techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

#apt28

0 posts0 participants0 posts today

Morning, cyber pros! ☕ It's been a bit quiet over the last 24 hours, but we've still got some critical updates to chew on, including a nasty SharePoint zero-day, new GRU malware, and a warning about hardcoded credentials in Aruba access points. Let's dive in:

SharePoint Zero-Day Under Active RCE Exploitation ⚠️

- A critical zero-day, CVE-2025-53770, in Microsoft SharePoint Server is being actively exploited for Remote Code Execution (RCE) since at least July 18th, with over 75 organisations already compromised.
- This flaw is a variant of CVE-2025-49706, part of the "ToolShell" chain demonstrated at Pwn2Own Berlin, and allows attackers to steal the server's MachineKey configuration to craft valid ViewState payloads for RCE.
- No patch is available yet, but Microsoft recommends enabling AMSI integration (default since Sep 2023 updates for SharePoint Server 2016/2019/Subscription Edition) and deploying Defender AV. If AMSI isn't an option, disconnect servers from the internet. Check for `C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\16\TEMPLATE\LAYOUTS\spinstall0.aspx` and specific IIS log entries as IOCs.

🤖 Bleeping Computer | bleepingcomputer.com/news/micr

UK Sanctions GRU, Uncovers New Microsoft Credential Stealer 🛡️

- The UK government has sanctioned three GRU units (26165, 29155, 74455) and several individuals for a sustained campaign of malicious cyber activity, including targeting logistics providers and using cyber reconnaissance for missile strikes in Ukraine.
- Specifically, GRU's APT28 (Fancy Bear/Forest Blizzard, Unit 26165) is attributed to deploying "Authentic Antics," a novel Windows malware that steals Microsoft email credentials and OAuth tokens by displaying fake login prompts.
- Authentic Antics also exfiltrates victim data by sending emails from the compromised account to an actor-controlled address without appearing in the 'sent' folder, highlighting the sophistication and stealth of GRU operations.

🕵🏼 The Register | go.theregister.com/feed/www.th

HPE Warns of Hardcoded Passwords in Aruba Access Points 🔒

- HPE has issued a critical warning (CVE-2025-37103, CVSS 9.8) regarding hardcoded administrative credentials in Aruba Instant On Access Points running firmware version 3.2.0.1 and below.
- This vulnerability allows remote attackers to bypass authentication and gain full administrative access to the web interface, enabling configuration changes, backdoor installation, or traffic surveillance.
- A second high-severity flaw, CVE-2025-37102, an authenticated command injection, can be chained with the hardcoded password vulnerability for further compromise. Immediate upgrade to firmware version 3.2.1.0 or newer is recommended as no workarounds are available.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Gezielter Cyberangriff auf die Bundeswehr! Laut Recherchen von NDR und WDR wurde ein umfassender Cyberangriff auf die Bundeswehr durch die russische Hackergruppe APT28 (alias „Fancy Bear“) verübt – mutmaßlich im Auftrag des russischen Militärgeheimdienstes GRU. Ziel: Das IT-Netz der Bundeswehr, konkret das Beschaffungsamt. Über Monate blieb es unbemerkt. #APT28 #Bundeswehr #Wirtschaftsschutz #GRU #Russland #Russia

tagesschau.de/investigativ/ndr

Russian hackers breach orgs to track aid routes to Ukraine

A Russian state-sponsored cyberespionage campaign attributed to APT28 hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine.

The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States.

#APT28 #russia #Ukraine #security #cybersecurity #hackers #hacking

bleepingcomputer.com/news/secu

Aktuelle Warnung vor Cyberangriffen auf den Logistik- und #Technologiesektor: Das BfV, das #BSI und der BND warnen aktuell vor Cyberangriffen, um #KRITIS auszuspionieren.

Verantwortlich für die Angriffe ist die Einheit 26165 des russischen Militärgeheimdienstes GRU und die dazugehörige Cybergruppierung #APT28, die sich beispielsweise mittels Spear-Phishing und Brute-Force-Angriffen unbefugten Zugriff auf die IT-Infrastruktur verschaffen.

verfassungsschutz.de/SharedDoc #cybersecurity