===================== = End-of-Day report = =====================
Timeframe: Donnerstag 09-01-2025 18:00 − Freitag 10-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware ∗∗∗ --------------------------------------------- In-the-wild attacks tamper with built-in security tool to suppress infection warnings. --------------------------------------------- https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked...
∗∗∗ Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection ∗∗∗ --------------------------------------------- Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress .. --------------------------------------------- https://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpre...
∗∗∗ Sicherheitsupdates: Angreifer können Netzwerkgeräte mit Junos OS crashen lassen ∗∗∗ --------------------------------------------- Netzwerkgeräte wie Switches von Juniper sind verwundbar. Ansatzpunkte sind mehrere Schwachstellen im Betriebssystem Junos OS. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Netzwerkgerae...
∗∗∗ Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI ∗∗∗ --------------------------------------------- Executive Summary: The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month FunkSec operators appear to use AI-assisted malware development, which can enable even inexperienced actors to quickly produce and refine advanced tools The group’s activities straddle the line .. --------------------------------------------- https://blog.checkpoint.com/research/meet-funksec-a-new-surprising-ransomwar...
∗∗∗ Do we still have to keep doing it like this? ∗∗∗ --------------------------------------------- Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions. --------------------------------------------- https://blog.talosintelligence.com/do-we-still-have-to-keep-doing-it-like-th...
∗∗∗ How Cracks and Installers Bring Malware to Your Device ∗∗∗ --------------------------------------------- Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bri...
∗∗∗ Banshee Stealer Hits macOS Users via Fake GitHub Repositories ∗∗∗ --------------------------------------------- Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed .. --------------------------------------------- https://hackread.com/banshee-stealer-hits-macos-fake-github-repositories/
∗∗∗ Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) ∗∗∗ --------------------------------------------- Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly .. --------------------------------------------- https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-iv...
∗∗∗ How to secure your GitHub Actions workflows with CodeQL ∗∗∗ --------------------------------------------- In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering .. --------------------------------------------- https://github.blog/security/application-security/how-to-secure-your-github-...
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-25-010: Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-46981. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-010/
∗∗∗ ZDI-25-009: Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-55656. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-009/