===================== = End-of-Day report = =====================
Timeframe: Montag 03-02-2025 18:00 − Dienstag 04-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ 7-Zip MotW bypass exploited in zero-day attacks against Ukraine ∗∗∗ --------------------------------------------- A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. --------------------------------------------- https://www.bleepingcomputer.com/news/security/7-zip-motw-bypass-exploited-i...
∗∗∗ Beyond the Chatbot: Meta Phishing with Fake Live Support ∗∗∗ --------------------------------------------- In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals exploit Facebook Messenger chatbots to execute social engineering attacks, deceiving users into falling victim to scams and phishing schemes. These attacks .. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/beyond-the-c...
∗∗∗ Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden ∗∗∗ --------------------------------------------- An investigation into more than 300 cyberattacks against US K–12 schools over the past five years shows how schools can withhold crucial details from students and parents whose data was stolen. --------------------------------------------- https://www.wired.com/story/meet-the-hired-guns-who-make-sure-school-cyberat...
∗∗∗ Lets Encrypt: 6-Tage-Zertifikate, keine Ablauf-Nachrichten zu Zertifikaten mehr ∗∗∗ --------------------------------------------- Lets Encrypt sieht einige Änderungen vor: Zertifikate mit sechs Tagen Laufzeit kommen neu hinzu. Zertifikat-Ablauf-Nachrichten fallen weg. --------------------------------------------- https://www.heise.de/news/Let-s-Encrypt-Ende-von-Zertifikat-Ablauf-Nachricht...
∗∗∗ A tale of enumeration, and why pen testing can’t be automated ∗∗∗ --------------------------------------------- TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames .. --------------------------------------------- https://www.pentestpartners.com/security-blog/a-tale-of-enumeration-and-why-...
∗∗∗ Practice being punched in the face. The realities of incident response preparation ∗∗∗ --------------------------------------------- “Everyone has a plan until they get punched in the face.” This Mike Tyson boxing quote perfectly encapsulates the chaos of a cybersecurity breach. TL;DR Accept that your organisation may .. --------------------------------------------- https://www.pentestpartners.com/security-blog/practice-being-punched-in-the-...
∗∗∗ Neue Masche mit gefälschtem Post-Käuferschutz bei Kleinanzeigen ∗∗∗ --------------------------------------------- Kriminelle geben sich auf Kleinanzeigenplattformen als Kaufinteressierte aus und täuschen vor, Ihr Produkt über den Post Käuferschutz bezahlen zu wollen. Sie locken Sie auf eine gefälschte Zahlungsplattform, wo Sie Ihre Kreditkartendaten eingeben sollen, um die Zahlung zu bestätigen. Tatsächlich geben Sie aber eine Zahlung frei und .. --------------------------------------------- https://www.watchlist-internet.at/news/neue-masche-mit-gefaelschtem-post-kae...
∗∗∗ Stealers on the Rise: A Closer Look at a Growing macOS Threat ∗∗∗ --------------------------------------------- Atomic Stealer, Poseidon Stealer and Cthulhu Stealer target macOS. We discuss their various properties and examine leverage of the AppleScript framework. --------------------------------------------- https://unit42.paloaltonetworks.com/macos-stealers-growing/
∗∗∗ Law Enforcement disrupts Major Spam Delivery Service ∗∗∗ --------------------------------------------- “The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often .. --------------------------------------------- https://www.truesec.com/hub/blog/law-enforcement-disrupts-major-spam-deliver...
∗∗∗ Hackers Hide Malware in Fake DeepSeek PyPI Packages ∗∗∗ --------------------------------------------- Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself. --------------------------------------------- https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/
∗∗∗ CVE-2023-6080: A Case Study on Third-Party Installer Abuse ∗∗∗ --------------------------------------------- Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Softwares SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access to a system running the vulnerable version of SysTrack .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third...
∗∗∗ CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices ∗∗∗ --------------------------------------------- CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-partners-asds-acsc-c...
∗∗∗ 8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur ∗∗∗ --------------------------------------------- Surprise surprise, weve done it again. Weve demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, .. --------------------------------------------- https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-s...
∗∗∗ Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence ∗∗∗ --------------------------------------------- Socket researchers have discovered a malicious typosquat package in the Go ecosystem, impersonating the widely used BoltDB database module (github.com/boltdb/bolt), a tool trusted by many organizations including Shopify and Heroku. The BoltDB package is widely adopted within the Go ecosystem, with 8,367 other packages depending on it. Its extensive .. --------------------------------------------- https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-f...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-17), Fedora (chromium, fastd, ovn, and yq), Mageia (libxml2 and redis), Oracle (gstreamer1-plugins-base, gstreamer1-plugins-good), Red Hat (buildah, bzip2, galera, mariadb, grafana, keepalived, libsoup, mariadb:10.11, mariadb:10.5, mingw-glib2, podman, python-jinja2, and rsync), SUSE (bind, ignition, .. --------------------------------------------- https://lwn.net/Articles/1007886/
∗∗∗ Synology-SA-25:01 DSM (PWN2OWN 2024) ∗∗∗ --------------------------------------------- A vulnerability allows man-in-the-middle attackers to hijack the authentication of administrators.The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25487) has been addressed. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_25_01
∗∗∗ CISA Releases Nine Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released nine Industrial Control Systems (ICS) advisories on February 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-035-01 Western Telematic Inc NPS Series, DSM Series, CPM SeriesICSA-25-035-02 Rockwell Automation 1756-L8zS3 and 1756-L3 and 1756-L3ICSA-25-035-03 .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-releases-nine-indust...
∗∗∗ Security Vulnerabilities fixed in Thunderbird 135 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/
∗∗∗ Security Vulnerabilities fixed in Thunderbird ESR 128.7 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/
∗∗∗ Security Vulnerabilities fixed in Firefox ESR 128.7 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/
∗∗∗ Security Vulnerabilities fixed in Firefox ESR 115.20 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-08/
∗∗∗ Security Vulnerabilities fixed in Firefox 135 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/
∗∗∗ Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-a...