===================== = End-of-Day report = =====================
Timeframe: Montag 13-01-2025 18:00 − Dienstag 14-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Abgehörte Kryptohandys: BGH erlaubt Verwertung - Berliner Landgericht lehnt ab ∗∗∗ --------------------------------------------- Die Justiz ringt seit Jahren um die Verwertung von Daten abgehörter Kryptohandys. Nun gab es in wenigen Wochen gegensätzliche Urteile. --------------------------------------------- https://www.golem.de/news/abgehoerte-kryptohandys-bgh-erlaubt-verwertung-ber...
∗∗∗ Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions ∗∗∗ --------------------------------------------- Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-...
∗∗∗ The Database Slayer: Deep Dive and Simulation of the Xbash Malware ∗∗∗ --------------------------------------------- In the world of malware, common ransomware schemes aim to take the data within databases (considered the "gold" in the vault of any organization) and hold them hostage, promising data recovery upon ransom payment. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-database...
∗∗∗ Snyk appears to deploy malicious packages targeting Cursor for unknown reason ∗∗∗ --------------------------------------------- Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using "malicious" packages uploaded to NPM. --------------------------------------------- https://www.theregister.com/2025/01/14/snyk_npm_deployment_removed/
∗∗∗ SAP-Patchday: Updates schließen 14 teils kritische Schwachstellen ∗∗∗ --------------------------------------------- Im Januar bedenkt SAP Produkte mit 14 Sicherheitsmitteilungen und zugehörigen Updates. Zwei davon gelten als kritisch. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-Hersteller-stopft-teils-kritische-SIc...
∗∗∗ Telefónica: Infostealer-Kampagne legt interne Jira-Issues offen ∗∗∗ --------------------------------------------- Der Telekommunikationsanbieter Telefónica wurde Opfer eines Cyberangriffs. Kriminelle erbeuteten offenbar Zugriff auf große Mengen interner Daten. --------------------------------------------- https://www.heise.de/news/Telefonica-Infostealer-Kampagne-legt-interne-Jira-...
∗∗∗ Achtung Fake: vailllant.at und vaillantproservice.at ∗∗∗ --------------------------------------------- Kriminelle missbrauchen das für Heiztechnik bekannte Unternehmen Vaillant für eine Betrugsmasche. Auf gefälschten Webseiten geben sich die Kriminellen als 24-Stunden-Notdienst für Österreich bzw. Wien/Niederösterreich aus. Ruft man den betrügerischen Notdienst an, kommen unseriöser Handwerker:innen, die den Schaden nicht fachgerecht beheben, sondern eine horrende Summe in Rechnung stellen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-vailllantat-und-vaillant...
∗∗∗ One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks ∗∗∗ --------------------------------------------- Graph neural networks aid in analyzing domains linked to known attack indicators, effectively uncovering new malicious domains and cybercrime campaigns. --------------------------------------------- https://unit42.paloaltonetworks.com/graph-neural-networks/
∗∗∗ Ransomware: Threat Level Remains High in Third Quarter ∗∗∗ --------------------------------------------- Recently established RansomHub group overtakes LockBit to become most prolific ransomware operation. --------------------------------------------- https://www.security.com/threat-intelligence/ransomware-threat-level-remains...
∗∗∗ CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet ∗∗∗ --------------------------------------------- Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-jcdc-ai-cyb...
∗∗∗ Major location data broker reports hack to Norwegian authorities ∗∗∗ --------------------------------------------- The location data broker Gravy Analytics confirmed to Norwegian authorities that it was breached by a hacker — potentially exposing a trove of sensitive information. --------------------------------------------- https://therecord.media/location-data-broker-gravy-breach
∗∗∗ NPM command confusion ∗∗∗ --------------------------------------------- Intro Managing dependencies in JavaScript projects can quickly become a complex undertaking. Tasks include keeping track of versions, ensuring compatibility, and handling updates . npm provides a robust solution to these problems, through a centralized system for managing project dependencies. Primarily accessed through its command-line interface (CLI), npm .. --------------------------------------------- https://checkmarx.com/blog/npm-command-confusion/
∗∗∗ Malicious Kong Ingress Controller Image Found on DockerHub ∗∗∗ --------------------------------------------- A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account --------------------------------------------- https://hackread.com/malicious-kong-ingress-controller-image-dockerhub/
∗∗∗ Hackers Using Fake YouTube Links to Steal Login Credentials ∗∗∗ --------------------------------------------- Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI .. --------------------------------------------- https://hackread.com/hackers-fake-youtube-links-steal-login-credentials/
∗∗∗ Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar ∗∗∗ --------------------------------------------- In Hindi, chokidar (चौकीदार) means “gatekeeper” or “watchman”—a perfect descriptor for chokidar one of Node.js most trusted file-watching libraries with around 56 million weekly downloads. Meanwhile, chalk serves as a cornerstone for terminal string styling in JavaScript, drawing over 265 million downloads weekly. Unfortunately, our Socket threat .. --------------------------------------------- https://socket.dev/blog/kill-switch-hidden-in-npm-packages-typo-squatting-ch...
===================== = Vulnerabilities = =====================
∗∗∗ Zyxel security advisory for improper privilege management vulnerability in APs and security router devices ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-a...
∗∗∗ January Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/january-security-update