05.08.2025

The Hacker News 04.08.2025 18:06
A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers.
"When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

CSO Online 04.08.2025 16:14
Gefälschte OAuth-Apps eröffnen Angreifern neue Wege, um Microsoft-Konten zu kapern. janews – Shutterstock.com
Bedrohungsakteure haben einen neuen, smarten Weg aufgetan, Microsoft-365-Konten zu kompromittieren. Wie Proofpoint herausgefunden hat, erstellen sie dazu zunehmend gefälschte OAuth-Anwendungen, die vertrauenswürdige Brands wie SharePoint und DocuSign imitieren. Die “Originale” dieser Apps nutzen die Identity-Plattform von Microsoft (Azure AD / Entra ID), um auf Daten aus Microsoft 365, OneDrive, Outlook, Teams oder SharePoint zuzugreifen. Das Ziel besteht darin, die Benutzer dazu zu verleiten, die Zugriffsanfragen der Fake-Apps anzunehmen – und damit ihre Kontodaten zu kompromittieren.

CSO Online 04.08.2025 13:23
Security researchers have discovered an unusually evasive Linux backdoor, undetected even by VirusTotal, compromising systems as a malicious pluggable authentication module (PAM). Dubbed “Plague” by Nextron researchers, the stealthy backdoor lets attackers slip past authentication unnoticed and establish persistent secure shell (SSH) access.
“Plague integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces,” the researchers said in a blog post. “Combined with layered obfuscation and environment tampering, this makes it exceptionally hard to detect using traditional tools.”

CSO Online 04.08.2025 13:20
Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had been stolen. The attackers demanded a substantial Bitcoin payment, threatening to leak sensitive information if the bank didn’t comply within seven days. 
This wasn’t a theoretical tabletop drill or a scenario I’d outlined in a risk briefing; this was real. As I helped support their investigation and recovery, I couldn’t help but reflect on how far ransomware has evolved and how much higher the stakes are now for the financial sector. 

CSO Online 04.08.2025 13:05
The US Cybersecurity and Infrastructure Security Agency (CISA) has released Thorium, a high-throughput open-source platform for automated malware and forensic file analysis. Developed in partnership with Sandia National Laboratories, Thorium is built to support software analysts, digital forensics teams, and incident responders. 
The platform would enable cyber defenders to integrate commercial, open-source, and custom tools into a unified system for orchestrating large-scale, automated analysis workflows.

Heise Security 04.08.2025 10:53
IBMs Businesstool Operational Decision Manager ist verwundbar. In aktuellen Versionen haben die Entwickler zwei Sicherheitslücken geschlossen.