security

📅 Kalender

< July 2026 >
Mo
Di
Mi
Do
Fr
Sa
So
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
security

SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln;

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option. https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 Framelink Figma MCP Server CVE-2025-53967 Framelink […]

Mehr lesen →
security

SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities […]

Mehr lesen →
security

Cyber Resilience Act: BSI wird marktüberwachende Behörde

Der Cyber Resilience Act (CRA) wird den Markt für IT-Produkte und Geräte mit digitalen Elementen grundlegend verändern. Das BSI wurde nun von der Bundesregierung  als notifizierende und marktüberwachende Behörde gegenüber der Europäischen Kommission benannt.

Mehr lesen →
security

SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited

More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Redis Vulnerability Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution. https://redis.io/blog/security-advisory-cve-2025-49844/ GoAnywhere Bug Exploited Microsoft is reporting about the exploitation of the recent […]

Mehr lesen →
security

Das BSI auf der it-sa – Fokus NIS-2

Das BSI baut seine Informationsangebote für die Unternehmensführung weiter aus. Neben der Publikationsreihe Management Blitzlicht, die Führungskräfte schnell und kompakt über aktuelle Themen der Cybersicherheit informiert, stellt das BSI weitere Formate bereit, um Entscheider gezielt zu sensibilisieren und handlungsfähig zu machen.

Mehr lesen →
security

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Zimbra Exploit Analysis […]

Mehr lesen →
security

SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their […]

Mehr lesen →
security

SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations […]

Mehr lesen →
security

SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited;

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited […]

Mehr lesen →