Daily January 2025

daily@lists.cert.at

1 participants
2 discussions

Tageszusammenfassung - 03.01.2025
by Daily end-of-shift report 03 Jan '25

03 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-01-2025 18:00 − Freitag 03-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SwaetRAT Delivery Through Python ∗∗∗ --------------------------------------------- We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all .. --------------------------------------------- https://isc.sans.edu/forums/diary/SwaetRAT+Delivery+Through+Python/31554/ ∗∗∗ 3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt – Tendenz steigend ∗∗∗ --------------------------------------------- In einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend. --------------------------------------------- https://www.heise.de/news/3-1-Millionen-boesartige-Fake-Sterne-auf-GitHub-e… ∗∗∗ Configurations Mega Blog: Why Configurations Are the Wrong Thing to Get Wrong ∗∗∗ --------------------------------------------- So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on "up there" somewhere. In reality, most breaches still originate .. --------------------------------------------- https://www.tripwire.com/state-of-security/configurations-mega-blog-why-con… ∗∗∗ 10 Non-tech things you wish you had done after being breached ∗∗∗ --------------------------------------------- TL;DR Non-tech aspects to breach follow-up are often overlooked but essential NDAs, supply chain, and third party contracts and obligations should be reviewed Reviewing communication protocols and employee .. --------------------------------------------- https://www.pentestpartners.com/security-blog/10-non-tech-things-you-wish-y… ∗∗∗ Von Social Media bis App: So sind Sie Kriminellen einen Schritt voraus ∗∗∗ --------------------------------------------- Internetbetrug wird immer raffinierter und kann jeden Menschen treffen. Deshalb ist es wichtig, auf dem Laufenden zu bleiben und die aktuellen Betrugsmaschen zu kennen. Vom klassischen Newsletter über .. --------------------------------------------- https://www.watchlist-internet.at/news/unsere-kanaele/ ∗∗∗ NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT ∗∗∗ --------------------------------------------- Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar .. --------------------------------------------- https://hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/ ∗∗∗ Schädliche Versionen von zahlreichen Chrome-Erweiterungen in Umlauf ∗∗∗ --------------------------------------------- Über die Weihnachtstage verschafften sich die Täter Zugriff auf diverse Chrome-Extensions – in einigen Fällen sogar schon deutlich früher. --------------------------------------------- https://heise.de/-10224745 ∗∗∗ Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405) ∗∗∗ --------------------------------------------- Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution. --------------------------------------------- https://www.wiz.io/blog/nuclei-signature-verification-bypass ∗∗∗ Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages ∗∗∗ --------------------------------------------- Hardhat, maintained by the Nomic Foundation, is a vital tool for Ethereum developers. As a versatile development environment for Ethereum, it streamlines the creation, testing, and deployment of smart contracts and dApps. Its flexible plugin architecture allows developers to customize workflows with tools and extensions, optimizing productivity and supporting .. --------------------------------------------- https://socket.dev/blog/malicious-npm-campaign-targets-ethereum-developers ===================== = Vulnerabilities = ===================== ∗∗∗ iTerm2 3.5.11 released with a critical security fix ∗∗∗ --------------------------------------------- https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2025
by Daily end-of-shift report 02 Jan '25

02 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Montag 30-12-2024 18:00 − Donnerstag 02-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cyberangriff: Hacker wollen Daten von IT-Dienstleister Atos erbeutet haben ∗∗∗ --------------------------------------------- Die Angreifer behaupten, im Besitz einer Firmendatenbank von Atos zu sein. Der IT-Dienstleister findet bisher keine Beweise für einen Angriff. --------------------------------------------- https://www.golem.de/news/cyberangriff-hacker-wollen-daten-von-it-dienstlei… ∗∗∗ Supportende naht: Forscher warnt vor Security-Fiasko durch Windows 10 ∗∗∗ --------------------------------------------- Rund zwei Drittel aller Windows-PCs in Deutschland arbeiten noch mit Windows 10. Es besteht dringender Handlungsbedarf - nicht erst im Oktober dieses Jahres. --------------------------------------------- https://www.golem.de/news/supportende-naht-forscher-warnt-vor-security-fias… ∗∗∗ Chinas cyber intrusions took a sinister turn in 2024 ∗∗∗ --------------------------------------------- >From targeted espionage to pre-positioning - not that they are mutually exclusive The Chinese governments intrusions into Americas telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks. --------------------------------------------- https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/ ∗∗∗ US Treasury Department outs the blast radius of BeyondTrusts key leak ∗∗∗ --------------------------------------------- Data pilfered as miscreants roamed affected workstations The US Department of the Treasury has admitted that miscreants were in its systems, accessing documents in what has been called a "major incident." --------------------------------------------- https://www.theregister.com/2024/12/31/us_treasury_department_hacked/ ∗∗∗ "Die perfekte Phishing-Mail": Mit KI-Textgeneratoren gegen Führungskräfte ∗∗∗ --------------------------------------------- KI-Technik ermöglicht es Kriminellen, hochpersonalisierte Phishing-Mails an Führungskräfte zu schicken, warnt ein Versicherer. Trainingsmaterial gibt es online. --------------------------------------------- https://www.heise.de/news/Die-perfekte-Phishing-Mail-Mit-KI-Textgeneratoren… ∗∗∗ U.S. Army Soldier Arrested in AT&T, Verizon Extortions ∗∗∗ --------------------------------------------- Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and .. --------------------------------------------- https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizo… ∗∗∗ Vorsicht vor betrügerischen E-Mails zur Rückerstattung von ORF-Gebühren ∗∗∗ --------------------------------------------- Derzeit finden zahlreiche Personen ein E-Mail in ihrem Postfach, in dem behauptet wird, dass sie Anspruch auf eine Rückerstattung von ORF-Gebühren in Höhe von 34,40 Euro haben. Achtung: Es handelt sich dabei um einen Phishing-Versuch, der darauf abzielt, Kontodaten zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerisches-orf-rueckerstattung-… ∗∗∗ Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability ∗∗∗ --------------------------------------------- The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. --------------------------------------------- https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/ ∗∗∗ DORA Regulation (Digital Operational Resilience Act): A Threat Intelligence Perspective ∗∗∗ --------------------------------------------- The Digital Operational Resilience Act (DORA) is coming in 2025. --------------------------------------------- https://www.team-cymru.com/post/dora-regulation-digital-operational-resilie… ∗∗∗ Passkey technology is elegant, but it’s most definitely not usable security ∗∗∗ --------------------------------------------- It's that time again, when families and friends gather and implore the more technically inclined among them to troubleshoot problems they're having behind the device screens all around them. One of the most vexing .. --------------------------------------------- https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-… ∗∗∗ I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny ∗∗∗ --------------------------------------------- API flaws in the McDonald’s McDelivery system in India, one of the world’s most popular food delivery apps, enabled a variety of fun exploits .. --------------------------------------------- https://eaton-works.com/2024/12/19/mcdelivery-india-hack/ ∗∗∗ Déjà vu: Ghostly CVEs in my terminal title ∗∗∗ --------------------------------------------- As I've spoken and written about all modern terminals are actually "emulating" something dating from the .. --------------------------------------------- https://dgl.cx/2024/12/ghostty-terminal-title ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-24-1737: Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1737/ ∗∗∗ ZDI-24-1736: (0Day) Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1736/ ∗∗∗ ZDI-24-1739: Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1739/ ∗∗∗ ZDI-24-1738: Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1738/ ∗∗∗ PAN-OS Firewall Denial of Service (DoS) Vulnerability ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/threat-signal-report/5610 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily January 2025