the past, the present .. and the (European) future.
The Common Vulnerabilities and Exposures (CVE) program is a globally adopted system for identifying and naming cybersecurity vulnerabilities with unique IDs. Established in 1999 by researchers at the MITRE Corporation (a U.S. non-profit R&D organization), CVE was created to ensure that different security tools and stakeholders can refer to the same vulnerability in a consistent way.
https://bytesandborscht.com/mitre-cve-program-the-past-the-present-and-the-european-future/
RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)
When I first saw malware being uploaded to my honeypot, I was lacking the requisite experience to reverse engineer it, and to understand what was happening with the code. Even though I could use any text editor to examine the associated scripts that were being uploaded with RedTail malware, I couldn-t see what was happening with the redtail malware itself. So, I decided to create a how-to on setting up a malware analysis program.
https://isc.sans.edu/diary/rss/31868
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
Earlier this year SpiderLabs observed an increase in mass scanning, credential brute forcing, and exploitation attempts originating from Proton66 ASN targeting organizations worldwide that we are discussing in a two-part series.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.
https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection that could result in code execution.
https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html
Support-Ende von Ubuntu 20.04 dräut
Der Support für Ubuntu 20.04 endet in wenigen Wochen. Ubuntu empfiehlt ein Upgrade oder erweiterten Support mit Ubuntu Pro.
https://www.heise.de/news/Support-Ende-von-Ubuntu-20-04-draeut-10355860.html
Unmasking the new XorDDoS controller and infrastructure
Cisco Talos observed an existing distributed denial-of-service (DDoS) malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025.
https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/
Vulnerabilities
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html
Drupal releases Security Advisories for multiple Critical and High Vulnerabilities
Including 5 critical and 2 high severity.
https://www.drupal.org/security
Atlassian stopft hochriskante Lecks in Confluence, Jira & Co.
Atlassian hat für Bamboo, Confluence und Jira Aktualisierungen herausgegeben, die als hohes Risiko eingestufte Sicherheitslücken in den Produkten abdichten sollen. IT-Verantwortliche sollten die Updates zeitnah herunterladen und anwenden.
https://www.heise.de/news/Atlassian-stopft-hochriskante-Lecks-in-Confluence-Jira-Co-10355832.html
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)
Last week, there were 340 vulnerabilities disclosed in 303 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 67 Vulnerability Researchers that contributed to WordPress Security last week.
https://www.wordfence.com/blog/2025/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-7-2025-to-april-13-2025/
Security updates for Thursday
Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Oracle (expat, freetype, glibc, grub2, gvisor-tap-vsock, and kernel), Red Hat (grub2 and webkit2gtk3), and SUSE (apache2-mod_auth_openidc, cosign, gitoxide, govulncheck-vulndb, GraphicsMagick, haproxy, hauler, mozjs52, oci-cli, pam, perl-Data-Entropy, poppler, python-lxml-doc, python311-aiohttp, rekor, rubygem-rexml, and webkit2gtk3).
https://lwn.net/Articles/1017919/
Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472
Cisco Webex App Client-Side Remote Code Execution Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC
[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0, 6.4.5 and 6.5.1: SC-202504.2
https://www.tenable.com/security/tns-2025-04
F5 K000150879: OpenSSH vulnerability CVE-2025-26466
https://my.f5.com/manage/s/article/K000150879
F5 K000150901: Linux kernel vulnerability CVE-2024-46713
https://my.f5.com/manage/s/article/K000150901