===================== = End-of-Day report = =====================
Timeframe: Freitag 31-01-2025 18:00 − Montag 03-02-2025 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ DeepSeek AI tools impersonated by infostealer malware on PyPI ∗∗∗ --------------------------------------------- Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. --------------------------------------------- https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonate...
∗∗∗ DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot ∗∗∗ --------------------------------------------- Security researchers tested 50 well-known jailbreaks against DeepSeek’s popular new AI chatbot. It didn’t stop a single one. --------------------------------------------- https://www.wired.com/story/deepseeks-ai-jailbreak-prompt-injection-attacks/
∗∗∗ What Cybersecurity Can Teach Us About the Human Body ∗∗∗ --------------------------------------------- Understanding cybersecurity can sometimes feel like steering a maze of technical terms and complex systems. But a recent infographic shared by @yanabantai on X (formerly Twitter) has made it simpler, offering a fresh perspective by comparing cybersecurity to the human body. --------------------------------------------- https://thecyberexpress.com/cybersecurity-about-the-human-body/
∗∗∗ Erstmals leicht sinkende Tendenz bei Anzeigen zur Cyberkriminalität ∗∗∗ --------------------------------------------- Wenn in den nächsten Wochen die Kriminalstatistik veröffentlicht wird, ist von einer Trendumkehr bei Cybercrime auszugehen. Erstmals wird es in diesem Bereich einen leichten Rückgang bei den Anzeigen 2024 im Vergleich zu 2023 geben. --------------------------------------------- https://www.derstandard.at/story/3000000255493/erstmals-leicht-sinkende-tend...
∗∗∗ Phishing-Fallen: Wiener Polizei sucht Täter mittels Fahndungsfotos ∗∗∗ --------------------------------------------- Mit einer SMS und gefälschten Banken-Website wurden mehrere Menschen in Österreich in die Falle gelockt und bestohlen. [..] Mit Bildern aus Überwachungskameras jener Bankautomaten, wo Geld von den Opfern behoben wurde, wird nun nach den Verdächtigen gesucht. Die Fotos sind auf der Website der Polizei zu sehen. --------------------------------------------- https://futurezone.at/digital-life/phishing-wien-polizei-oesterreich-foto-ba...
∗∗∗ Hacker nutzen Google Gemini für Cyber-Angriffe ∗∗∗ --------------------------------------------- Kriminelle nutzen Googles Künstliche Intelligenz Gemini für Cyberangriffe, Phishing und Spionage. [..] Die Hacker nutzen Gemini derzeit zwar nicht, um neue kriminelle Methoden ausfindig zu machen, aber um bestehende zu verbessern. --------------------------------------------- https://futurezone.at/digital-life/google-gemini-hacker-cyber-angriffe-iran-...
∗∗∗ 1-Click Phishing Campaign Targets High-Profile X Accounts ∗∗∗ --------------------------------------------- In an attack vector thats been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims. --------------------------------------------- https://www.darkreading.com/endpoint-security/one-click-phishing-campaign-hi...
∗∗∗ Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware ∗∗∗ --------------------------------------------- This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised. --------------------------------------------- https://www.schneier.com/blog/archives/2025/02/journalists-and-civil-society...
∗∗∗ Further Adventures With CMPivot — Client Coercion ∗∗∗ --------------------------------------------- CMPivot queries can be used to coerce SMB authentication from SCCM client hosts. --------------------------------------------- https://posts.specterops.io/further-adventures-with-cmpivot-client-coercion-...
∗∗∗ CVE-2023-6080: A Case Study on Third-Party Installer Abuse ∗∗∗ --------------------------------------------- Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Softwares SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access to a system running the vulnerable version of SysTrack could escalate privileges locally. [..] August 7, 2024 - Confirmed vulnerability fixed in version 11.0 --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third...
∗∗∗ OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines ∗∗∗ --------------------------------------------- Implementing Kubernetes securely can be a daunting task. Fortunately, there are tools in the K8s toolshed that provide out-of-the-box solutions using a single click. One such tools is OPA Gatekeeper. It is a great out-of-the-box security checkpoint to enforce security policies on Kubernetes. But are users using it correctly? Do they understand its limitations? Our new research says not necessarily! --------------------------------------------- https://blog.aquasec.com/opa-gatekeeper-bypass-reveals-risks-in-kubernetes-p...
∗∗∗ Stronger Than Ever: How We Turned a DDoS Attack Into a Lesson in Resilience ∗∗∗ --------------------------------------------- We were subjected to several attempted DDoS attacks, and the first cohort didn't even raise an alarm, but on the 23rd Jan, we noticed the first impact. [..] Maybe you and your organisation will face a similar issue in the future and you can be more aware of the ransom scam, maybe the lessons we learned here are something you can use to avoid similar issues of your own in the future, or maybe this blog post was just an interesting read for you. --------------------------------------------- https://scotthelme.ghost.io/stronger-than-ever-how-we-turned-a-ddos-attack-i...
∗∗∗ Vulnerability & Patch Roundup — January 2025 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. --------------------------------------------- https://blog.sucuri.net/2025/01/vulnerability-patch-roundup-january-2025.htm...
===================== = Vulnerabilities = =====================
∗∗∗ Sicherheitsupdates: Zahlreiche Lücken gefährden Backup-Appliances von Dell ∗∗∗ --------------------------------------------- Admins, die Backups mit Dells PowerProtect managen, sollten aus Sicherheitsgründen aktuelle Versionen von Data Domain Operating System (DD OS) installieren. Geschieht das nicht, können Angreifer Systeme vollständig kompromittieren. --------------------------------------------- https://www.heise.de/-10267578
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (git-lfs, libsoup, and unbound), Debian (dcmtk, ffmpeg, openjdk-11, pam-u2f, and python-aiohttp), Fedora (buku, chromium, jpegxl, nodejs18, nodejs20, and rust-routinator), Mageia (clamav, kernel, kmod-virtualbox, kmod-xtables-addons & dwarves, and kernel-linus), SUSE (apptainer, bind, buildah, chromedriver, clamav, dovecot24, ignition, kubelogin, libjxl, libQt5Bluetooth5-32bit, orc, owasp-modsecurity-crs, python-pydantic, python311-ipython, and stb), and Ubuntu (linux-azure and netdata). --------------------------------------------- https://lwn.net/Articles/1007646/