Daily

daily@lists.cert.at

1 participants
3153 discussions

Tageszusammenfassung - 12.02.2025
by Daily end-of-shift report 12 Feb '25

12 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-02-2025 18:00 − Mittwoch 12-02-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Kritische Sicherheitslücke: Hacker greifen vermehrt Owncloud-Instanzen an ∗∗∗ --------------------------------------------- Warum die Angriffe auf CVE-2023-49103 ausgerechnet jetzt zunehmen, ist unklar. Vor dem Hintergrund, dass mit Version 0.3.1 der Graphapi-App schon seit dem 1. September 2023 ein Patch zur Verfügung steht, bleibt außerdem fraglich, wie viele dieser Angriffe tatsächlich erfolgreich sind. --------------------------------------------- https://www.golem.de/news/patch-verfuegbar-kritische-owncloud-luecke-wird-v… ∗∗∗ Opensource-Sicherheitsplattform: Kritische Lücke in Wazuh erlaubte Codeschmuggel ∗∗∗ --------------------------------------------- Die kritische Lücke mit der CVE-ID CVE-2025-24016 (CVSS 9,9/10) klaffte in allen Wazuh-Versionen von 4.4.0 bis 4.9.0 und ist in Version 4.9.1 behoben. Derzeit aktuell ist Wazuh 4.10.1. Das Update erschien bereits im Oktober 2024 – war seinerzeit jedoch nicht als sicherheitskritisch markiert. --------------------------------------------- https://www.heise.de/-10279201 ∗∗∗ IQ-Tests im Internet - Vorsicht vor versteckten Kosten! ∗∗∗ --------------------------------------------- Wer einen IQ-Test machen möchte, stößt im Internet auf zahlreiche Angebote, die schnelle und unkomplizierte Ergebnisse versprechen. Doch hinter vielen dieser Tests verbergen sich versteckte Kostenhinweise, wodurch Nutzer:innen plötzlich in teure Abos geraten. Wir zeigen, woran man unseriöse IQ-Tests erkennt und was man tun kann, wenn bereits Geld abgebucht wurde. --------------------------------------------- https://www.watchlist-internet.at/news/iq-tests-im-internet-vorsicht-vor-ve… ∗∗∗ From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11 ∗∗∗ --------------------------------------------- This article discusses the vulnerabilities and notable characteristics introduced when Windows adopted libarchive to support additional archive file formats. --------------------------------------------- https://devco.re/blog/2025/02/12/from-convenience-to-contagion-the-half-day… ∗∗∗ ROPing our way to RCE ∗∗∗ --------------------------------------------- In red teaming engagements, simply finding an XSS or basic misconfiguration often isn’t enough, achieving RCE is the real deal. During one such assessment, we came across XiongMai’s uc-httpd, a lightweight web server used in countless IP cameras worldwide. According to Shodan, roughly 70k instances of this software are publicly exposed on the internet. Despite its history of severe vulnerabilities, no readily available exploit seemed to provide code execution, so I set out to build one. --------------------------------------------- https://modzero.com/en/blog/roping-our-way-to-rce/ ∗∗∗ How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132) ∗∗∗ --------------------------------------------- Technical details on a critical severity vulnerability (CVE-2024-0132) in NVIDIA Container Toolkit and GPU Operator, affecting cloud service providers. --------------------------------------------- https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132 ∗∗∗ Russian bulletproof hosting service Zservers sanctioned by US for LockBit coordination ∗∗∗ --------------------------------------------- A Russian service used to facilitate ransomware attacks by LockBit hackers has been sanctioned by U.S. authorities. --------------------------------------------- https://therecord.media/zservers-russia-bulletproof-hosting-us-uk-sanctions ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities ∗∗∗ --------------------------------------------- Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.” --------------------------------------------- https://blog.talosintelligence.com/february-patch-tuesday-release/ ∗∗∗ Dringend patchen: Gefährliche Schadcode-Lücken in Excel bedrohen Office-Nutzer ∗∗∗ --------------------------------------------- Die Sicherheitslücken betreffen alle gängigen Office-Versionen. Laut Microsoft ist auch das Vorschau-Panel ein möglicher Angriffsvektor. --------------------------------------------- https://www.golem.de/news/microsoft-office-fuenf-excel-luecken-lassen-angre… ∗∗∗ Adobe-Patchday: Schadcode-Sicherheitslücken gefährden Illustrator & Co. ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Commerce, InCopy, InDesign, Illustrator, Photoshop Elements, Substance 3D Designer und Substance 3D Stager gefährden PCs. Viele der Schwachstellen stuft Adobe als "kritisch" ein. --------------------------------------------- https://www.heise.de/-10279209 ∗∗∗ Fortinet: Angriffe auf Schwachstellen laufen, Updates für diverse Produkte ∗∗∗ --------------------------------------------- Die bereits attackierte Sicherheitslücke betrifft FortiOS und FortiProxy, Fortinet hat damit eine Sicherheitsmitteilung aus dem Januar aktualisiert. Die dreht sich um eine Umgehung der Authentifizierung im Node.js-Websocket-Modul (CVE-2024-55591, CVSS 9.6, Risiko "kritisch"). Neu hinzugekommen ist nun der Eintrag CVE-2025-24472, CVSS 8.1, "hohes" Risiko. [..] Auf der Seite des Fortinet-PSIRT stehen noch eine Menge weiterer Aktualisierungen für diverse Produkte bereit, unter anderem für FortiAnalyzer, FortiPAM, FortiSwitchManager, FortiClientMac, FortiClientWindows, FortiSandbox, FortiManager und so weiter. --------------------------------------------- https://www.heise.de/-10279425 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox, kernel, kernel-rt, tbb, and thunderbird), Debian (bind9, cacti, pam-pkcs11, and ruby2.7), Fedora (bind, bind-dyndb-ldap, chromium, crun, and java-21-openjdk), Mageia (calibre, nginx, python-ansible-core, python-jinja2, python-pip, python-setuptools, python-twisted, and python-waitress), Red Hat (doxygen, firefox, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, tbb, and thunderbird), SUSE (go1.24, govulncheck-vulndb, java-1_8_0-openj9, kernel, openssl-3, ovmf, python3-numpy, python311, python36, qemu, and skopeo), and Ubuntu (bluez and openssl). --------------------------------------------- https://lwn.net/Articles/1009177/ ∗∗∗ Apple Confirms ‘Extremely Sophisticated’ Exploit Threatening iOS Security ∗∗∗ --------------------------------------------- Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks. Update your iPhone/iPad now. --------------------------------------------- https://hackread.com/apple-extremely-sophisticated-exploit-ios-security/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.02.2025
by Daily end-of-shift report 11 Feb '25

11 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Montag 10-02-2025 18:00 − Dienstag 11-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Over 12,000 KerioControl firewalls exposed to exploited RCE flaw ∗∗∗ --------------------------------------------- Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-fir… ∗∗∗ US sanctions LockBit ransomware’s bulletproof hosting provider ∗∗∗ --------------------------------------------- The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomw… ∗∗∗ Russian military hackers deploy malicious Windows activators in Ukraine ∗∗∗ --------------------------------------------- The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. --------------------------------------------- https://www.bleepingcomputer.com/news/security/russian-military-hackers-dep… ∗∗∗ All your 8Base are belong to us: Ransomware crew busted in global sting ∗∗∗ --------------------------------------------- Dark web site seized, four cuffed in Thailand An international police operation spanning the US, Europe, and Asia has shuttered the 8Base ransomware crews dark web presence and resulted in the arrest of four European suspects accused of stealing $16 million from more than 1,000 victims worldwide. --------------------------------------------- https://www.theregister.com/2025/02/10/8base_police_arrrest/ ∗∗∗ Im a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice ∗∗∗ --------------------------------------------- Remote position, webcam not working, then glitchy AI face ... Red alert! Twice, over the past two months, Dawid Moczadło has interviewed purported job seekers only to discover that these "software developers" were scammers using AI-based tools — likely to get hired at a security company also using artificial intelligence, and then steal source code or other sensitive IP. --------------------------------------------- https://www.theregister.com/2025/02/11/it_worker_scam/ ∗∗∗ Sicherheitsupdates Zimbra: Angreifer können Metadaten von E-Mails auslesen ∗∗∗ --------------------------------------------- Die Zimbra-Entwickler haben unter anderem mindestens eine kritische Lücke in der E-Mail- und Groupwarelösung geschlossen. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Zimbra-Angreifer-koennen-Metad… ∗∗∗ Hugging Face: Bösartige ML-Modelle auf Entwicklungsplattform aufgedeckt ∗∗∗ --------------------------------------------- Auf der KI-Entwicklungsplattform Hugging Face haben IT-Forscher bösartige ML-Modelle entdeckt. Angreifer könnten damit Befehle einschleusen. --------------------------------------------- https://www.heise.de/news/Hugging-Face-Boesartige-ML-Modelle-auf-Entwicklun… ∗∗∗ PCI DSS. Where to start? ∗∗∗ --------------------------------------------- TL;DR Determine your role: Merchant or service provider Determine your level and requirements Identify your validation method: SAQ or RoC Use the PCI website .. --------------------------------------------- https://www.pentestpartners.com/security-blog/pci-dss-where-to-start/ ∗∗∗ Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence ∗∗∗ --------------------------------------------- Alabama native Eric Council Jr. confessed to taking over the Securities and Exchange Commissions account and posting false information that caused the price of bitcoin to swing wildly. --------------------------------------------- https://therecord.media/hacker-hijacked-sec-account-maximum ∗∗∗ SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers ∗∗∗ --------------------------------------------- SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks. --------------------------------------------- https://hackread.com/systembc-rat-targets-linux-ransomware-infostealers/ ∗∗∗ Cisco Rejects Kraken Ransomware’s Data Breach Claims ∗∗∗ --------------------------------------------- Cisco denies recent data breach claims by the Kraken ransomware group, stating leaked credentials are from a resolved 2022 incident. Learn more about Ciscos response and the details of the original attack. --------------------------------------------- https://hackread.com/cisco-rejects-kraken-ransomware-data-breach-claim/ ∗∗∗ !exploitable Episode One - Breaking IoT ∗∗∗ --------------------------------------------- For our last company retreat, the Doyensec team went on a cruise along the coasts of the Mediterranean Sea. As amazing as each stop was, us being geeks, we had to break the monotony of daily pool parties with some much-needed hacking sessions. Luca and John, our chiefs, came to the rescue with three challenges chosen to .. --------------------------------------------- https://blog.doyensec.com/2025/02/11/exploitable-iot.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim). --------------------------------------------- https://lwn.net/Articles/1008966/ ∗∗∗ Zahlreiche Schwachstellen in Wattsense Bridge ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachste… ∗∗∗ February Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/february-security-update -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.02.2025
by Daily end-of-shift report 10 Feb '25

10 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-02-2025 18:00 − Montag 10-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft raises rewards for Copilot AI bug bounty program ∗∗∗ --------------------------------------------- Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-fo… ∗∗∗ Malware from fake recruiters ∗∗∗ --------------------------------------------- Fake recruiters are currently on the hunt for CVs – and also your data. Reports have emerged about malware being put into work assignments that supposedly test a candidate’s technical skills. --------------------------------------------- https://www.gdatasoftware.com/blog/2025/02/38143-malware-fake-recruiters ∗∗∗ Cybersicherheit: OpenAI-Benutzerdatenbank angeblich gehackt ∗∗∗ --------------------------------------------- Im Darknet sind Hinweise veröffentlicht worden, dass die Benutzerdatenbank von OpenAI angeblich gehackt worden sei. Es gibt aber Zweifel. --------------------------------------------- https://www.golem.de/news/cybersicherheit-openai-benutzerdatenbank-angeblic… ∗∗∗ Reminder: 7-Zip & MoW, (Mon, Feb 10th) ∗∗∗ --------------------------------------------- CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn't propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not have the MoW propagated from the outer ZIP file. --------------------------------------------- https://isc.sans.edu/forums/diary/Reminder+7Zip+MoW/31668/ ∗∗∗ Server Attack Stops the Presses at US Newspaper Chain ∗∗∗ --------------------------------------------- They publish 77 newspapers in 26 U.S. states, according to Wikipedia. But this week a "cybersecurity event" at the newspapers parent company "disrupted systems and networks," according to an article at one of their news sites which quotes an email sent to employees by the publishing companys CEO. "We have notified law enforcement of .. --------------------------------------------- https://news.slashdot.org/story/25/02/10/0614233/server-attack-stops-the-pr… ∗∗∗ Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores ∗∗∗ --------------------------------------------- Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.Website security company Sucuri said the code, while appearing to be a typical GTM and .. --------------------------------------------- https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html ∗∗∗ Anonymisierendes Linux: Tails 6.12 schließt Deanonymisierungs-Lücke ∗∗∗ --------------------------------------------- Sicherheitslücken in der anonymisierenden Linux-Distribution Tails erlauben Angreifern die Deanonymisierung von Nutzern. Tails 6.12 stoppt das. --------------------------------------------- https://www.heise.de/news/Anonymisierendes-Linux-Tails-6-12-schliesst-Deano… ∗∗∗ Teen on Musk’s DOGE Team Graduated from ‘The Com’ ∗∗∗ --------------------------------------------- Wired reported this week that a 19-year-old working for Elon Musks so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As todays story explores, the DOGE teen is a .. --------------------------------------------- https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-graduated-from-… ∗∗∗ Millionen Thermomix-Nutzer von Datenleck betroffen ∗∗∗ --------------------------------------------- Im Darknet werden bei Rezeptwelt.de erbeutete Daten zum Verkauf angeboten. Die Lücke wurde geschlossen, der Hersteller warnt aber vor anderen Konsequenzen --------------------------------------------- https://www.derstandard.at/story/3000000256481/millionen-thermomix-nutzer-v… ∗∗∗ Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t ∗∗∗ --------------------------------------------- Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification .. --------------------------------------------- https://blog.talosintelligence.com/small-praise-for-modern-compilers-a-case… ∗∗∗ Teen Hacker “Natohub” Caught for NATO, UN, and US Army Breaches ∗∗∗ --------------------------------------------- A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a “dangerous hacker” suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally. --------------------------------------------- https://hackread.com/teen-hacker-natohub-caught-nato-un-us-army-breach/ ∗∗∗ Scammers Use Fake Facebook Copyright Notices to Hijack Accounts ∗∗∗ --------------------------------------------- A new phishing campaign is targeting businesses with fake Facebook copyright notices. Learn how to spot the signs and keep your Facebook account secure. --------------------------------------------- https://hackread.com/scammers-use-fake-facebook-copyright-notices-to-hijack… ∗∗∗ Be Skeptical of All Code - Not Just the Funny Stuff ∗∗∗ --------------------------------------------- Should you be more skeptical of code that is a “self-admitted keylogger” than code that purports to be useful? I’m not so sure. --------------------------------------------- https://eieio.games/blog/be-skeptical-of-all-code-not-just-the-funny-stuff/ ∗∗∗ Obsidian Publish Directory Enumeration ∗∗∗ --------------------------------------------- I have been using Obsidian for a while now. It is a great tool for organizing my life. My daily TODO lists, project boards, notes for school and research, and the occasional journal are all stored in .. --------------------------------------------- https://ezrizhu.com/blog/obsidian-dir-enum ∗∗∗ New OG Spoof Toolkit Manipulates Social Media Links for Cybercrime ∗∗∗ --------------------------------------------- Cyble Research and Intelligence Labs (CRIL) highlighted the growing misuse of the Open Graph Spoofing Toolkit, a dangerous tool designed to manipulate Open Graph Protocol metadata to trick users into clicking on harmful links. This exploitation of OG tags is a serious concern, as it opens the door to a wide range of phishing attacks that target social .. --------------------------------------------- https://thecyberexpress.com/open-graph-spoofing-toolkit-phishing-attacks/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, .. --------------------------------------------- https://lwn.net/Articles/1008829/ ∗∗∗ Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software ∗∗∗ --------------------------------------------- CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/02/07/trimble-releases-securit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2025
by Daily end-of-shift report 07 Feb '25

07 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-02-2025 18:00 − Freitag 07-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DeepSeek Phishing Sites Pursue User Data, Crypto Wallets ∗∗∗ --------------------------------------------- Riding the wave of notoriety from the Chinese companys R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases. --------------------------------------------- https://www.darkreading.com/cyber-risk/deepseek-phishing-sites-pursue-user-… ∗∗∗ Ohne Nutzerinteraktion: Kritische Outlook-Lücke wird aktiv ausgenutzt ∗∗∗ --------------------------------------------- Die Sicherheitslücke ermöglicht es Angreifern, durch per E-Mail verschickte und speziell gestaltete Hyperlinks Schadcode auszuführen. --------------------------------------------- https://www.golem.de/news/ohne-nutzerinteraktion-kritische-outlook-luecke-w… ∗∗∗ SSL 2.0 turns 30 this Sunday... Perhaps the time has come to let it die? ∗∗∗ --------------------------------------------- The SSL 2.0 protocol was originally published back in February of 1995[1], and although it was quickly found to have significant security weaknesses, and a more secure alternative was released only a year later, it still received a fairly wide adoption. --------------------------------------------- https://isc.sans.edu/diary/SSL+20+turns+30+this+Sunday+Perhaps+the+time+has… ∗∗∗ Screenshot-Reading Malware ∗∗∗ --------------------------------------------- Kaspersky is reporting on a new type of smartphone malware.The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky .. --------------------------------------------- https://www.schneier.com/blog/archives/2025/02/screenshot-reading-malware.h… ∗∗∗ Britische Regierung erzwingt Zugriff auf Apples verschlüsselte Cloud-Daten ∗∗∗ --------------------------------------------- Der Investigatory Powers Act wurde von Apple bereits öffentlich kritisiert. Nun hätten britische Sicherheitsbehörden gerne Zugriff auf Daten aller iCloud-User. --------------------------------------------- https://www.heise.de/news/Britische-Regierung-erzwingt-Zugriff-auf-Apples-v… ∗∗∗ BSI-Analyse von Nextcloud: Zwei-Faktor-Authentifizierung war angreifbar ∗∗∗ --------------------------------------------- Eine Codeanalyse des BSI förderte Schwachstellen in Nextcloud Server zutage. Unter anderem ließ sich die Zwei-Faktor-Authentifizierung umgehen. --------------------------------------------- https://www.heise.de/news/BSI-Analyse-von-Nextcloud-Zwei-Faktor-Authentifiz… ∗∗∗ 20 Million OpenAI accounts offered for sale ∗∗∗ --------------------------------------------- A cybercriminal calling themselves emirking is offering 20 million OpenAI accounts for sale on a Dark Web forum --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/02/20-million-openai-accounts-o… ∗∗∗ ICS testing best results. Hint: Blend your approach ∗∗∗ --------------------------------------------- TL;DR Onsite ICS testing is risk averse Laboratory ICS device testing uncovers more A blended approach is key How that works Demonstrable benefits Introduction For safety’s sake onsite ICS .. --------------------------------------------- https://www.pentestpartners.com/security-blog/ics-testing-best-results-hint… ∗∗∗ US-Abgeordnete wollen Deepseek verbieten, Sicherheitsforscher warnen vor App ∗∗∗ --------------------------------------------- Parteienübergreifender Antrag will Nutzung auf Regierungsgeräten untersagen. Forscher fällen vernichtendes Urteil zur Sicherheit und finden problematische Datenübertragungen an mehrere chinesische Firmen --------------------------------------------- https://www.derstandard.at/story/3000000256396/us-abgeordnete-wollen-deepse… ∗∗∗ Vier italienische Aktivisten für Seerettung im Visier von Paragon-Spyware-Attacke ∗∗∗ --------------------------------------------- Vizepremier Salvini will in Israel Informationen über den Fall sammeln. Der Angriff erfolgte über Sicherheitslücke in Whatsapp --------------------------------------------- https://www.derstandard.at/story/3000000256452/vier-italienische-aktivisten… ∗∗∗ Chinese-Speaking Group Manipulates SEO with BadIIS ∗∗∗ --------------------------------------------- This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/b/chinese-speaking-group-manip… ∗∗∗ Urteil: TLS-Verschlüsselung bei E-Mail-Rechnungen an Privatkunden zu wenig? ∗∗∗ --------------------------------------------- Der Fall einer per E-Mail geschickten Privatkunden-Rechnung, die von Kriminellen manipuliert wurde, wanderte vor Gericht. Der Knackpunkt: die Verschlüsselung. --------------------------------------------- https://heise.de/-10274040 ∗∗∗ Taiwan’s DeepSeek Ban Reflects Global Concerns Over AI Security ∗∗∗ --------------------------------------------- The Taiwan government’s recent decision to implement a ban on the use of the DeepSeek artificial intelligence chatbot within its public sector has drawn significant attention to the growing global concerns regarding .. --------------------------------------------- https://thecyberexpress.com/taiwans-deepseek-ban/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc). --------------------------------------------- https://lwn.net/Articles/1008502/ ∗∗∗ [R2] Tenable Identity Exposure Version 3.77.8 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2025
by Daily end-of-shift report 06 Feb '25

06 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-02-2025 18:00 − Donnerstag 06-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ransomware payments declined in 2024 despite massive well-known hacks ∗∗∗ --------------------------------------------- Amount paid by victims to hackers declined by hundreds of millions of dollars. --------------------------------------------- https://arstechnica.com/security/2025/02/ransomware-payments-declined-in-20… ∗∗∗ Cisco Anyconnect: Hacker klonen Webseite der TU Dresden und verbreiten Malware ∗∗∗ --------------------------------------------- Mutmaßlich russische Angreifer wollten Nutzern von Cisco Anyconnect eine Malware unterjubeln. Mit einem Trick sollte die Masche unentdeckt bleiben. --------------------------------------------- https://www.golem.de/news/cisco-anyconnect-hacker-klonen-webseite-der-tu-dr… ∗∗∗ Scalable Vector Graphics files pose a novel phishing threat ∗∗∗ --------------------------------------------- The SVG file format can harbor malicious HTML, scripts, and malware --------------------------------------------- https://news.sophos.com/en-us/2025/02/05/svg-phishing/ ∗∗∗ Cisco stopft Sicherheitslücken in mehreren Produkten – auch kritische ∗∗∗ --------------------------------------------- In mehreren Produkten hat Cisco Sicherheitslücken entdeckt und warnt in Sicherheitsmitteilungen davor. Updates stehen bereit. --------------------------------------------- https://www.heise.de/news/Cisco-stopft-Sicherheitsluecken-in-mehreren-Produ… ∗∗∗ Thailand cuts power supply to Myanmar scam hubs ∗∗∗ --------------------------------------------- "It’s time to take decisive action,” Prime Minister Paethongthan Shinawatra said about Thailands move to cut off electricity from scam compounds in Myanmar border areas. --------------------------------------------- https://therecord.media/thailand-cuts-power-scam-compounds-myanmar ∗∗∗ U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report ∗∗∗ --------------------------------------------- The number of zero-day vulnerabilities the government disclosed to vendors to be fixed, rather than keep them secret to exploit, comes out to about three a month. But the figure could rise dramatically under the Trump .. --------------------------------------------- https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnera… ∗∗∗ Network security fundamentals ∗∗∗ --------------------------------------------- How to design, use, and maintain secure networks. --------------------------------------------- https://www.ncsc.gov.uk/guidance/network-security-fundamentals ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7). --------------------------------------------- https://lwn.net/Articles/1008275/ ∗∗∗ OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-013 ∗∗∗ 2025-02-06: Cyber Security Advisory - Hard-coded credentials in ASPECT Energy Management System ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&Lan… ∗∗∗ CISA Releases Six Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/02/06/cisa-releases-six-indust… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2025
by Daily end-of-shift report 05 Feb '25

05 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-02-2025 18:00 − Mittwoch 05-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Kosteneinsparungen: Lets Encrypt stellt Ablaufwarnungen für Zertifikate ein ∗∗∗ --------------------------------------------- Ab Juni erinnert Lets Encrypt nicht mehr an ablaufende Zertifikate. Administratoren wird empfohlen, auf alternative Dienste umzusteigen. --------------------------------------------- https://www.golem.de/news/kosteneinsparungen-let-s-encrypt-stellt-ablaufwar… ∗∗∗ Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge ∗∗∗ --------------------------------------------- International security squads all focus on stopping baddies busting in through routers, IoT kit etc Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers. --------------------------------------------- https://www.theregister.com/2025/02/05/netgear_fixes_critical_bugs_while/ ∗∗∗ In eigener Sache, wir stellen ein: System-Administrator:in (m/w/d - Vollzeit - Wien) ∗∗∗ --------------------------------------------- Für die Betreuung unserer Informations- und Kommunikationstechnik suchen wir eine/n System-Administrator:in mit Fachwissen im Bereich IT- und Netzwerk-Security. --------------------------------------------- https://www.cert.at/de/ueber-uns/jobs/ ∗∗∗ 7-Zip: Mark-of-the-Web-Lücke wurde von Angreifern missbraucht ∗∗∗ --------------------------------------------- Die kürzlich gemeldete Mark-of-the-Web-Schwachstelle in 7-Zip wurde von Angreifern in freier Wildbahn für Schadcode-Schmuggel missbraucht. --------------------------------------------- https://www.heise.de/news/7-Zip-Mark-of-the-Web-Luecke-wurde-von-Angreifern… ∗∗∗ Support ausgelaufen: Keine Sicherheitsupdates mehr für attackierte Zyxel-Router ∗∗∗ --------------------------------------------- Derzeit hat es eine Mirai-Botnet-Malware auf bestimmte Routermodelle von Zyxel abgesehen. Weil der Support ausgelaufen ist, müssen Admins jetzt handeln. --------------------------------------------- https://www.heise.de/news/Support-ausgelaufen-Keine-Sicherheitsupdates-mehr… ∗∗∗ Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? ∗∗∗ --------------------------------------------- The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet .. --------------------------------------------- https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-n… ∗∗∗ Secure sanitisation and disposal of storage media ∗∗∗ --------------------------------------------- How to ensure data cannot be recovered from electronic storage media. --------------------------------------------- https://www.ncsc.gov.uk/guidance/secure-sanitisation-storage-media ∗∗∗ Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials ∗∗∗ --------------------------------------------- A global phishing campaign is actively exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication (MFA), targeting over 150 organizations. --------------------------------------------- https://hackread.com/hackers-fake-microsoft-adfs-login-pages-steal-credenti… ∗∗∗ Banking Malware Uses Live Numbers to Hijack OTPs, Targeting 50,000 Victims ∗∗∗ --------------------------------------------- A banking malware campaign using live phone numbers to redirect SMS messages has been identified by the zLabs research team, uncovering 1,000+ malicious apps and 2.5GB of exposed data. --------------------------------------------- https://hackread.com/banking-malware-live-numbers-hijack-otp-50000-victims/ ∗∗∗ Preventing account takeover on centralized cryptocurrency exchanges in 2025 ∗∗∗ --------------------------------------------- This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes. --------------------------------------------- https://blog.trailofbits.com/2025/02/05/preventing-account-takeover-on-cent… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple vulnerabilities in Defense Platform Home Edition ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN66673020/ ∗∗∗ Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Secure Web Appliance Range Request Bypass Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Expressway Series Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.02.2025
by Daily end-of-shift report 04 Feb '25

04 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Montag 03-02-2025 18:00 − Dienstag 04-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 7-Zip MotW bypass exploited in zero-day attacks against Ukraine ∗∗∗ --------------------------------------------- A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. --------------------------------------------- https://www.bleepingcomputer.com/news/security/7-zip-motw-bypass-exploited-… ∗∗∗ Beyond the Chatbot: Meta Phishing with Fake Live Support ∗∗∗ --------------------------------------------- In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals exploit Facebook Messenger chatbots to execute social engineering attacks, deceiving users into falling victim to scams and phishing schemes. These attacks .. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/beyond-the-… ∗∗∗ Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden ∗∗∗ --------------------------------------------- An investigation into more than 300 cyberattacks against US K–12 schools over the past five years shows how schools can withhold crucial details from students and parents whose data was stolen. --------------------------------------------- https://www.wired.com/story/meet-the-hired-guns-who-make-sure-school-cybera… ∗∗∗ Lets Encrypt: 6-Tage-Zertifikate, keine Ablauf-Nachrichten zu Zertifikaten mehr ∗∗∗ --------------------------------------------- Lets Encrypt sieht einige Änderungen vor: Zertifikate mit sechs Tagen Laufzeit kommen neu hinzu. Zertifikat-Ablauf-Nachrichten fallen weg. --------------------------------------------- https://www.heise.de/news/Let-s-Encrypt-Ende-von-Zertifikat-Ablauf-Nachrich… ∗∗∗ A tale of enumeration, and why pen testing can’t be automated ∗∗∗ --------------------------------------------- TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames .. --------------------------------------------- https://www.pentestpartners.com/security-blog/a-tale-of-enumeration-and-why… ∗∗∗ Practice being punched in the face. The realities of incident response preparation ∗∗∗ --------------------------------------------- “Everyone has a plan until they get punched in the face.” This Mike Tyson boxing quote perfectly encapsulates the chaos of a cybersecurity breach. TL;DR Accept that your organisation may .. --------------------------------------------- https://www.pentestpartners.com/security-blog/practice-being-punched-in-the… ∗∗∗ Neue Masche mit gefälschtem Post-Käuferschutz bei Kleinanzeigen ∗∗∗ --------------------------------------------- Kriminelle geben sich auf Kleinanzeigenplattformen als Kaufinteressierte aus und täuschen vor, Ihr Produkt über den Post Käuferschutz bezahlen zu wollen. Sie locken Sie auf eine gefälschte Zahlungsplattform, wo Sie Ihre Kreditkartendaten eingeben sollen, um die Zahlung zu bestätigen. Tatsächlich geben Sie aber eine Zahlung frei und .. --------------------------------------------- https://www.watchlist-internet.at/news/neue-masche-mit-gefaelschtem-post-ka… ∗∗∗ Stealers on the Rise: A Closer Look at a Growing macOS Threat ∗∗∗ --------------------------------------------- Atomic Stealer, Poseidon Stealer and Cthulhu Stealer target macOS. We discuss their various properties and examine leverage of the AppleScript framework. --------------------------------------------- https://unit42.paloaltonetworks.com/macos-stealers-growing/ ∗∗∗ Law Enforcement disrupts Major Spam Delivery Service ∗∗∗ --------------------------------------------- “The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often .. --------------------------------------------- https://www.truesec.com/hub/blog/law-enforcement-disrupts-major-spam-delive… ∗∗∗ Hackers Hide Malware in Fake DeepSeek PyPI Packages ∗∗∗ --------------------------------------------- Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself. --------------------------------------------- https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/ ∗∗∗ CVE-2023-6080: A Case Study on Third-Party Installer Abuse ∗∗∗ --------------------------------------------- Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Softwares SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access to a system running the vulnerable version of SysTrack .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-thir… ∗∗∗ CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices ∗∗∗ --------------------------------------------- CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-partners-asds-acsc-… ∗∗∗ 8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur ∗∗∗ --------------------------------------------- Surprise surprise, weve done it again. Weve demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, .. --------------------------------------------- https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-… ∗∗∗ Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence ∗∗∗ --------------------------------------------- Socket researchers have discovered a malicious typosquat package in the Go ecosystem, impersonating the widely used BoltDB database module (github.com/boltdb/bolt), a tool trusted by many organizations including Shopify and Heroku. The BoltDB package is widely adopted within the Go ecosystem, with 8,367 other packages depending on it. Its extensive .. --------------------------------------------- https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-17), Fedora (chromium, fastd, ovn, and yq), Mageia (libxml2 and redis), Oracle (gstreamer1-plugins-base, gstreamer1-plugins-good), Red Hat (buildah, bzip2, galera, mariadb, grafana, keepalived, libsoup, mariadb:10.11, mariadb:10.5, mingw-glib2, podman, python-jinja2, and rsync), SUSE (bind, ignition, .. --------------------------------------------- https://lwn.net/Articles/1007886/ ∗∗∗ Synology-SA-25:01 DSM (PWN2OWN 2024) ∗∗∗ --------------------------------------------- A vulnerability allows man-in-the-middle attackers to hijack the authentication of administrators.The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25487) has been addressed. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_25_01 ∗∗∗ CISA Releases Nine Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released nine Industrial Control Systems (ICS) advisories on February 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-035-01 Western Telematic Inc NPS Series, DSM Series, CPM SeriesICSA-25-035-02 Rockwell Automation 1756-L8zS3 and 1756-L3 and 1756-L3ICSA-25-035-03 .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-releases-nine-indus… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 135 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird ESR 128.7 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/ ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 128.7 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/ ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 115.20 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-08/ ∗∗∗ Security Vulnerabilities fixed in Firefox 135 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/ ∗∗∗ Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.02.2025
by Daily end-of-shift report 03 Feb '25

03 Feb '25

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-01-2025 18:00 − Montag 03-02-2025 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ DeepSeek AI tools impersonated by infostealer malware on PyPI ∗∗∗ --------------------------------------------- Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. --------------------------------------------- https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonat… ∗∗∗ DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot ∗∗∗ --------------------------------------------- Security researchers tested 50 well-known jailbreaks against DeepSeek’s popular new AI chatbot. It didn’t stop a single one. --------------------------------------------- https://www.wired.com/story/deepseeks-ai-jailbreak-prompt-injection-attacks/ ∗∗∗ What Cybersecurity Can Teach Us About the Human Body ∗∗∗ --------------------------------------------- Understanding cybersecurity can sometimes feel like steering a maze of technical terms and complex systems. But a recent infographic shared by @yanabantai on X (formerly Twitter) has made it simpler, offering a fresh perspective by comparing cybersecurity to the human body. --------------------------------------------- https://thecyberexpress.com/cybersecurity-about-the-human-body/ ∗∗∗ Erstmals leicht sinkende Tendenz bei Anzeigen zur Cyberkriminalität ∗∗∗ --------------------------------------------- Wenn in den nächsten Wochen die Kriminalstatistik veröffentlicht wird, ist von einer Trendumkehr bei Cybercrime auszugehen. Erstmals wird es in diesem Bereich einen leichten Rückgang bei den Anzeigen 2024 im Vergleich zu 2023 geben. --------------------------------------------- https://www.derstandard.at/story/3000000255493/erstmals-leicht-sinkende-ten… ∗∗∗ Phishing-Fallen: Wiener Polizei sucht Täter mittels Fahndungsfotos ∗∗∗ --------------------------------------------- Mit einer SMS und gefälschten Banken-Website wurden mehrere Menschen in Österreich in die Falle gelockt und bestohlen. [..] Mit Bildern aus Überwachungskameras jener Bankautomaten, wo Geld von den Opfern behoben wurde, wird nun nach den Verdächtigen gesucht. Die Fotos sind auf der Website der Polizei zu sehen. --------------------------------------------- https://futurezone.at/digital-life/phishing-wien-polizei-oesterreich-foto-b… ∗∗∗ Hacker nutzen Google Gemini für Cyber-Angriffe ∗∗∗ --------------------------------------------- Kriminelle nutzen Googles Künstliche Intelligenz Gemini für Cyberangriffe, Phishing und Spionage. [..] Die Hacker nutzen Gemini derzeit zwar nicht, um neue kriminelle Methoden ausfindig zu machen, aber um bestehende zu verbessern. --------------------------------------------- https://futurezone.at/digital-life/google-gemini-hacker-cyber-angriffe-iran… ∗∗∗ 1-Click Phishing Campaign Targets High-Profile X Accounts ∗∗∗ --------------------------------------------- In an attack vector thats been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims. --------------------------------------------- https://www.darkreading.com/endpoint-security/one-click-phishing-campaign-h… ∗∗∗ Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware ∗∗∗ --------------------------------------------- This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised. --------------------------------------------- https://www.schneier.com/blog/archives/2025/02/journalists-and-civil-societ… ∗∗∗ Further Adventures With CMPivot — Client Coercion ∗∗∗ --------------------------------------------- CMPivot queries can be used to coerce SMB authentication from SCCM client hosts. --------------------------------------------- https://posts.specterops.io/further-adventures-with-cmpivot-client-coercion… ∗∗∗ CVE-2023-6080: A Case Study on Third-Party Installer Abuse ∗∗∗ --------------------------------------------- Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Softwares SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access to a system running the vulnerable version of SysTrack could escalate privileges locally. [..] August 7, 2024 - Confirmed vulnerability fixed in version 11.0 --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-thir… ∗∗∗ OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines ∗∗∗ --------------------------------------------- Implementing Kubernetes securely can be a daunting task. Fortunately, there are tools in the K8s toolshed that provide out-of-the-box solutions using a single click. One such tools is OPA Gatekeeper. It is a great out-of-the-box security checkpoint to enforce security policies on Kubernetes. But are users using it correctly? Do they understand its limitations? Our new research says not necessarily! --------------------------------------------- https://blog.aquasec.com/opa-gatekeeper-bypass-reveals-risks-in-kubernetes-… ∗∗∗ Stronger Than Ever: How We Turned a DDoS Attack Into a Lesson in Resilience ∗∗∗ --------------------------------------------- We were subjected to several attempted DDoS attacks, and the first cohort didn't even raise an alarm, but on the 23rd Jan, we noticed the first impact. [..] Maybe you and your organisation will face a similar issue in the future and you can be more aware of the ransom scam, maybe the lessons we learned here are something you can use to avoid similar issues of your own in the future, or maybe this blog post was just an interesting read for you. --------------------------------------------- https://scotthelme.ghost.io/stronger-than-ever-how-we-turned-a-ddos-attack-… ∗∗∗ Vulnerability & Patch Roundup — January 2025 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. --------------------------------------------- https://blog.sucuri.net/2025/01/vulnerability-patch-roundup-january-2025.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Zahlreiche Lücken gefährden Backup-Appliances von Dell ∗∗∗ --------------------------------------------- Admins, die Backups mit Dells PowerProtect managen, sollten aus Sicherheitsgründen aktuelle Versionen von Data Domain Operating System (DD OS) installieren. Geschieht das nicht, können Angreifer Systeme vollständig kompromittieren. --------------------------------------------- https://www.heise.de/-10267578 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (git-lfs, libsoup, and unbound), Debian (dcmtk, ffmpeg, openjdk-11, pam-u2f, and python-aiohttp), Fedora (buku, chromium, jpegxl, nodejs18, nodejs20, and rust-routinator), Mageia (clamav, kernel, kmod-virtualbox, kmod-xtables-addons & dwarves, and kernel-linus), SUSE (apptainer, bind, buildah, chromedriver, clamav, dovecot24, ignition, kubelogin, libjxl, libQt5Bluetooth5-32bit, orc, owasp-modsecurity-crs, python-pydantic, python311-ipython, and stb), and Ubuntu (linux-azure and netdata). --------------------------------------------- https://lwn.net/Articles/1007646/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2025
by Daily end-of-shift report 31 Jan '25

31 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-01-2025 18:00 − Freitag 31-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) ∗∗∗ --------------------------------------------- Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access .. --------------------------------------------- https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-… ∗∗∗ Infrastructure Laundering: Blending in with the Cloud ∗∗∗ --------------------------------------------- In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services. --------------------------------------------- https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-w… ∗∗∗ Operation "Talent" nimmt weltgrößte Plattformen für Cyberkriminalität vom Netz ∗∗∗ --------------------------------------------- Bei einer internationalen Aktion wurden die Cracking-Foren nulled.to und cracked.io vom Netz genommen --------------------------------------------- https://www.derstandard.at/story/3000000255412/operation-talent-nimmt-weltg… ∗∗∗ Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek ∗∗∗ --------------------------------------------- Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content. --------------------------------------------- https://unit42.paloaltonetworks.com/jailbreaking-deepseek-three-techniques/ ∗∗∗ On hackers, hackers, and hilarious misunderstandings ∗∗∗ --------------------------------------------- "Hacker", as we in the bizz know well, carries different meanings for different people, and this can cause hilarious misunderstandings. Yesterday, the Polish TV network TVN aired the second part of an ongoing documentary about issues in NEWAG trains that were analyzed by Dragon Sector. Near the end, the documentary featured a recording .. --------------------------------------------- https://gynvael.coldwind.pl/?id=799 ∗∗∗ Cyberangriffe auf SimpleHelp RMM beobachtet ∗∗∗ --------------------------------------------- In SimepleHelp RMM missbrauchen Angreifer Sicherheitslücken, um Netzwerke zu kompromittieren. Updates stehen bereit. --------------------------------------------- https://heise.de/-10265414 ∗∗∗ The Slow Death of OCSP ∗∗∗ --------------------------------------------- Everybody is talking about OCSP now because, just last month, at the end of 2024, Let’s Encrypt announced it was going to stop supporting online certificate revocation checking. Beginning in early May 2025, there will no longer be any OCSP revocation information in Let’s Encrypt’s certificates. Once all its earlier certificates expire, Let’s Encrypt will shut down its OCSP servers. --------------------------------------------- https://www.feistyduck.com/newsletter/issue_121_the_slow_death_of_ocsp ∗∗∗ PyPI’s New Archival Feature Closes a Major Security Gap ∗∗∗ --------------------------------------------- A major security improvement has landed on PyPI: maintainers can now archive projects, making it clear when a package is no longer actively maintained. This long-awaited feature, developed by Trail of Bits and funded by Alpha-Omega, helps developers make informed decisions about dependencies while protecting the Python ecosystem from risks associated .. --------------------------------------------- https://socket.dev/blog/pypi-adds-support-for-archiving-projects ∗∗∗ VMware Aria Vulnerabilities Addressed ∗∗∗ --------------------------------------------- VMware Security Advisory VMSA-2025-0003 addresses multiple vulnerabilities identified in VMware Aria Operations for Logs and VMware Aria Operations. These vulnerabilities, if exploited, could allow attackers to .. --------------------------------------------- https://thecyberthrone.in/2025/01/31/vmware-aria-vulnerabilities-addressed/ ∗∗∗ DeepSeek’s Popularity Sparks Surge in Crypto Phishing and Malware Campaigns ∗∗∗ --------------------------------------------- The rapid rise of DeepSeek, a Chinese artificial intelligence company known for its open-source large language models (LLMs), has sparked not only excitement but also a significant increase in cyber threats. As of January 2025, the company launched its first free chatbot app, “DeepSeek – AI Assistant,” which quickly became the most downloaded .. --------------------------------------------- https://thecyberexpress.com/deepseeks-surge-sparks-malware-campaigns/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (libsoup), Debian (debian-security-support and redis), Fedora (expat, java-21-openjdk, lemonldap-ng, and phpMyAdmin), Mageia (chromium-browser-stable and git-lfs), Oracle (bzip2, git-lfs, libsoup, mariadb:10.11, mariadb:10.5, python-jinja2, redis, and unbound), Red Hat (git-lfs, libsoup, python-jinja2, .. --------------------------------------------- https://lwn.net/Articles/1007252/ ∗∗∗ VU#733789: ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit" ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/733789 ∗∗∗ ZDI-25-060: Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-060/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2025
by Daily end-of-shift report 30 Jan '25

30 Jan '25

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-01-2025 18:00 − Donnerstag 30-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ No need to RSVP: a closer look at the Tria stealer campaign ∗∗∗ --------------------------------------------- Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail. --------------------------------------------- https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/… ∗∗∗ Exposed DeepSeek Database Revealed Chat Prompts and Internal Data ∗∗∗ --------------------------------------------- China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database. --------------------------------------------- https://www.wired.com/story/exposed-deepseek-database-revealed-chat-prompts… ∗∗∗ Europol warnt vor gefälschten Medikamenten in Online-Angeboten ∗∗∗ --------------------------------------------- Europol hat 2024 Medikamente im Wert von rund 11,1 Millionen Euro beschlagnahmt. Sie waren gefälscht und für den Online-Handel vorgesehen. --------------------------------------------- https://www.heise.de/news/Europol-warnt-vor-gefaelschten-Medikamenten-in-On… ∗∗∗ Warten auf Patch: Das Admin-Interface Voyager für Laravel-Apps ist verwundbar ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen vor möglichen Attacken auf Voyager. Bislang haben sich die Entwickler zu den Sicherheitslücken nicht geäußert. --------------------------------------------- https://www.heise.de/news/Warten-auf-Patch-Das-Admin-Interface-Voyager-fuer… ∗∗∗ Linux-related discussion as a cybersecurity threat ∗∗∗ --------------------------------------------- Starting on January 19, 2025 Facebooks internal policy makers decided that Linux is malware and labeled groups associated with Linux as being "cybersecurity threats". Any posts mentioning DistroWatch and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed. Weve been hearing all week .. --------------------------------------------- https://lwn.net/Articles/1006328/ ∗∗∗ Betrugswelle auf Facebook: Gefälschte Lagerabverkäufe von Hofer und Zara ∗∗∗ --------------------------------------------- Aktuell kursieren auf Facebook Postings, die angeblich von bekannten Marken stammen und mit einem Lagerabverkauf werben. Nutzer:innen wird suggeriert, dass Unternehmen wie Hofer oder Zara kostenlose Kaffeemaschinen oder Geschenkboxen zu Sonderpreisen verschenken. Doch Vorsicht: Es handelt sich um gefälschte Angebote von Kriminellen, die es nur auf Kreditkartendaten abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/betrugswelle-auf-facebook-gefaelscht… ∗∗∗ Risikobild 2025 ∗∗∗ --------------------------------------------- Das österreichische Verteidigungsministerium präsentierte am 27. Jänner das "Risikobild 2025". Wie nicht anders zu erwarten war, dominieren geopolitische Herausforderungen die Risikolandschaft. Der Ukraine-Krieg, die Spannungen zwischen China und den USA sowie der Nahe Osten sind auch die ersten Themen, die mir einfallen würden, wenn mich .. --------------------------------------------- https://www.cert.at/de/blog/2025/1/risikobild-2025 ∗∗∗ Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike ∗∗∗ --------------------------------------------- This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. --------------------------------------------- https://blog.talosintelligence.com/talos-ir-trends-q4-2024/ ∗∗∗ FBI Seizes Leading Hacking Forums Cracked.io and Nulled.to ∗∗∗ --------------------------------------------- Nulled.to, Cracked.to and Cracked.io, major hacking forums, appear seized by the FBI as DNS records point to FBI. --------------------------------------------- https://hackread.com/fbi-seizes-hacking-forums-cracked-to-nulled-to/ ∗∗∗ Common OAuth Vulnerabilities ∗∗∗ --------------------------------------------- OAuth2’s popularity makes it a prime target for attackers. While it simplifies user login, its complexity can lead to misconfigurations that create security holes. Some of the more intricate vulnerabilities keep reappearing because the protocol’s inner workings are not always well-understood. In an effort to change that, we have decided to .. --------------------------------------------- https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html ===================== = Vulnerabilities = ===================== ∗∗∗ Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-012 ∗∗∗ Google Tag - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-011 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-011 ∗∗∗ Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-010 ∗∗∗ Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-009 ∗∗∗ Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-008 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

← Newer
1
2
3
4
5
6
7
8
9
...
316
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily