===================== = End-of-Day report = =====================
Timeframe: Montag 10-02-2025 18:00 − Dienstag 11-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Over 12,000 KerioControl firewalls exposed to exploited RCE flaw ∗∗∗ --------------------------------------------- Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-fire...
∗∗∗ US sanctions LockBit ransomware’s bulletproof hosting provider ∗∗∗ --------------------------------------------- The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwa...
∗∗∗ Russian military hackers deploy malicious Windows activators in Ukraine ∗∗∗ --------------------------------------------- The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. --------------------------------------------- https://www.bleepingcomputer.com/news/security/russian-military-hackers-depl...
∗∗∗ All your 8Base are belong to us: Ransomware crew busted in global sting ∗∗∗ --------------------------------------------- Dark web site seized, four cuffed in Thailand An international police operation spanning the US, Europe, and Asia has shuttered the 8Base ransomware crews dark web presence and resulted in the arrest of four European suspects accused of stealing $16 million from more than 1,000 victims worldwide. --------------------------------------------- https://www.theregister.com/2025/02/10/8base_police_arrrest/
∗∗∗ Im a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice ∗∗∗ --------------------------------------------- Remote position, webcam not working, then glitchy AI face ... Red alert! Twice, over the past two months, Dawid Moczadło has interviewed purported job seekers only to discover that these "software developers" were scammers using AI-based tools — likely to get hired at a security company also using artificial intelligence, and then steal source code or other sensitive IP. --------------------------------------------- https://www.theregister.com/2025/02/11/it_worker_scam/
∗∗∗ Sicherheitsupdates Zimbra: Angreifer können Metadaten von E-Mails auslesen ∗∗∗ --------------------------------------------- Die Zimbra-Entwickler haben unter anderem mindestens eine kritische Lücke in der E-Mail- und Groupwarelösung geschlossen. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Zimbra-Angreifer-koennen-Metada...
∗∗∗ Hugging Face: Bösartige ML-Modelle auf Entwicklungsplattform aufgedeckt ∗∗∗ --------------------------------------------- Auf der KI-Entwicklungsplattform Hugging Face haben IT-Forscher bösartige ML-Modelle entdeckt. Angreifer könnten damit Befehle einschleusen. --------------------------------------------- https://www.heise.de/news/Hugging-Face-Boesartige-ML-Modelle-auf-Entwicklung...
∗∗∗ PCI DSS. Where to start? ∗∗∗ --------------------------------------------- TL;DR Determine your role: Merchant or service provider Determine your level and requirements Identify your validation method: SAQ or RoC Use the PCI website .. --------------------------------------------- https://www.pentestpartners.com/security-blog/pci-dss-where-to-start/
∗∗∗ Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence ∗∗∗ --------------------------------------------- Alabama native Eric Council Jr. confessed to taking over the Securities and Exchange Commissions account and posting false information that caused the price of bitcoin to swing wildly. --------------------------------------------- https://therecord.media/hacker-hijacked-sec-account-maximum
∗∗∗ SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers ∗∗∗ --------------------------------------------- SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks. --------------------------------------------- https://hackread.com/systembc-rat-targets-linux-ransomware-infostealers/
∗∗∗ Cisco Rejects Kraken Ransomware’s Data Breach Claims ∗∗∗ --------------------------------------------- Cisco denies recent data breach claims by the Kraken ransomware group, stating leaked credentials are from a resolved 2022 incident. Learn more about Ciscos response and the details of the original attack. --------------------------------------------- https://hackread.com/cisco-rejects-kraken-ransomware-data-breach-claim/
∗∗∗ !exploitable Episode One - Breaking IoT ∗∗∗ --------------------------------------------- For our last company retreat, the Doyensec team went on a cruise along the coasts of the Mediterranean Sea. As amazing as each stop was, us being geeks, we had to break the monotony of daily pool parties with some much-needed hacking sessions. Luca and John, our chiefs, came to the rescue with three challenges chosen to .. --------------------------------------------- https://blog.doyensec.com/2025/02/11/exploitable-iot.html
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim). --------------------------------------------- https://lwn.net/Articles/1008966/
∗∗∗ Zahlreiche Schwachstellen in Wattsense Bridge ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstel...
∗∗∗ February Security Update ∗∗∗ --------------------------------------------- https://www.ivanti.com/blog/february-security-update