===================== = End-of-Day report = =====================
Timeframe: Donnerstag 06-02-2025 18:00 − Freitag 07-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ DeepSeek Phishing Sites Pursue User Data, Crypto Wallets ∗∗∗ --------------------------------------------- Riding the wave of notoriety from the Chinese companys R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases. --------------------------------------------- https://www.darkreading.com/cyber-risk/deepseek-phishing-sites-pursue-user-d...
∗∗∗ Ohne Nutzerinteraktion: Kritische Outlook-Lücke wird aktiv ausgenutzt ∗∗∗ --------------------------------------------- Die Sicherheitslücke ermöglicht es Angreifern, durch per E-Mail verschickte und speziell gestaltete Hyperlinks Schadcode auszuführen. --------------------------------------------- https://www.golem.de/news/ohne-nutzerinteraktion-kritische-outlook-luecke-wi...
∗∗∗ SSL 2.0 turns 30 this Sunday... Perhaps the time has come to let it die? ∗∗∗ --------------------------------------------- The SSL 2.0 protocol was originally published back in February of 1995[1], and although it was quickly found to have significant security weaknesses, and a more secure alternative was released only a year later, it still received a fairly wide adoption. --------------------------------------------- https://isc.sans.edu/diary/SSL+20+turns+30+this+Sunday+Perhaps+the+time+has+...
∗∗∗ Screenshot-Reading Malware ∗∗∗ --------------------------------------------- Kaspersky is reporting on a new type of smartphone malware.The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky .. --------------------------------------------- https://www.schneier.com/blog/archives/2025/02/screenshot-reading-malware.ht...
∗∗∗ Britische Regierung erzwingt Zugriff auf Apples verschlüsselte Cloud-Daten ∗∗∗ --------------------------------------------- Der Investigatory Powers Act wurde von Apple bereits öffentlich kritisiert. Nun hätten britische Sicherheitsbehörden gerne Zugriff auf Daten aller iCloud-User. --------------------------------------------- https://www.heise.de/news/Britische-Regierung-erzwingt-Zugriff-auf-Apples-ve...
∗∗∗ BSI-Analyse von Nextcloud: Zwei-Faktor-Authentifizierung war angreifbar ∗∗∗ --------------------------------------------- Eine Codeanalyse des BSI förderte Schwachstellen in Nextcloud Server zutage. Unter anderem ließ sich die Zwei-Faktor-Authentifizierung umgehen. --------------------------------------------- https://www.heise.de/news/BSI-Analyse-von-Nextcloud-Zwei-Faktor-Authentifizi...
∗∗∗ 20 Million OpenAI accounts offered for sale ∗∗∗ --------------------------------------------- A cybercriminal calling themselves emirking is offering 20 million OpenAI accounts for sale on a Dark Web forum --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/02/20-million-openai-accounts-of...
∗∗∗ ICS testing best results. Hint: Blend your approach ∗∗∗ --------------------------------------------- TL;DR Onsite ICS testing is risk averse Laboratory ICS device testing uncovers more A blended approach is key How that works Demonstrable benefits Introduction For safety’s sake onsite ICS .. --------------------------------------------- https://www.pentestpartners.com/security-blog/ics-testing-best-results-hint-...
∗∗∗ US-Abgeordnete wollen Deepseek verbieten, Sicherheitsforscher warnen vor App ∗∗∗ --------------------------------------------- Parteienübergreifender Antrag will Nutzung auf Regierungsgeräten untersagen. Forscher fällen vernichtendes Urteil zur Sicherheit und finden problematische Datenübertragungen an mehrere chinesische Firmen --------------------------------------------- https://www.derstandard.at/story/3000000256396/us-abgeordnete-wollen-deepsee...
∗∗∗ Vier italienische Aktivisten für Seerettung im Visier von Paragon-Spyware-Attacke ∗∗∗ --------------------------------------------- Vizepremier Salvini will in Israel Informationen über den Fall sammeln. Der Angriff erfolgte über Sicherheitslücke in Whatsapp --------------------------------------------- https://www.derstandard.at/story/3000000256452/vier-italienische-aktivisten-...
∗∗∗ Chinese-Speaking Group Manipulates SEO with BadIIS ∗∗∗ --------------------------------------------- This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/b/chinese-speaking-group-manipu...
∗∗∗ Urteil: TLS-Verschlüsselung bei E-Mail-Rechnungen an Privatkunden zu wenig? ∗∗∗ --------------------------------------------- Der Fall einer per E-Mail geschickten Privatkunden-Rechnung, die von Kriminellen manipuliert wurde, wanderte vor Gericht. Der Knackpunkt: die Verschlüsselung. --------------------------------------------- https://heise.de/-10274040
∗∗∗ Taiwan’s DeepSeek Ban Reflects Global Concerns Over AI Security ∗∗∗ --------------------------------------------- The Taiwan government’s recent decision to implement a ban on the use of the DeepSeek artificial intelligence chatbot within its public sector has drawn significant attention to the growing global concerns regarding .. --------------------------------------------- https://thecyberexpress.com/taiwans-deepseek-ban/
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc). --------------------------------------------- https://lwn.net/Articles/1008502/
∗∗∗ [R2] Tenable Identity Exposure Version 3.77.8 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2025-01