Daily

daily@lists.cert.at

1 participants
3082 discussions

Tageszusammenfassung - 14.01.2025
by Daily end-of-shift report 14 Jan '25

14 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Montag 13-01-2025 18:00 − Dienstag 14-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Abgehörte Kryptohandys: BGH erlaubt Verwertung - Berliner Landgericht lehnt ab ∗∗∗ --------------------------------------------- Die Justiz ringt seit Jahren um die Verwertung von Daten abgehörter Kryptohandys. Nun gab es in wenigen Wochen gegensätzliche Urteile. --------------------------------------------- https://www.golem.de/news/abgehoerte-kryptohandys-bgh-erlaubt-verwertung-be… ∗∗∗ Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions ∗∗∗ --------------------------------------------- Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024… ∗∗∗ The Database Slayer: Deep Dive and Simulation of the Xbash Malware ∗∗∗ --------------------------------------------- In the world of malware, common ransomware schemes aim to take the data within databases (considered the "gold" in the vault of any organization) and hold them hostage, promising data recovery upon ransom payment. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-databas… ∗∗∗ Snyk appears to deploy malicious packages targeting Cursor for unknown reason ∗∗∗ --------------------------------------------- Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using "malicious" packages uploaded to NPM. --------------------------------------------- https://www.theregister.com/2025/01/14/snyk_npm_deployment_removed/ ∗∗∗ SAP-Patchday: Updates schließen 14 teils kritische Schwachstellen ∗∗∗ --------------------------------------------- Im Januar bedenkt SAP Produkte mit 14 Sicherheitsmitteilungen und zugehörigen Updates. Zwei davon gelten als kritisch. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-Hersteller-stopft-teils-kritische-SI… ∗∗∗ Telefónica: Infostealer-Kampagne legt interne Jira-Issues offen ∗∗∗ --------------------------------------------- Der Telekommunikationsanbieter Telefónica wurde Opfer eines Cyberangriffs. Kriminelle erbeuteten offenbar Zugriff auf große Mengen interner Daten. --------------------------------------------- https://www.heise.de/news/Telefonica-Infostealer-Kampagne-legt-interne-Jira… ∗∗∗ Achtung Fake: vailllant.at und vaillantproservice.at ∗∗∗ --------------------------------------------- Kriminelle missbrauchen das für Heiztechnik bekannte Unternehmen Vaillant für eine Betrugsmasche. Auf gefälschten Webseiten geben sich die Kriminellen als 24-Stunden-Notdienst für Österreich bzw. Wien/Niederösterreich aus. Ruft man den betrügerischen Notdienst an, kommen unseriöser Handwerker:innen, die den Schaden nicht fachgerecht beheben, sondern eine horrende Summe in Rechnung stellen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-vailllantat-und-vaillan… ∗∗∗ One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks ∗∗∗ --------------------------------------------- Graph neural networks aid in analyzing domains linked to known attack indicators, effectively uncovering new malicious domains and cybercrime campaigns. --------------------------------------------- https://unit42.paloaltonetworks.com/graph-neural-networks/ ∗∗∗ Ransomware: Threat Level Remains High in Third Quarter ∗∗∗ --------------------------------------------- Recently established RansomHub group overtakes LockBit to become most prolific ransomware operation. --------------------------------------------- https://www.security.com/threat-intelligence/ransomware-threat-level-remain… ∗∗∗ CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet ∗∗∗ --------------------------------------------- Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-jcdc-ai-cy… ∗∗∗ Major location data broker reports hack to Norwegian authorities ∗∗∗ --------------------------------------------- The location data broker Gravy Analytics confirmed to Norwegian authorities that it was breached by a hacker — potentially exposing a trove of sensitive information. --------------------------------------------- https://therecord.media/location-data-broker-gravy-breach ∗∗∗ NPM command confusion ∗∗∗ --------------------------------------------- Intro Managing dependencies in JavaScript projects can quickly become a complex undertaking. Tasks include keeping track of versions, ensuring compatibility, and handling updates . npm provides a robust solution to these problems, through a centralized system for managing project dependencies. Primarily accessed through its command-line interface (CLI), npm .. --------------------------------------------- https://checkmarx.com/blog/npm-command-confusion/ ∗∗∗ Malicious Kong Ingress Controller Image Found on DockerHub ∗∗∗ --------------------------------------------- A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account --------------------------------------------- https://hackread.com/malicious-kong-ingress-controller-image-dockerhub/ ∗∗∗ Hackers Using Fake YouTube Links to Steal Login Credentials ∗∗∗ --------------------------------------------- Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI .. --------------------------------------------- https://hackread.com/hackers-fake-youtube-links-steal-login-credentials/ ∗∗∗ Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar ∗∗∗ --------------------------------------------- In Hindi, chokidar (चौकीदार) means “gatekeeper” or “watchman”—a perfect descriptor for chokidar one of Node.js most trusted file-watching libraries with around 56 million weekly downloads. Meanwhile, chalk serves as a cornerstone for terminal string styling in JavaScript, drawing over 265 million downloads weekly. Unfortunately, our Socket threat .. --------------------------------------------- https://socket.dev/blog/kill-switch-hidden-in-npm-packages-typo-squatting-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Zyxel security advisory for improper privilege management vulnerability in APs and security router devices ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… ∗∗∗ January Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/january-security-update -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.01.2025
by Daily end-of-shift report 13 Jan '25

13 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-01-2025 18:00 − Montag 13-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware ∗∗∗ --------------------------------------------- In-the-wild attacks tamper with built-in security tool providing infection warnings. --------------------------------------------- https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacke… ∗∗∗ Phishing texts trick Apple iMessage users into disabling protection ∗∗∗ --------------------------------------------- Cybercriminals are exploiting a trick to turn off Apple iMessages built-in phishing protection for a text and trick users into re-enabling disabled phishing links. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-i… ∗∗∗ Ransomware abuses Amazon AWS feature to encrypt S3 buckets ∗∗∗ --------------------------------------------- A new ransomware campaign encrypts Amazon S3 buckets using AWSs Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws… ∗∗∗ Anwendung blockiert: MacOS stuft Docker Desktop als Malware ein ∗∗∗ --------------------------------------------- Einige Dateien von Docker Desktop für MacOS wurden falsch signiert, so dass Nutzer eine Malware-Warnung erhalten. Eine echte Gefahr besteht nicht. --------------------------------------------- https://www.golem.de/news/anwendung-blockiert-docker-desktop-unter-macos-al… ∗∗∗ New LLM Jailbreak Uses Models Evaluation Skills Against Them ∗∗∗ --------------------------------------------- SC Media reports on a new jailbreak method for large language models (LLMs) that "takes advantage of models ability to identify and score harmful content in order to trick the models into generating content related to malware, illegal activity, harassment and more. "The Bad Likert Judge multi-step jailbreak technique was developed and tested by .. --------------------------------------------- https://it.slashdot.org/story/25/01/12/2010218/new-llm-jailbreak-uses-model… ∗∗∗ Nominet probes network intrusion linked to Ivanti zero-day exploit ∗∗∗ --------------------------------------------- Unauthorized activity detected, but no backdoors found UK domain registry Nominet is investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits. --------------------------------------------- https://www.theregister.com/2025/01/13/nominet_ivanti_zero_day/ ∗∗∗ Paypal-Phishing: Angebliche monatliche Finanzberichte ködern Opfer ∗∗∗ --------------------------------------------- Derzeit schaffen es Phishing-Mails an Spam-Filtern vorbeizukommen, die einen monatlichen Finanzbericht für Paypal versprechen. --------------------------------------------- https://www.heise.de/news/Paypal-Phishing-Angebliche-monatliche-Finanzberic… ∗∗∗ Log Source Management App für IBM QRadar SIEM ist auf vielen Wegen angreifbar ∗∗∗ --------------------------------------------- Weil mehrere Komponenten verwundbar sind, können Angreifer Systeme mit Log Source Management App für IBM QRadar SIEM attackieren. --------------------------------------------- https://www.heise.de/news/Log-Source-Management-App-fuer-IBM-QRadar-SIEM-is… ∗∗∗ Tackling AI threats. Advanced DFIR methods and tools for deepfake detection ∗∗∗ --------------------------------------------- TL; DR AI-generated documents, videos and more pose significant challenges for DFIR DFIR teams can harness innovative detection strategies and tooling Digital fingerprinting and watermarking, AI-powered and behavioural analyses .. --------------------------------------------- https://www.pentestpartners.com/security-blog/tackling-ai-threats-advanced-… ∗∗∗ Rufnummernmissbrauch dank Verordnung drastisch zurückgegangen ∗∗∗ --------------------------------------------- Die "Anti-Spoofing-Verordnung" der RTR greift seit September, seitdem gibt es nur noch wenige Vorfälle von Betrug mittels gekaperter Rufnummern --------------------------------------------- https://www.derstandard.at/story/3000000252624/rufnummernmissbrauch-dank-ve… ∗∗∗ Muddling Meerkat Linked to Domain Spoofing in Global Spam Scams ∗∗∗ --------------------------------------------- Infoblox cybersecurity researchers investigating the mysterious activities of Muddling Meerkat unexpectedly uncovered widespread use of domain spoofing in malicious spam campaigns. --------------------------------------------- https://hackread.com/muddling-meerkat-domain-spoofing-spam-scams/ ∗∗∗ Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails ∗∗∗ --------------------------------------------- SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s .. --------------------------------------------- https://hackread.com/fake-crowdstrike-recruiters-malware-phishing-emails/ ∗∗∗ 3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers ∗∗∗ --------------------------------------------- SUMMARY Three Russian nationals have been indicted for their alleged roles in running cryptocurrency mixing services Blender.io and… --------------------------------------------- https://hackread.com/3-russian-operating-blender-io-sinbad-io-crypto-mixers/ ∗∗∗ Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) ∗∗∗ --------------------------------------------- As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282.Today, we’re .. --------------------------------------------- https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-c… ∗∗∗ Deep Dive Into a Linux Rootkit Malware ∗∗∗ --------------------------------------------- This is a follow-up analysis to a previous blog about a zero day exploit where the FortiGuard Incident Response (FGIR) team examined how remote attackers exploited multiple vulnerabilities in an appliance to gain control of a customer’s system. --------------------------------------------- https://feeds.fortinet.com/~/910912481/0/fortinet/blogs~Deep-Dive-Into-a-Li… ∗∗∗ Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603) ∗∗∗ --------------------------------------------- The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently. --------------------------------------------- https://www.wiz.io/blog/wiz-research-identifies-exploitation-in-the-wild-of… ∗∗∗ Analysis of Counter-Ransomware Activities in 2024 ∗∗∗ --------------------------------------------- The scourge of ransomware continues primarily because ofthree main reasons: Ransomware-as-a-Service (RaaS), cryptocurrency, and safe havens.RaaS platforms enable aspiring cybercriminals to join a gang and begin launching attacks with a support system that help extract ransom payments from their victims.Cryptocurrency enables cybercriminals to receive funds .. --------------------------------------------- https://blog.bushidotoken.net/2025/01/analysis-of-counter-ransomware.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (dpdk, firefox, iperf3, thunderbird, and webkit2gtk3), Debian (firefox-esr, gnuchess, node-mocha, openafs, python-django, and thunderbird), Fedora (libxmp, python-jinja2, suricata, thunderbird, and xen), Mageia (avahi, libjxl, opencontainers-runc, radare2, rizin, and tinyproxy), Oracle (cups, dpdk, firefox, iperf3, .. --------------------------------------------- https://lwn.net/Articles/1004962/ ∗∗∗ MISP 2.4.203 and 2.5.5 released including new features, improvements and many security improvements. ∗∗∗ --------------------------------------------- We are thrilled to announce the release of MISP v2.4.203 and MISP v2.5.5, bringing a range of new features, improvements, and fixes to enhance the platforms performance, usability, and security. These updates reflect our ongoing commitment to providing a robust and reliable open-source .. --------------------------------------------- https://github.com/MISP/MISP/releases/tag/v2.4.203 ∗∗∗ Security Vulnerabilities fixed in Firefox for iOS 134 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-06/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2025
by Daily end-of-shift report 10 Jan '25

10 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-01-2025 18:00 − Freitag 10-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware ∗∗∗ --------------------------------------------- In-the-wild attacks tamper with built-in security tool to suppress infection warnings. --------------------------------------------- https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacke… ∗∗∗ Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection ∗∗∗ --------------------------------------------- Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress .. --------------------------------------------- https://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpr… ∗∗∗ Sicherheitsupdates: Angreifer können Netzwerkgeräte mit Junos OS crashen lassen ∗∗∗ --------------------------------------------- Netzwerkgeräte wie Switches von Juniper sind verwundbar. Ansatzpunkte sind mehrere Schwachstellen im Betriebssystem Junos OS. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Netzwerkgera… ∗∗∗ Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI ∗∗∗ --------------------------------------------- Executive Summary: The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month FunkSec operators appear to use AI-assisted malware development, which can enable even inexperienced actors to quickly produce and refine advanced tools The group’s activities straddle the line .. --------------------------------------------- https://blog.checkpoint.com/research/meet-funksec-a-new-surprising-ransomwa… ∗∗∗ Do we still have to keep doing it like this? ∗∗∗ --------------------------------------------- Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions. --------------------------------------------- https://blog.talosintelligence.com/do-we-still-have-to-keep-doing-it-like-t… ∗∗∗ How Cracks and Installers Bring Malware to Your Device ∗∗∗ --------------------------------------------- Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-br… ∗∗∗ Banshee Stealer Hits macOS Users via Fake GitHub Repositories ∗∗∗ --------------------------------------------- Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed .. --------------------------------------------- https://hackread.com/banshee-stealer-hits-macos-fake-github-repositories/ ∗∗∗ Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) ∗∗∗ --------------------------------------------- Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly .. --------------------------------------------- https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-i… ∗∗∗ How to secure your GitHub Actions workflows with CodeQL ∗∗∗ --------------------------------------------- In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering .. --------------------------------------------- https://github.blog/security/application-security/how-to-secure-your-github… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-25-010: Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-46981. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-010/ ∗∗∗ ZDI-25-009: Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-55656. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-009/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2025
by Daily end-of-shift report 09 Jan '25

09 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-01-2025 18:00 − Donnerstag 09-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Here’s how hucksters are manipulating Google to promote shady Chrome extensions ∗∗∗ --------------------------------------------- How do you stash 18,000 keywords into a description? Turns out its easy. --------------------------------------------- https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-ser… ∗∗∗ Unpatched critical flaws impact Fancy Product Designer WordPress plugin ∗∗∗ --------------------------------------------- Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unpatched-critical-flaws-imp… ∗∗∗ Beyond Meh-trics: Examining How CTI Programs Demonstrate Value Using Metrics ∗∗∗ --------------------------------------------- A blog about developing cyber threat intelligence (CTI) metrics. --------------------------------------------- https://www.sans.org/blog/beyond-meh-trics-examining-how-cti-programs-demon… ∗∗∗ The State of Magecart: A Persistent Threat to E-Commerce Security ∗∗∗ --------------------------------------------- Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-state-o… ∗∗∗ Mitel 0-day, 5-year-old Oracle RCE bug under active exploit ∗∗∗ --------------------------------------------- 3 CVEs added to CISAs catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years. --------------------------------------------- https://www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/ ∗∗∗ Japanese police claim China ran five-year cyberattack campaign targeting local orgs ∗∗∗ --------------------------------------------- ‘MirrorFace’ group found ways to run malware in the Windows sandbox, which is worrying Japan’s National Police Agency and Center of Incident Readiness and Strategy for Cybersecurity have confirmed third party reports of attacks on local orgs by publishing details of a years-long series of attacks attributed to a China-backed source. --------------------------------------------- https://www.theregister.com/2025/01/09/japan_mirrorface_china_attack/ ∗∗∗ Angestellte klickten dreimal so oft auf Phishing-Links ‒ häufig in Suchmaschinen ∗∗∗ --------------------------------------------- Mitarbeiter klicken trotz Schulungen auf Phishing-Links. Laut einer Studie sind sie bei E-Mails sich der Angriffe eher bewusst, bei der Suche im Netz weniger. --------------------------------------------- https://www.heise.de/news/E-Mails-sind-out-Phishing-verstaerkt-ueber-Suchma… ∗∗∗ New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search ∗∗∗ --------------------------------------------- As botnets continue to evolve, so do the techniques required to detect them. --------------------------------------------- https://www.rapid7.com/blog/post/2025/01/08/new-research-enhancing-botnet-d… ∗∗∗ Banshee: The Stealer That “Stole Code” From MacOS XProtect ∗∗∗ --------------------------------------------- As of 2024, approximately 100.4 million people worldwide use macOS, accounting for 15.1% of the global PC market. Of the millions of macOS users, many falsely assume that their systems are inherently secure from malware. This perception stems from macOS’s Unix-based architecture and historically lower market share, .. --------------------------------------------- https://research.checkpoint.com/2025/banshee-macos-stealer-that-stole-code-… ∗∗∗ Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation ∗∗∗ --------------------------------------------- On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-sec… ∗∗∗ Angeblich Datenleck bei Datensammler Gravy Analytics ∗∗∗ --------------------------------------------- Im Darknet behaupten Kriminelle, Daten vom Positionsdatensammler Gravy Analytics erbeutet zu haben. Sorge um die Privatsphäre macht sich breit. --------------------------------------------- https://heise.de/-10233802 ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-25-008: Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-008/ ∗∗∗ ZDI-25-007: Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-007/ ∗∗∗ ZDI-25-006: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-006/ ∗∗∗ ZDI-25-005: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-005/ ∗∗∗ ZDI-25-004: Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-004/ ∗∗∗ ZDI-25-003: Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-003/ ∗∗∗ ZDI-25-002: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-002/ ∗∗∗ ZDI-25-001: Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-001/ ∗∗∗ 2025-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 24.1R2 release ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2025
by Daily end-of-shift report 08 Jan '25

08 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-01-2025 18:00 − Mittwoch 08-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ How initial access brokers (IABs) sell your users’ credentials ∗∗∗ --------------------------------------------- Initial Access Brokers (IABs) are specialized cybercriminals that break into corporate networks and sell stolen access to other attackers. Learn from Specops Software about how IABs operate and how businesses can protect themselves. --------------------------------------------- https://www.bleepingcomputer.com/news/security/how-initial-access-brokers-i… ∗∗∗ Wegen Sicherheitslücken: Ärzteschaft empfiehlt Widerspruch zu ePA für alle ∗∗∗ --------------------------------------------- Kurz vor dem Start der ePA für alle ist die Verunsicherung groß. Die Ärzte sehen noch "große Einfallstore" für Hacker. --------------------------------------------- https://www.golem.de/news/wegen-sicherheitsluecken-aerzteschaft-empfiehlt-w… ∗∗∗ FCC Launches Cyber Trust Mark for IoT Devices to Certify Security Compliance ∗∗∗ --------------------------------------------- The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices."IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal .. --------------------------------------------- https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html ∗∗∗ Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks ∗∗∗ --------------------------------------------- A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains .. --------------------------------------------- https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html ∗∗∗ Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems."The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated .. --------------------------------------------- https://thehackernews.com/2025/01/researchers-expose-noneuclid-rat-using.ht… ∗∗∗ US-Sicherheitsbehörde warnt vor Attacken auf MiCollab und WebLogic Server ∗∗∗ --------------------------------------------- Admins sollten ihre Systeme mit Mitel- und Oracle-Software gegen derzeit laufende Angriffe rüsten. --------------------------------------------- https://www.heise.de/news/US-Sicherheitsbehoerde-warnt-vor-Attacken-auf-MiC… ∗∗∗ Forscher: KI sorgt für effektiveres Phishing ∗∗∗ --------------------------------------------- Wie wirksam ist per LLM automatisch erzeugtes Phishing? Es ist gleichauf mit menschlich erzeugtem Spear-Phishing, sagen Forscher. --------------------------------------------- https://www.heise.de/news/Forscher-KI-sorgt-fuer-effektiveres-Phishing-1023… ∗∗∗ A Day in the Life of a Prolific Voice Phishing Crew ∗∗∗ --------------------------------------------- Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound .. --------------------------------------------- https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-p… ∗∗∗ Vorsicht vor versteckten Kosten auf finelo.com und coursiv.io ∗∗∗ --------------------------------------------- Die Aussicht auf finanziellen Aufstieg lockt viele Menschen auf Plattformen wie finelo.com und coursive.io, die von der IT-Firma zimran.io betrieben werden. Beide Plattformen werben mit großen Versprechungen: Während finelo.com den Nutzer:innen beibringen möchte, clever zu investieren, zielt coursiv.io darauf ab, berufliche Fähigkeiten mithilfe künstlicher .. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-versteckten-kosten-auf-… ∗∗∗ Drupal 7 End of Life - PSA-2025-01-06 ∗∗∗ --------------------------------------------- Drupal core version 7 has reached end of life, and is no longer community supported on Drupal.org. This means that new releases of Drupal 7 core and contributed projects will no longer happen on Drupal.org and community support is no longer provided. What this means for you:Any vulnerabilities that impact Drupal 7 may be released and .. --------------------------------------------- https://www.drupal.org/psa-2025-01-06 ∗∗∗ Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers ∗∗∗ --------------------------------------------- In a statement on the Russian social media platform VKontakte, the St. Petersburg-based company said the “planned” attack “destroyed” its infrastructure overnight. Nodex added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume. --------------------------------------------- https://therecord.media/russian-internet-provider-says-network-destroyed-cy… ∗∗∗ Scammers Impersonate Authorities to Swipe OTPs with Remote Access Apps ∗∗∗ --------------------------------------------- SUMMARY Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools. --------------------------------------------- https://hackread.com/scammers-impersonate-swipe-otps-remote-access-apps/ ∗∗∗ Backdooring Your Backdoors - Another $20 Domain, More Governments ∗∗∗ --------------------------------------------- After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves .. --------------------------------------------- https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ ∗∗∗ Solving NIST Password Complexities: Guidance From a GRC Perspective ∗∗∗ --------------------------------------------- Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness guru, I can attest .. --------------------------------------------- https://trustedsec.com/blog/solving-nist-password-complexities-guidance-fro… ∗∗∗ How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud ∗∗∗ --------------------------------------------- In our study on the SPF, DKIM, and DMARC records of the top 1M websites, we were surprised to uncover more than 1,700 public DKIM keys that were shorter than 1,024 bits in length. This finding was unexpected, as RSA keys shorter than 1,024 bits are considered insecure, and their use in DKIM has been deprecated since the introduction of RFC 8301 in 2018. --------------------------------------------- https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface .. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied .. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox, mupdf, and php-tcpdf), SUSE (etcd, file-roller, gtk3, kernel, python-django-ckeditor, rubygem-json-jwt, and tomcat10), and Ubuntu (ffmpeg, HTMLDOC, linux-aws, linux-raspi, linux-gke, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, and tinyproxy). --------------------------------------------- https://lwn.net/Articles/1004428/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.01.2025
by Daily end-of-shift report 07 Jan '25

07 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-01-2025 18:00 − Dienstag 07-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows 10 users urged to upgrade to avoid "security fiasco" ∗∗∗ --------------------------------------------- Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-u… ∗∗∗ Cryptocurrency wallet drainers stole $494 million in 2024 ∗∗∗ --------------------------------------------- Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-draine… ∗∗∗ Chinese hackers also breached Charter and Windstream networks ∗∗∗ --------------------------------------------- More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. --------------------------------------------- https://www.bleepingcomputer.com/news/security/charter-and-windstream-among… ∗∗∗ Trotz starker Kritik: Umstrittene UN-Cybercrime-Konvention verabschiedet ∗∗∗ --------------------------------------------- Netzaktivisten haben vergeblich vor der Verabschiedung der Konvention gewarnt. Es droht der Zugriff auf digitale Beweismittel durch autoritäre Staaten. --------------------------------------------- https://www.golem.de/news/trotz-starker-kritik-umstrittene-un-cybercrime-ko… ∗∗∗ After Chinas Salt Typhoon, the reconstruction starts now ∗∗∗ --------------------------------------------- If 40 years of faulty building gets blown down, don’t rebuild with the rubble Opinion When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is .. --------------------------------------------- https://www.theregister.com/2025/01/06/opinion_column_cybersec/ ∗∗∗ MediaTek rings in the new year with a parade of chipset vulns ∗∗∗ --------------------------------------------- Manufacturers should have had ample time to apply the fixes MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. --------------------------------------------- https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/ ∗∗∗ Patchday: Wichtige Sicherheitsupdates schützen Android-Geräte ∗∗∗ --------------------------------------------- Google und weitere Hersteller von Android-Geräte haben mehrere kritische Lücken in verschiedenen Android-Versionen geschlossen. --------------------------------------------- https://www.heise.de/news/Patchday-Schadcode-Luecken-bedrohen-Android-12-13… ∗∗∗ Schwerwiegende Sicherheitslücken in Sonicwall SSL-VPN - aktiv ausgenutzt ∗∗∗ --------------------------------------------- Der Hersteller Sonicwall hat seine Kunden darüber informiert, dass einige Geräte von Sicherheitslücken betroffen sind. Besonders hervorzuheben ist dabei eine bereits angegriffenen Lücke bei denen Angreifer:innen die Authentifizierung .. --------------------------------------------- https://www.cert.at/de/warnungen/2025/1/schwewiegende-sicherheitslucken-in-… ∗∗∗ UN aviation agency actively investigating cybercriminal’s claimed data breach ∗∗∗ --------------------------------------------- The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.” --------------------------------------------- https://therecord.media/united-nations-icao-investigating-data-breach ∗∗∗ Critical Next.js Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- This specifically affects pages directly under the application’s root directory. Example:[Not affected] hxxps[://]example[.]com[Affected] hxxps[://]example[.]com/foo[Not affected] hxxps[://]example[.]com/foo/bar Successful exploitation of this vulnerability, allows a remote unauthenticated .. --------------------------------------------- https://www.truesec.com/hub/blog/critical-next-js-authorization-bypass-vuln… ∗∗∗ Achtung: Angeblich geleakter GTA San Andreas Source-Code mit Schadsoftware ∗∗∗ --------------------------------------------- Aktuell wird angeblich der Quellcode des Rockstar Games Spiels GTA San Andreas im Internet zum Download angeboten. Erste Hinweise scheinen seit gestern im Internet aufgetaucht zu sein (siehe z.B. den Artikel Rockstar reportedly faces another .. --------------------------------------------- https://www.borncity.com/blog/2025/01/06/achtung-angeblich-geleakter-gta-sa… ∗∗∗ New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages ∗∗∗ --------------------------------------------- SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data. --------------------------------------------- https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/ ∗∗∗ U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks ∗∗∗ --------------------------------------------- US sanctions Beijing-based Integrity Technology Group for aiding “Flax Typhoon” hackers in cyberattacks on American infrastructure, freezing assets… --------------------------------------------- https://hackread.com/us-sanctions-chinese-cybersecurity-firm-cyberattacks/ ∗∗∗ CVE-2024-4577: Windows Encoding Gone Wrong ∗∗∗ --------------------------------------------- CVE-2024-4577 is a critical vulnerability in Windows-based PHP installations, affecting CGI configurations, that allow remote code execution. --------------------------------------------- https://www.bitsight.com/blog/cve-2024-4577-windows-encoding-gone-wrong ∗∗∗ Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon ∗∗∗ --------------------------------------------- Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data and remotely probe developer environments.Over the last year, Socket’s threat research team has continually observed and identified malicious JavaScript, Python, and Ruby packages .. --------------------------------------------- https://socket.dev/blog/weaponizing-oast-how-malicious-packages-exploit-npm… ===================== = Vulnerabilities = ===================== ∗∗∗ [20250103] - Core - Read ACL violation in multiple core views ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: ACL Violation Reported Date: 2024-08-26 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40749 Description Improper Access Controls allows access to protected views. Affected Installs Joomla! CMS versions 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security --------------------------------------------- https://developer.joomla.org:443/security-centre/956-20250103-core-read-acl… ∗∗∗ [20250102] - Core - XSS vector in the id attribute of menu lists ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-09-19 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40748 Description Lack of output escaping in the id attribute of menu lists. Affected Installs Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. --------------------------------------------- https://developer.joomla.org:443/security-centre/955-20250102-core-xss-vect… ∗∗∗ [20250101] - Core - XSS vectors in module chromes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-08-29 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40747 Description Various module chromes didnt properly process inputs, leading to XSS vectors. Affected Installs Joomla! CMS versions 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. Reported By: Catalin Iovita --------------------------------------------- https://developer.joomla.org:443/security-centre/954-20250101-core-xss-vect… ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 115.19 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/ ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 128.6 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/ ∗∗∗ Security Vulnerabilities fixed in Firefox 134 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/ ∗∗∗ Upcoming CVE for End-of-Life Node.js Versions ∗∗∗ --------------------------------------------- https://nodejs.org/en/blog/vulnerability/upcoming-cve-for-eol-versions -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2025
by Daily end-of-shift report 03 Jan '25

03 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-01-2025 18:00 − Freitag 03-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SwaetRAT Delivery Through Python ∗∗∗ --------------------------------------------- We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all .. --------------------------------------------- https://isc.sans.edu/forums/diary/SwaetRAT+Delivery+Through+Python/31554/ ∗∗∗ 3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt – Tendenz steigend ∗∗∗ --------------------------------------------- In einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend. --------------------------------------------- https://www.heise.de/news/3-1-Millionen-boesartige-Fake-Sterne-auf-GitHub-e… ∗∗∗ Configurations Mega Blog: Why Configurations Are the Wrong Thing to Get Wrong ∗∗∗ --------------------------------------------- So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on "up there" somewhere. In reality, most breaches still originate .. --------------------------------------------- https://www.tripwire.com/state-of-security/configurations-mega-blog-why-con… ∗∗∗ 10 Non-tech things you wish you had done after being breached ∗∗∗ --------------------------------------------- TL;DR Non-tech aspects to breach follow-up are often overlooked but essential NDAs, supply chain, and third party contracts and obligations should be reviewed Reviewing communication protocols and employee .. --------------------------------------------- https://www.pentestpartners.com/security-blog/10-non-tech-things-you-wish-y… ∗∗∗ Von Social Media bis App: So sind Sie Kriminellen einen Schritt voraus ∗∗∗ --------------------------------------------- Internetbetrug wird immer raffinierter und kann jeden Menschen treffen. Deshalb ist es wichtig, auf dem Laufenden zu bleiben und die aktuellen Betrugsmaschen zu kennen. Vom klassischen Newsletter über .. --------------------------------------------- https://www.watchlist-internet.at/news/unsere-kanaele/ ∗∗∗ NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT ∗∗∗ --------------------------------------------- Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar .. --------------------------------------------- https://hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/ ∗∗∗ Schädliche Versionen von zahlreichen Chrome-Erweiterungen in Umlauf ∗∗∗ --------------------------------------------- Über die Weihnachtstage verschafften sich die Täter Zugriff auf diverse Chrome-Extensions – in einigen Fällen sogar schon deutlich früher. --------------------------------------------- https://heise.de/-10224745 ∗∗∗ Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405) ∗∗∗ --------------------------------------------- Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution. --------------------------------------------- https://www.wiz.io/blog/nuclei-signature-verification-bypass ∗∗∗ Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages ∗∗∗ --------------------------------------------- Hardhat, maintained by the Nomic Foundation, is a vital tool for Ethereum developers. As a versatile development environment for Ethereum, it streamlines the creation, testing, and deployment of smart contracts and dApps. Its flexible plugin architecture allows developers to customize workflows with tools and extensions, optimizing productivity and supporting .. --------------------------------------------- https://socket.dev/blog/malicious-npm-campaign-targets-ethereum-developers ===================== = Vulnerabilities = ===================== ∗∗∗ iTerm2 3.5.11 released with a critical security fix ∗∗∗ --------------------------------------------- https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2025
by Daily end-of-shift report 02 Jan '25

02 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Montag 30-12-2024 18:00 − Donnerstag 02-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cyberangriff: Hacker wollen Daten von IT-Dienstleister Atos erbeutet haben ∗∗∗ --------------------------------------------- Die Angreifer behaupten, im Besitz einer Firmendatenbank von Atos zu sein. Der IT-Dienstleister findet bisher keine Beweise für einen Angriff. --------------------------------------------- https://www.golem.de/news/cyberangriff-hacker-wollen-daten-von-it-dienstlei… ∗∗∗ Supportende naht: Forscher warnt vor Security-Fiasko durch Windows 10 ∗∗∗ --------------------------------------------- Rund zwei Drittel aller Windows-PCs in Deutschland arbeiten noch mit Windows 10. Es besteht dringender Handlungsbedarf - nicht erst im Oktober dieses Jahres. --------------------------------------------- https://www.golem.de/news/supportende-naht-forscher-warnt-vor-security-fias… ∗∗∗ Chinas cyber intrusions took a sinister turn in 2024 ∗∗∗ --------------------------------------------- >From targeted espionage to pre-positioning - not that they are mutually exclusive The Chinese governments intrusions into Americas telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks. --------------------------------------------- https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/ ∗∗∗ US Treasury Department outs the blast radius of BeyondTrusts key leak ∗∗∗ --------------------------------------------- Data pilfered as miscreants roamed affected workstations The US Department of the Treasury has admitted that miscreants were in its systems, accessing documents in what has been called a "major incident." --------------------------------------------- https://www.theregister.com/2024/12/31/us_treasury_department_hacked/ ∗∗∗ "Die perfekte Phishing-Mail": Mit KI-Textgeneratoren gegen Führungskräfte ∗∗∗ --------------------------------------------- KI-Technik ermöglicht es Kriminellen, hochpersonalisierte Phishing-Mails an Führungskräfte zu schicken, warnt ein Versicherer. Trainingsmaterial gibt es online. --------------------------------------------- https://www.heise.de/news/Die-perfekte-Phishing-Mail-Mit-KI-Textgeneratoren… ∗∗∗ U.S. Army Soldier Arrested in AT&T, Verizon Extortions ∗∗∗ --------------------------------------------- Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and .. --------------------------------------------- https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizo… ∗∗∗ Vorsicht vor betrügerischen E-Mails zur Rückerstattung von ORF-Gebühren ∗∗∗ --------------------------------------------- Derzeit finden zahlreiche Personen ein E-Mail in ihrem Postfach, in dem behauptet wird, dass sie Anspruch auf eine Rückerstattung von ORF-Gebühren in Höhe von 34,40 Euro haben. Achtung: Es handelt sich dabei um einen Phishing-Versuch, der darauf abzielt, Kontodaten zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerisches-orf-rueckerstattung-… ∗∗∗ Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability ∗∗∗ --------------------------------------------- The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. --------------------------------------------- https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/ ∗∗∗ DORA Regulation (Digital Operational Resilience Act): A Threat Intelligence Perspective ∗∗∗ --------------------------------------------- The Digital Operational Resilience Act (DORA) is coming in 2025. --------------------------------------------- https://www.team-cymru.com/post/dora-regulation-digital-operational-resilie… ∗∗∗ Passkey technology is elegant, but it’s most definitely not usable security ∗∗∗ --------------------------------------------- It's that time again, when families and friends gather and implore the more technically inclined among them to troubleshoot problems they're having behind the device screens all around them. One of the most vexing .. --------------------------------------------- https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-… ∗∗∗ I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny ∗∗∗ --------------------------------------------- API flaws in the McDonald’s McDelivery system in India, one of the world’s most popular food delivery apps, enabled a variety of fun exploits .. --------------------------------------------- https://eaton-works.com/2024/12/19/mcdelivery-india-hack/ ∗∗∗ Déjà vu: Ghostly CVEs in my terminal title ∗∗∗ --------------------------------------------- As I've spoken and written about all modern terminals are actually "emulating" something dating from the .. --------------------------------------------- https://dgl.cx/2024/12/ghostty-terminal-title ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-24-1737: Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1737/ ∗∗∗ ZDI-24-1736: (0Day) Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1736/ ∗∗∗ ZDI-24-1739: Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1739/ ∗∗∗ ZDI-24-1738: Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-24-1738/ ∗∗∗ PAN-OS Firewall Denial of Service (DoS) Vulnerability ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/threat-signal-report/5610 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.12.2024
by Daily end-of-shift report 30 Dec '24

30 Dec '24

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-12-2024 18:00 − Montag 30-12-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Customer data from 800,000 electric cars and owners exposed online ∗∗∗ --------------------------------------------- Volkswagens automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers names and reveal precise vehicle locations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/customer-data-from-800-000-e… ∗∗∗ Malware botnets exploit outdated D-Link routers in recent attacks ∗∗∗ --------------------------------------------- Two botnets tracked as Ficora and Capsaicin have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outd… ∗∗∗ Hackerangriff auf Flughäfen von Mailand ∗∗∗ --------------------------------------------- Eine prorussische Hackergruppe bekannte sich zu dem Cyberangriff. Der Flugbetrieb war nicht gefährdet. --------------------------------------------- https://futurezone.at/digital-life/hackerangriff-auf-flughaefen-von-mailand… ∗∗∗ Bundestagswahlen: Wahlsoftware immer noch unsicher ∗∗∗ --------------------------------------------- Seit Jahren fordert der CCC eine transparente Wahlsoftware. Wie sinnvoll das wäre, zeigt die Analyse eines weit verbreiteten Tools. Ein Bericht von Friedhelm Greis. --------------------------------------------- https://www.golem.de/news/bundestagswahlen-wahlsoftware-immer-noch-unsicher… ∗∗∗ Rundsteuerempfänger gehackt: Lässt sich über Funksignale ein Blackout herbeiführen? ∗∗∗ --------------------------------------------- Zwei Sicherheitsforscher haben die Protokolle für funkbasierte Rundsteuerempfänger entschlüsselt. Doch es ist strittig, in welchem Umfang sich manipulierte Signale missbrauchen lassen. Ein Bericht von Friedhelm Greis. --------------------------------------------- https://www.golem.de/news/rundsteuerempfaenger-gehackt-laesst-sich-ueber-fu… ∗∗∗ Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks ∗∗∗ --------------------------------------------- In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS --------------------------------------------- https://news.sophos.com/en-us/2024/12/30/prioritizing-patching-a-deep-dive-… ∗∗∗ 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft ∗∗∗ --------------------------------------------- A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal --------------------------------------------- https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html ∗∗∗ Its only a matter of time before LLMs jump start supply-chain attacks ∗∗∗ --------------------------------------------- The greatest concern is with spear phishing and social engineering Interview Now that criminals have realized theres no need to train their own LLMs for any nefarious purposes - its much cheaper and easier to steal credentials and then jailbreak existing ones - the threat of a large-scale supply chain attack using generative AI becomes more real. --------------------------------------------- https://www.theregister.com/2024/12/29/llm_supply_chain_attacks/ ∗∗∗ 38C3: Große Sicherheitsmängel in elektronischer Patientenakte 3.0 aufgedeckt ∗∗∗ --------------------------------------------- Gravierende Sicherheitslücken müssten bis zum Start der ePA 3.0 noch geschlossen werden. Das demonstrieren Martin Tschirsich und Bianca Kastl auf dem 38C3. --------------------------------------------- https://www.heise.de/news/38C3-Weitere-Sicherheitsmaengel-in-elektronischer… ∗∗∗ 38C3: BogusBazaar-Bande betreibt noch immer Tausende Fakeshops ∗∗∗ --------------------------------------------- Monate nach der Entdeckung operiert eine chinesische Cyberbande weiterhin unbehelligt, berichten Sicherheitsforscher. Schützenhilfe leisten auch US-Anbieter. --------------------------------------------- https://www.heise.de/news/38C3-BogusBazaar-Bande-betreibt-noch-immer-Tausen… ∗∗∗ 38C3: BitLocker-Verschlüsselung von Windows 11 umgangen, ohne PC zu öffnen. ∗∗∗ --------------------------------------------- Zwei Jahre nach der vermeintlichen Behebung einer Lücke kann diese weiterhin genutzt werden, um BitLocker-geschützte Festplatten von Windows 11 zu entschlüsseln --------------------------------------------- https://www.heise.de/news/38C3-BitLocker-Verschluesselung-von-Windows-11-um… ∗∗∗ On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE ∗∗∗ --------------------------------------------- An account with the name @NSA_Employee39 claimed to have dropped a zero-day vulnerability for the popular file archive software 7-Zip. Nobody could get it to work. --------------------------------------------- https://therecord.media/fake-zero-day-7Zip ∗∗∗ Lets Encrypt to end OCSP support in 2025 ∗∗∗ --------------------------------------------- Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate Status Protocol.What is OCSP?The Online Certificate Status Protocol is a --------------------------------------------- https://scotthelme.ghost.io/lets-encrypt-to-end-ocsp-support-in-2025/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gst-plugins-good1.0 and opensc), Fedora (iwd and libell), and SUSE (chromium, govulncheck-vulndb, and poppler). --------------------------------------------- https://lwn.net/Articles/1003768/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2024
by Daily end-of-shift report 27 Dec '24

27 Dec '24

===================== = End-of-Day report = ===================== Timeframe: Montag 23-12-2024 18:00 − Freitag 27-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cybersecurity firms Chrome extension hijacked to steal users data ∗∗∗ --------------------------------------------- One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. Among Cyberhaven's customers are Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and Kirkland & Ellis. [..] Cyberhaven's internal security team removed the malicious package within an hour since its detection, the company says in an email to its customers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-e… ∗∗∗ Microsoft warnt: Bug könnte Security-Updates verhindern ∗∗∗ --------------------------------------------- Microsoft warnt Nutzer, die ihr System vor Kurzem via CD oder USB-Stick installiert haben. Konkret geht es um Installationsmedien, die das Sicherheitsupdate vom Oktober oder das vom November inkludiert haben. Hier kann es passieren, dass diese Systeme keine weiteren Updates mehr erhalten, wenn sie derzeit auf 24H2 sind. --------------------------------------------- https://futurezone.at/produkte/microsoft-warnung-bug-security-updates-windo… ∗∗∗ Datenschutzverletzung: Volkwagen-Bewegungsprofile von 800.000 E-Autos offengelegt ∗∗∗ --------------------------------------------- Persönliche Daten und Bewegungsprofile von rund 800.000 VW-E-Auto-Besitzern lagen monatelang öffentlich zugänglich in der Cloud. --------------------------------------------- https://www.golem.de/news/datenschutzverletzung-volkwagen-bewegungsprofile-… ∗∗∗ Threat landscape for industrial automation systems in Q3 2024 ∗∗∗ --------------------------------------------- The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024. --------------------------------------------- https://securelist.com/ics-cert-q3-2024-report/115182/ ∗∗∗ More SSH Fun!, (Tue, Dec 24th) ∗∗∗ --------------------------------------------- A few days ago, I wrote a diary about a link file that abused the ssh.exe tool present in modern versions of Microsoft Windows. At the end, I mentioned that I will hunt for more SSH-related files/scripts. Guess what? I already found another one. --------------------------------------------- https://isc.sans.edu/diary/rss/31542 ∗∗∗ Jahresrückblick: Diese Themen beschäftigten uns 2024! ∗∗∗ --------------------------------------------- Wir sagen „DANKE“ und blicken noch einmal zurück auf die Entwicklungen und Geschehnisse des vergangenen Jahres. --------------------------------------------- https://www.watchlist-internet.at/news/jahresrueckblick-2024/ ∗∗∗ ASUS: "Weihnachtsüberraschung" mit christmas.exe schief gegangen ∗∗∗ --------------------------------------------- Anbieter ASUS wollte seine Benutzer überraschen und hat diesen eine besondere Weihnachtskarte mit dem Dateinamen christmas.exe zukommen lassen. Ist natürlich seit Jahren bekannt, dass man aus Sicherheitsgründen keine .exe-Grußkarte mit Weihnachtsgrüßen verschickt. --------------------------------------------- https://www.borncity.com/blog/2024/12/26/asus-weihnachtsueberraschung-mit-c… ∗∗∗ PMKID Attacks: Debunking the 802.11r Myth ∗∗∗ --------------------------------------------- This article addresses common misconceptions surrounding PMKID-based attacks while offering technical insights into their mechanics and effective countermeasures. The PMKID-based attack, first disclosed in 2018 by the Hashcat team, introduced a novel method of compromising WPA2-protected Wi-Fi networks. Unlike traditional techniques, this approach does not require capturing a full 4-way handshake, instead leveraging a design flaw in the Pairwise Master Key Identifier (PMKID). --------------------------------------------- https://www.nccgroup.com/us/research-blog/pmkid-attacks-debunking-the-80211… ∗∗∗ From Arbitrary File Write to RCE in Restricted Rails apps ∗∗∗ --------------------------------------------- Introduction Recently, we came across a situation where we needed to exploit an arbitrary file write vulnerability in a Rails application running in a restricted environment. The application was deployed via a Dockerfile that imposed...O post From Arbitrary File Write to RCE in Restricted Rails apps apareceu primeiro em Conviso AppSec. --------------------------------------------- https://blog.convisoappsec.com/en/from-arbitrary-file-write-to-rce-in-restr… ===================== = Vulnerabilities = ===================== ∗∗∗ Palo Alto: CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet (Severity: HIGH) ∗∗∗ --------------------------------------------- A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. --------------------------------------------- https://security.paloaltonetworks.com/CVE-2024-3393 ∗∗∗ Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks ∗∗∗ --------------------------------------------- The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that was previously addressed on December 17, 2024. --------------------------------------------- https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html ∗∗∗ Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now ∗∗∗ --------------------------------------------- The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. --------------------------------------------- https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.h… ∗∗∗ Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization ∗∗∗ --------------------------------------------- The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. --------------------------------------------- https://thehackernews.com/2024/12/apache-mina-cve-2024-52046-cvss-100.html ∗∗∗ Adobe warns of critical ColdFusion bug with PoC exploit code ∗∗∗ --------------------------------------------- Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-cold… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (containernetworking-plugins, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile:1.0.31, mpg123:1.32.9, pam, php:8.1, php:8.2, python3.11, python3.11-urllib3, python3.12, python3.9:3.9.21, skopeo, and unbound:1.16.2), Debian (intel-microcode), Fedora (python3-docs and python3.12), Mageia (emacs), Red Hat (podman), and SUSE (gdb, govulncheck-vulndb, libparaview5_12, mozjs115, mozjs78, and vhostmd). --------------------------------------------- https://lwn.net/Articles/1003381/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (sympa and tomcat), Red Hat (kernel), and SUSE (poppler). --------------------------------------------- https://lwn.net/Articles/1003462/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (fastnetmon, webkit2gtk, and xen), Fedora (sympa), Oracle (postgresql), and Red Hat (pcp, tigervnc, and xorg-x11-server and xorg-x11-server-Xwayland). --------------------------------------------- https://lwn.net/Articles/1003542/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (node-postcss), Fedora (age, dr_libs, incus, libxml2, moodle, and python-sql), and SUSE (poppler and python-grpcio). --------------------------------------------- https://lwn.net/Articles/1003601/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily