===================== = End-of-Day report = =====================
Timeframe: Donnerstag 16-01-2025 18:00 − Freitag 17-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ D-Trust: Cyberangriff trifft Trustcenter der Bundesdruckerei ∗∗∗ --------------------------------------------- Aus einem Antragsportal der D-Trust GmbH sind potenziell personenbezogene Daten abgeflossen. Wer hinter dem Angriff steckt, ist noch unklar. --------------------------------------------- https://www.golem.de/news/d-trust-cyberangriff-trifft-trustcenter-der-bundes...
∗∗∗ Mercedes-Benz Head Unit security research report ∗∗∗ --------------------------------------------- Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access. --------------------------------------------- https://securelist.com/mercedes-benz-head-unit-security-research/115218/
∗∗∗ New Star Blizzard spear-phishing campaign targets WhatsApp accounts ∗∗∗ --------------------------------------------- In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, .. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-s...
∗∗∗ Gootloader inside out ∗∗∗ --------------------------------------------- Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterward --------------------------------------------- https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/
∗∗∗ U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs ∗∗∗ --------------------------------------------- The U.S. Treasury Departments Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic Peoples Republic of Korea (DPRK) by dispatching .. --------------------------------------------- https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html
∗∗∗ Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants ∗∗∗ --------------------------------------------- A breach of AT&T that exposed “nearly all” of the company’s customers may have included records related to confidential FBI sources, potentially explaining the bureau’s new embrace of end-to-end encryption. --------------------------------------------- https://www.wired.com/story/hackers-likely-stole-fbi-call-logs-from-att-that...
∗∗∗ Biden ordnet für US-Behörden Verschlüsselung von E-Mail, DNS und BGP an ∗∗∗ --------------------------------------------- Ende-zu-Ende-Verschlüsselung, bessere Software und Abwehr, Post-Quanten, Aufsicht über Lieferanten, Passkeys, Erforschung von KI – Biden verordnet gute Medizin. --------------------------------------------- https://www.heise.de/news/Biden-ordnet-Verschluesselung-von-E-Mail-DNS-und-B...
∗∗∗ Daten von rund 250.000 MSI-Kunden bei Have I Been Pwned ∗∗∗ --------------------------------------------- Bei einem Cybervorfall bei MSI sind 2024 offenbar zahlreiche Kundendatensätze kopiert worden. Rund 250.000 Stück hat HIBP nun aufgenommen. --------------------------------------------- https://www.heise.de/news/Daten-von-rund-250-000-MSI-Kunden-bei-Have-I-Been-...
∗∗∗ Vertrauensdiensteanbieter D-Trust informiert über Datenschutzvorfall ∗∗∗ --------------------------------------------- Bei D-Trust kam es zu einem Datenschutzvorfall. Betroffen ist das Antragsportal für Signatur- und Siegelkarten. Die Ermittlungen laufen. --------------------------------------------- https://www.heise.de/news/Vertrauensdiensteanbieter-D-Trust-informiert-ueber...
∗∗∗ Chinese Innovations Spawn Wave of Toll Phishing Via SMS ∗∗∗ --------------------------------------------- Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to .. --------------------------------------------- https://krebsonsecurity.com/2025/01/chinese-innovations-spawn-wave-of-toll-p...
∗∗∗ OSV-SCALIBR: A library for Software Composition Analysis ∗∗∗ --------------------------------------------- In December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we’ve continued to build this tool, adding remediation features, as well .. --------------------------------------------- http://security.googleblog.com/2025/01/osv-scalibr-library-for-software.html
∗∗∗ PayPal ruft an? Vorsicht Betrug! ∗∗∗ --------------------------------------------- Aktuell erhält die Watchlist Internet zahlreiche Meldungen zu Anrufen durch angebliche PayPal-Mitarbeiter:innen. Heben Sie ab, berichtet man Ihnen von angeblichen Abbuchungen von Ihrem PayPal-Konto und fordert Ihre Mithilfe zum Blockieren der Abbuchungen. Tatsächlich greift man dabei aber auf Ihre Systeme zu und stiehlt Ihnen Ihr Geld. Ein Schaden entsteht erst durch das Telefonat! --------------------------------------------- https://www.watchlist-internet.at/news/paypal-ruft-an/
∗∗∗ Let’s talk about AI and end-to-end encryption ∗∗∗ --------------------------------------------- Recently, I came across a fantastic new paper by a group of NYU and Cornell researchers entitled “How to think about end-to-end encryption and AI.” I’m extremely grateful to see this paper, because while I don’t agree with every one of it’s .. --------------------------------------------- https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-e...
∗∗∗ Threat Brief: CVE-2025-0282 and CVE-2025-0283 ∗∗∗ --------------------------------------------- CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. --------------------------------------------- https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-20...
∗∗∗ New WDAC Exploit Technique: Leveraging Policies to Disable EDRs and Evade Detection ∗∗∗ --------------------------------------------- The file “SiPolicy.p7b” contains policies that Windows OS and Windows Defender (AV) will listen to and your antivirus will apply the policies that this .. --------------------------------------------- https://www.truesec.com/hub/blog/new-wdac-exploit-technique-leveraging-polic...
∗∗∗ IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 ∗∗∗ --------------------------------------------- Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/a/iot-botnet-linked-to-ddos-att...
∗∗∗ Announcing Six Day and IP Address Certificate Options in 2025 ∗∗∗ --------------------------------------------- This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates with six-day lifetimes (“short-lived certificates”). We will also add support for IP addresses in addition to domain names .. --------------------------------------------- https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/
∗∗∗ A Response to Recent Claims About Sessions Security Architecture ∗∗∗ --------------------------------------------- We were recently made aware of a blog published by a security researcher which makes a number of claims about Session and supposed flaws in Session’s design and implementation. We, as well as other Session contributors, have now had time to read through the blog and investigate the claims and wanted to give a detailed response on each point raised by the author. --------------------------------------------- https://getsession.org/blog/a-response-to-recent-claims-about-sessions-secur...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (rsync and tomcat9), Fedora (chromium, mingw-python-jinja2, redict, and valkey), Gentoo (GIMP and pip), Oracle (.NET, fence-agents, ipa, kernel, python-virtualenv, raptor2, and rsync), Red Hat (.NET 8.0 and .NET 9.0), SUSE (apache2-mod_jk, git, git-lfs, kernel, python-Django, thunderbird, and xen), and Ubuntu (audacity, bcel, dotnet8, dotnet9, gimp-dds, harfbuzz, libxml2, poppler, rsync, and tqdm). --------------------------------------------- https://lwn.net/Articles/1005433/
∗∗∗ Aviatrix Controllers OS Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/threat-signal-report/5982