===================== = End-of-Day report = =====================
Timeframe: Freitag 03-01-2025 18:00 − Dienstag 07-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Windows 10 users urged to upgrade to avoid "security fiasco" ∗∗∗ --------------------------------------------- Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-up...
∗∗∗ Cryptocurrency wallet drainers stole $494 million in 2024 ∗∗∗ --------------------------------------------- Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainer...
∗∗∗ Chinese hackers also breached Charter and Windstream networks ∗∗∗ --------------------------------------------- More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. --------------------------------------------- https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-...
∗∗∗ Trotz starker Kritik: Umstrittene UN-Cybercrime-Konvention verabschiedet ∗∗∗ --------------------------------------------- Netzaktivisten haben vergeblich vor der Verabschiedung der Konvention gewarnt. Es droht der Zugriff auf digitale Beweismittel durch autoritäre Staaten. --------------------------------------------- https://www.golem.de/news/trotz-starker-kritik-umstrittene-un-cybercrime-kon...
∗∗∗ After Chinas Salt Typhoon, the reconstruction starts now ∗∗∗ --------------------------------------------- If 40 years of faulty building gets blown down, don’t rebuild with the rubble Opinion When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is .. --------------------------------------------- https://www.theregister.com/2025/01/06/opinion_column_cybersec/
∗∗∗ MediaTek rings in the new year with a parade of chipset vulns ∗∗∗ --------------------------------------------- Manufacturers should have had ample time to apply the fixes MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. --------------------------------------------- https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/
∗∗∗ Patchday: Wichtige Sicherheitsupdates schützen Android-Geräte ∗∗∗ --------------------------------------------- Google und weitere Hersteller von Android-Geräte haben mehrere kritische Lücken in verschiedenen Android-Versionen geschlossen. --------------------------------------------- https://www.heise.de/news/Patchday-Schadcode-Luecken-bedrohen-Android-12-13-...
∗∗∗ Schwerwiegende Sicherheitslücken in Sonicwall SSL-VPN - aktiv ausgenutzt ∗∗∗ --------------------------------------------- Der Hersteller Sonicwall hat seine Kunden darüber informiert, dass einige Geräte von Sicherheitslücken betroffen sind. Besonders hervorzuheben ist dabei eine bereits angegriffenen Lücke bei denen Angreifer:innen die Authentifizierung .. --------------------------------------------- https://www.cert.at/de/warnungen/2025/1/schwewiegende-sicherheitslucken-in-s...
∗∗∗ UN aviation agency actively investigating cybercriminal’s claimed data breach ∗∗∗ --------------------------------------------- The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.” --------------------------------------------- https://therecord.media/united-nations-icao-investigating-data-breach
∗∗∗ Critical Next.js Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- This specifically affects pages directly under the application’s root directory. Example:[Not affected] hxxps[://]example[.]com[Affected] hxxps[://]example[.]com/foo[Not affected] hxxps[://]example[.]com/foo/bar Successful exploitation of this vulnerability, allows a remote unauthenticated .. --------------------------------------------- https://www.truesec.com/hub/blog/critical-next-js-authorization-bypass-vulne...
∗∗∗ Achtung: Angeblich geleakter GTA San Andreas Source-Code mit Schadsoftware ∗∗∗ --------------------------------------------- Aktuell wird angeblich der Quellcode des Rockstar Games Spiels GTA San Andreas im Internet zum Download angeboten. Erste Hinweise scheinen seit gestern im Internet aufgetaucht zu sein (siehe z.B. den Artikel Rockstar reportedly faces another .. --------------------------------------------- https://www.borncity.com/blog/2025/01/06/achtung-angeblich-geleakter-gta-san...
∗∗∗ New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages ∗∗∗ --------------------------------------------- SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data. --------------------------------------------- https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/
∗∗∗ U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks ∗∗∗ --------------------------------------------- US sanctions Beijing-based Integrity Technology Group for aiding “Flax Typhoon” hackers in cyberattacks on American infrastructure, freezing assets… --------------------------------------------- https://hackread.com/us-sanctions-chinese-cybersecurity-firm-cyberattacks/
∗∗∗ CVE-2024-4577: Windows Encoding Gone Wrong ∗∗∗ --------------------------------------------- CVE-2024-4577 is a critical vulnerability in Windows-based PHP installations, affecting CGI configurations, that allow remote code execution. --------------------------------------------- https://www.bitsight.com/blog/cve-2024-4577-windows-encoding-gone-wrong
∗∗∗ Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon ∗∗∗ --------------------------------------------- Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data and remotely probe developer environments.Over the last year, Socket’s threat research team has continually observed and identified malicious JavaScript, Python, and Ruby packages .. --------------------------------------------- https://socket.dev/blog/weaponizing-oast-how-malicious-packages-exploit-npm-...
===================== = Vulnerabilities = =====================
∗∗∗ [20250103] - Core - Read ACL violation in multiple core views ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: ACL Violation Reported Date: 2024-08-26 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40749 Description Improper Access Controls allows access to protected views. Affected Installs Joomla! CMS versions 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security --------------------------------------------- https://developer.joomla.org:443/security-centre/956-20250103-core-read-acl-...
∗∗∗ [20250102] - Core - XSS vector in the id attribute of menu lists ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-09-19 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40748 Description Lack of output escaping in the id attribute of menu lists. Affected Installs Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. --------------------------------------------- https://developer.joomla.org:443/security-centre/955-20250102-core-xss-vecto...
∗∗∗ [20250101] - Core - XSS vectors in module chromes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-08-29 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40747 Description Various module chromes didnt properly process inputs, leading to XSS vectors. Affected Installs Joomla! CMS versions 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. Reported By: Catalin Iovita --------------------------------------------- https://developer.joomla.org:443/security-centre/954-20250101-core-xss-vecto...
∗∗∗ Security Vulnerabilities fixed in Firefox ESR 115.19 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/
∗∗∗ Security Vulnerabilities fixed in Firefox ESR 128.6 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
∗∗∗ Security Vulnerabilities fixed in Firefox 134 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/
∗∗∗ Upcoming CVE for End-of-Life Node.js Versions ∗∗∗ --------------------------------------------- https://nodejs.org/en/blog/vulnerability/upcoming-cve-for-eol-versions