===================== = End-of-Day report = =====================
Timeframe: Donnerstag 20-02-2025 18:00 − Freitag 21-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Angry Likho: Old beasts in a new forest ∗∗∗ --------------------------------------------- Kaspersky experts analyze the Angry Likho APT groups attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft. --------------------------------------------- https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/
∗∗∗ Three Years of Cyber Warfare: How Digital Attacks Have Shaped the Russia-Ukraine War ∗∗∗ --------------------------------------------- As the third anniversary of the start of the Russia-Ukraine war approaches, Trustwave SpiderLabs created a series of blog posts to look back, reflect upon, and explain how this 21st Century war is being fought not just on the ground, air, and sea but also in the realm of cyber. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/three-years-...
∗∗∗ Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws ∗∗∗ --------------------------------------------- PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who havent already installed patches released in January extra incentive to revisit their to-do lists. --------------------------------------------- https://www.theregister.com/2025/02/21/ivanti_traversal_flaw_poc_exploit/
∗∗∗ The National Institute of Standards and Technology Braces for Mass Firings ∗∗∗ --------------------------------------------- Approximately 500 NIST staffers, including at least three lab directors, are expected to lose their jobs at the safety-standards agency as part of the ongoing DOGE purge, sources tell WIRED. --------------------------------------------- https://www.wired.com/story/the-national-institute-of-standards-and-technolo...
∗∗∗ The US Is Considering a TP-Link Router Ban—Should You Worry? ∗∗∗ --------------------------------------------- Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links. --------------------------------------------- https://www.wired.com/story/tp-link-router-ban-investigation/
∗∗∗ Ransomware im LLM: Forscher füttern ChatGPT mit Daten der "Black Basta"-Bande ∗∗∗ --------------------------------------------- Kriminelle hinter der "Ransomware as a Service" haben sich zerstritten, nun veröffentlichte ein Insider Chatnachrichten. Sie geben tiefe Einblicke. --------------------------------------------- https://www.heise.de/news/Einblicke-in-Ransomware-Geschaeft-ChatGPT-kennt-In...
∗∗∗ Pen testing avionics under ED-203a ∗∗∗ --------------------------------------------- The aviation industry realised some time ago that taking a standard approach to the cyber security of its products was needed and that this was a specialist discipline. A family .. --------------------------------------------- https://www.pentestpartners.com/security-blog/pen-testing-avionics-under-ed-...
∗∗∗ Nach Hackerangriff auf Stadtgemeinde Tulln: Systeme wieder verfügbar ∗∗∗ --------------------------------------------- Derzeit gibt es keine Hinweise auf einen Datenabfluss. Der Angriff fand am 11. Februar statt --------------------------------------------- https://www.derstandard.at/story/3000000258352/nach-hackerangriff-auf-stadtg...
∗∗∗ Investigating LLM Jailbreaking of Popular Generative AI Web Products ∗∗∗ --------------------------------------------- We discuss vulnerabilities in popular GenAI web products to LLM jailbreaks. Single-turn strategies remain effective, but multi-turn approaches show greater success. --------------------------------------------- https://unit42.paloaltonetworks.com/jailbreaking-generative-ai-web-products/
∗∗∗ China-linked hackers target European healthcare orgs in suspected espionage campaign ∗∗∗ --------------------------------------------- A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. --------------------------------------------- https://therecord.media/china-linked-hackers-target-european-health-orgs
∗∗∗ Black Basta is latest ransomware group to be hit by leak of chat logs ∗∗∗ --------------------------------------------- Cybersecurity researchers are analyzing about 200,000 messages from inside the high-profile Black Basta ransomware operation that were leaked recently. --------------------------------------------- https://therecord.media/black-basta-ransomware-group-chat-logs-leaked
∗∗∗ Apple turns off iCloud encryption feature in UK following reported government legal order ∗∗∗ --------------------------------------------- The removal of the Advanced Data Protection (ADP) feature in the U.K. follows the British government reportedly issuing a secret legal demand to Apple to provide it with access to encrypted iCloud accounts. --------------------------------------------- https://therecord.media/apple-encryption-feature-off-britain
∗∗∗ LummaC2 Malware Distributed Disguised as Total Commander Crack ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) has discovered the LummaC2 malware being distributed disguised as the Total Commander tool. Total Commander is a file manager for Windows that supports various file formats. It offers convenient file management .. --------------------------------------------- https://asec.ahnlab.com/en/86435/
∗∗∗ Unauthenticated RCE in Grandstream HT802V2 and probably others ∗∗∗ --------------------------------------------- The Grandstream HT802V2 uses busybox' udhcpc for DHCP. When a DHCP event occurs, udhcpc calls a script (/usr/share/udhcpc/default.script by default) to further process the received data. On the HT802V2 this is used to (among others) parse the data in DHCP option 43 (vendor) using the Grandstream-specific parser .. --------------------------------------------- https://www.die-welt.net/2025/02/unauthenticated-rce-in-grandstream-ht802v2-...