===================== = End-of-Day report = =====================

Timeframe: Mittwoch 29-01-2025 18:00 − Donnerstag 30-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

===================== = News = =====================

∗∗∗ No need to RSVP: a closer look at the Tria stealer campaign ∗∗∗ --------------------------------------------- Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail. --------------------------------------------- https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/1...

∗∗∗ Exposed DeepSeek Database Revealed Chat Prompts and Internal Data ∗∗∗ --------------------------------------------- China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database. --------------------------------------------- https://www.wired.com/story/exposed-deepseek-database-revealed-chat-prompts-...

∗∗∗ Europol warnt vor gefälschten Medikamenten in Online-Angeboten ∗∗∗ --------------------------------------------- Europol hat 2024 Medikamente im Wert von rund 11,1 Millionen Euro beschlagnahmt. Sie waren gefälscht und für den Online-Handel vorgesehen. --------------------------------------------- https://www.heise.de/news/Europol-warnt-vor-gefaelschten-Medikamenten-in-Onl...

∗∗∗ Warten auf Patch: Das Admin-Interface Voyager für Laravel-Apps ist verwundbar ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen vor möglichen Attacken auf Voyager. Bislang haben sich die Entwickler zu den Sicherheitslücken nicht geäußert. --------------------------------------------- https://www.heise.de/news/Warten-auf-Patch-Das-Admin-Interface-Voyager-fuer-...

∗∗∗ Linux-related discussion as a cybersecurity threat ∗∗∗ --------------------------------------------- Starting on January 19, 2025 Facebooks internal policy makers decided that Linux is malware and labeled groups associated with Linux as being "cybersecurity threats". Any posts mentioning DistroWatch and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed. Weve been hearing all week .. --------------------------------------------- https://lwn.net/Articles/1006328/

∗∗∗ Betrugswelle auf Facebook: Gefälschte Lagerabverkäufe von Hofer und Zara ∗∗∗ --------------------------------------------- Aktuell kursieren auf Facebook Postings, die angeblich von bekannten Marken stammen und mit einem Lagerabverkauf werben. Nutzer:innen wird suggeriert, dass Unternehmen wie Hofer oder Zara kostenlose Kaffeemaschinen oder Geschenkboxen zu Sonderpreisen verschenken. Doch Vorsicht: Es handelt sich um gefälschte Angebote von Kriminellen, die es nur auf Kreditkartendaten abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/betrugswelle-auf-facebook-gefaelschte...

∗∗∗ Risikobild 2025 ∗∗∗ --------------------------------------------- Das österreichische Verteidigungsministerium präsentierte am 27. Jänner das "Risikobild 2025". Wie nicht anders zu erwarten war, dominieren geopolitische Herausforderungen die Risikolandschaft. Der Ukraine-Krieg, die Spannungen zwischen China und den USA sowie der Nahe Osten sind auch die ersten Themen, die mir einfallen würden, wenn mich .. --------------------------------------------- https://www.cert.at/de/blog/2025/1/risikobild-2025

∗∗∗ Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike ∗∗∗ --------------------------------------------- This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. --------------------------------------------- https://blog.talosintelligence.com/talos-ir-trends-q4-2024/

∗∗∗ FBI Seizes Leading Hacking Forums Cracked.io and Nulled.to ∗∗∗ --------------------------------------------- Nulled.to, Cracked.to and Cracked.io, major hacking forums, appear seized by the FBI as DNS records point to FBI. --------------------------------------------- https://hackread.com/fbi-seizes-hacking-forums-cracked-to-nulled-to/

∗∗∗ Common OAuth Vulnerabilities ∗∗∗ --------------------------------------------- OAuth2’s popularity makes it a prime target for attackers. While it simplifies user login, its complexity can lead to misconfigurations that create security holes. Some of the more intricate vulnerabilities keep reappearing because the protocol’s inner workings are not always well-understood. In an effort to change that, we have decided to .. --------------------------------------------- https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html

===================== = Vulnerabilities = =====================

∗∗∗ Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-012

∗∗∗ Google Tag - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-011 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-011

∗∗∗ Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-010

∗∗∗ Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-009

∗∗∗ Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2025-008