===================== = End-of-Day report = =====================
Timeframe: Dienstag 04-02-2025 18:00 − Mittwoch 05-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Kosteneinsparungen: Lets Encrypt stellt Ablaufwarnungen für Zertifikate ein ∗∗∗ --------------------------------------------- Ab Juni erinnert Lets Encrypt nicht mehr an ablaufende Zertifikate. Administratoren wird empfohlen, auf alternative Dienste umzusteigen. --------------------------------------------- https://www.golem.de/news/kosteneinsparungen-let-s-encrypt-stellt-ablaufwarn...
∗∗∗ Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge ∗∗∗ --------------------------------------------- International security squads all focus on stopping baddies busting in through routers, IoT kit etc Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers. --------------------------------------------- https://www.theregister.com/2025/02/05/netgear_fixes_critical_bugs_while/
∗∗∗ In eigener Sache, wir stellen ein: System-Administrator:in (m/w/d - Vollzeit - Wien) ∗∗∗ --------------------------------------------- Für die Betreuung unserer Informations- und Kommunikationstechnik suchen wir eine/n System-Administrator:in mit Fachwissen im Bereich IT- und Netzwerk-Security. --------------------------------------------- https://www.cert.at/de/ueber-uns/jobs/
∗∗∗ 7-Zip: Mark-of-the-Web-Lücke wurde von Angreifern missbraucht ∗∗∗ --------------------------------------------- Die kürzlich gemeldete Mark-of-the-Web-Schwachstelle in 7-Zip wurde von Angreifern in freier Wildbahn für Schadcode-Schmuggel missbraucht. --------------------------------------------- https://www.heise.de/news/7-Zip-Mark-of-the-Web-Luecke-wurde-von-Angreifern-...
∗∗∗ Support ausgelaufen: Keine Sicherheitsupdates mehr für attackierte Zyxel-Router ∗∗∗ --------------------------------------------- Derzeit hat es eine Mirai-Botnet-Malware auf bestimmte Routermodelle von Zyxel abgesehen. Weil der Support ausgelaufen ist, müssen Admins jetzt handeln. --------------------------------------------- https://www.heise.de/news/Support-ausgelaufen-Keine-Sicherheitsupdates-mehr-...
∗∗∗ Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? ∗∗∗ --------------------------------------------- The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet .. --------------------------------------------- https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nu...
∗∗∗ Secure sanitisation and disposal of storage media ∗∗∗ --------------------------------------------- How to ensure data cannot be recovered from electronic storage media. --------------------------------------------- https://www.ncsc.gov.uk/guidance/secure-sanitisation-storage-media
∗∗∗ Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials ∗∗∗ --------------------------------------------- A global phishing campaign is actively exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication (MFA), targeting over 150 organizations. --------------------------------------------- https://hackread.com/hackers-fake-microsoft-adfs-login-pages-steal-credentia...
∗∗∗ Banking Malware Uses Live Numbers to Hijack OTPs, Targeting 50,000 Victims ∗∗∗ --------------------------------------------- A banking malware campaign using live phone numbers to redirect SMS messages has been identified by the zLabs research team, uncovering 1,000+ malicious apps and 2.5GB of exposed data. --------------------------------------------- https://hackread.com/banking-malware-live-numbers-hijack-otp-50000-victims/
∗∗∗ Preventing account takeover on centralized cryptocurrency exchanges in 2025 ∗∗∗ --------------------------------------------- This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes. --------------------------------------------- https://blog.trailofbits.com/2025/02/05/preventing-account-takeover-on-centr...
===================== = Vulnerabilities = =====================
∗∗∗ Multiple vulnerabilities in Defense Platform Home Edition ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN66673020/
∗∗∗ Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Secure Web Appliance Range Request Bypass Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Expressway Series Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...