End-of-Day report
Timeframe: Dienstag 18-11-2025 18:00 - Mittwoch 19-11-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
New ShadowRay attacks convert Ray clusters into crypto miners
A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet.
https://www.bleepingcomputer.com/news/security/new-shadowray-attacks-convert-ray-clusters-into-crypto-miners/
Russian bulletproof hosting provider sanctioned over ransomware ties
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations.
https://www.bleepingcomputer.com/news/security/us-sanctions-russian-bulletproof-hosting-provider-media-land-over-ransomware-ties/
Gen Z ist bei Passwörtern so schlecht wie 80-Jährige
Das beliebteste Passwort weltweit lautet: -Passwort-.
https://futurezone.at/digital-life/passwort-gen-z-aeltere-generation-80-jaehrig-unsicher-schlecht-nordpass/403104409
Microsoft: Windows 11 bekommt hardwarebeschleunigtes Bitlocker
Bisher war Bitlocker ausschließlich als Softwareverschlüsselung vorgesehen. Das soll sich in Windows bald ändern.
https://www.golem.de/news/microsoft-windows-11-bekommt-hardwarebeschleunigtes-bitlocker-2511-202345.html
NIS-2-Richtlinie: Zentrale Anlaufstelle für Cybervorfälle geplant
Firmen sollen in der EU künftig Sicherheitsvorfälle nur noch bei einer Behörde melden müssen. Das soll den Berichtsaufwand verringern.
https://www.golem.de/news/nis-2-richtlinie-zentrale-anlaufstelle-fuer-cybervorfaelle-geplant-2511-202377.html
IT threat evolution in Q3 2025. Mobile statistics
The report features statistics on mobile threats for the third quarter of 2025, along with interesting findings and trends from the quarter, including an increase in ransomware activity in Germany, and more.
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013/
IT threat evolution in Q3 2025. Non-mobile statistics
The report presents key trends and statistics on malware that targets personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during the third quarter of 2025.
https://securelist.com/malware-report-q3-2025-pc-iot-statistics/118020/
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for ..
https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html
Tens of thousands more ASUS routers pwned by suspected, evolving China operation
Researchers say attacks are laying the groundwork for stealthy espionage activity Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecards STRIKE team.
https://www.theregister.com/2025/11/19/thousands_more_asus_routers_pwned/
Fakeshops: Vorsicht bei Black-Week- und Heizöl-Angeboten
Die Verbraucherzentrale NRW warnt vor Fakeshops mit vermeintlichen Heizöl-Schnäppchen. Die Black-Week lockt Betrüger auf den Plan.
https://www.heise.de/news/Fakeshops-Vorsicht-bei-Black-Week-und-Heizoel-Angeboten-11084224.html
Sicherheitslücken: Solarwinds Platform und Serv-U für Attacken anfällig
Angreifer können Solarwinds Netzwerkmonitoringlösung Platform und die Dateitransfersoftware Serv-U attackieren.
https://www.heise.de/news/Sicherheitsluecken-Solarwinds-Platform-und-Serv-U-fuer-Attacken-anfaellig-11084806.html
Vorsicht: Kombinierte Phishing & Abo-Falle statt neuem iPhone 17 pro!
Das neueste iPhone - völlig kostenlos - direkt nach Hause geschickt! Gibt-s nicht? Gibt-s tatsächlich nicht! Hinter dem verlockenden Angebot versteckt sich in Wahrheit nichts anderes als eine Betrugs-Kombi aus Kreditkartendiebstahl und Abo-Falle.
https://www.watchlist-internet.at/news/phishing-falle-iphone-17-pro/
Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
Unit 42 outlines a Howling Scorpius attack delivering Akira ransomware that originated from a fake CAPTCHA and led to a 42-day compromise.
https://unit42.paloaltonetworks.com/fake-captcha-to-compromise/
Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites
Prolific threat actor delivering RMM packages using variety of lures, including seasonal party invites
https://www.security.com/threat-intelligence/rmm-logmein-attacks
LG battery subsidiary says ransomware attack targeted overseas facility
A "specific overseas facility" fell prey to a ransomware attack but is now operating normally, according to LG Energy Solution - the South Korean multinationals battery-making subsidiary.
https://therecord.media/lg-energy-solution-ransomware-incident-battery-maker