===================== = End-of-Day report = =====================

Timeframe: Dienstag 28-01-2025 18:00 − Mittwoch 29-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

===================== = News = =====================

∗∗∗ Threat predictions for industrial enterprises 2025 ∗∗∗ --------------------------------------------- Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. --------------------------------------------- https://securelist.com/industrial-threat-predictions-2025/115327/

∗∗∗ ExxonMobil Lobbyist Caught Hacking Climate Activists ∗∗∗ --------------------------------------------- The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists:The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly working on behalf of one of the world’s largest oil and gas .. --------------------------------------------- https://www.schneier.com/blog/archives/2025/01/exxonmobil-lobbyist-caught-ha...

∗∗∗ Industrielle Kontrollsysteme: Attacken auf kritische Infrastrukturen möglich ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für industriellen Steuerungssysteme von unter anderem Rockwell und Schneider erschienen. --------------------------------------------- https://www.heise.de/news/Industrielle-Kontrollsysteme-Attacken-auf-kritisch...

∗∗∗ Zwei Sidechannel-Attacken auf Apples M-Prozessoren ∗∗∗ --------------------------------------------- Die schwerwiegenden Sicherheitslücken lassen sich für Angriffe auf Webbrowser aus der Ferne nutzen. Betroffen sind viele Mobil- und Desktop-Geräte von Apple. --------------------------------------------- https://www.heise.de/news/Zwei-Sidechannel-Attacken-auf-Apples-M-Prozessoren...

∗∗∗ How we estimate the risk from prompt injection attacks on AI systems ∗∗∗ --------------------------------------------- Modern AI systems, like Gemini, are more capable than ever, helping retrieve data and perform actions on behalf of users. However, data from external sources present new security challenges if untrusted sources are available to execute instructions on AI systems. Attackers can take advantage of this by hiding malicious instructions in data .. --------------------------------------------- http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html

∗∗∗ Backups & DRP in the ransomware era ∗∗∗ --------------------------------------------- In today’s digital landscape, the threat of ransomware has forced organizations to reevaluate their disaster recovery plans. Traditional approaches to data protection were focused primarily on high availability and are no longer sufficient. As cyber threats evolve, so must our strategies for safeguarding critical information. This blog post explores the .. --------------------------------------------- https://blog.nviso.eu/2025/01/29/backups-drp-in-the-ransomware-era/

∗∗∗ Hackers Actively Exploiting Fortinet Firewalls: Real-Time Insights from GreyNoise ∗∗∗ --------------------------------------------- This blog details how attackers are actively exploiting Fortinet FortiGate firewalls vulnerable to CVE-2022-40684, with real-time insights from GreyNoise to help defenders understand and respond to these threats. --------------------------------------------- https://www.greynoise.io/blog/hackers-actively-exploiting-fortinet-firewalls...

∗∗∗ Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891) ∗∗∗ --------------------------------------------- CVE-2024-40891: Zyxel CPE Zero-day Exploitation. Hackers are actively exploiting a telnet-based command injection vulnerability in Zyxel CPE devices, impacting 1,500+ exposed systems. No patch is available yet. --------------------------------------------- https://www.greynoise.io/blog/active-exploitation-of-zero-day-zyxel-cpe-vuln...

∗∗∗ Adversarial Misuse of Generative AI ∗∗∗ --------------------------------------------- Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-...

∗∗∗ CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI) ∗∗∗ --------------------------------------------- Yeti is a Forensic Intelligence platform and pipeline for DFIR teams. It allows threat intelligence and DFIR teams to catalog, search, and link pieces of intelligence such as IP addresses, TTPs, and threat actors. With 10,000 .. --------------------------------------------- https://rhinosecuritylabs.com/research/cve-2024-46507-yeti-server-side-templ...

∗∗∗ CISA Brings KEV Data to GitHub ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) just made a major move to improve access and usability for its Known Exploited Vulnerabilities (KEV) catalog. Announced by Tod Beardsley on LinkedIn, CISA has launched a new kev-data repository on GitHub, allowing developers, researchers, and cybersecurity enthusiasts to access KEV data in .. --------------------------------------------- https://socket.dev/blog/cisa-brings-kev-data-to-github

∗∗∗ CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 2 ∗∗∗ --------------------------------------------- In the previous article, we discussed a vulnerability in the LoadContainerQ() function inside clfs.sys. The root cause of the vulnerability was LoadContainerQ() using a CLFS_CONTAINER_CONTEXT.pContainer without checking if FlushImage() invalidated the General Metadata Block. --------------------------------------------- https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buf...

∗∗∗ CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 1 ∗∗∗ --------------------------------------------- CVE-2024-49138 is a Windows vulnerability detected by CrowdStrike as exploited in the wild. Microsoft patched the vulnerability on December 10th, 2024 with KB5048685 (for Windows 11 .. --------------------------------------------- https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buf...

===================== = Vulnerabilities = =====================

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (bzip2, gimp:2.8, keepalived, mariadb:10.11, mariadb:10.5, python-jinja2, and redis), Debian (iperf3, libtar, and pdns-recursor), Fedora (abseil-cpp, dotnet8.0, dotnet9.0, golang, libsoup3, and vaultwarden), Oracle (gimp:2.8, iperf3, keepalived, kernel, redis:7, and unbound), Red Hat (libsoup), SUSE (amazon-ssm-agent, .. --------------------------------------------- https://lwn.net/Articles/1006677/