===================== = End-of-Day report = =====================
Timeframe: Donnerstag 23-01-2025 18:00 − Freitag 24-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Hacker infects 18,000 "script kiddies" with fake malware builder ∗∗∗ --------------------------------------------- A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-...
∗∗∗ Malware Redirects WordPress Traffic to Harmful Sites ∗∗∗ --------------------------------------------- Recently, a customer approached us after noticing their website was redirecting visitors to a suspicious URL. They suspected their site had been compromised and sought assistance in identifying and resolving the issue. This .. --------------------------------------------- https://blog.sucuri.net/2025/01/malware-redirects-wordpress-traffic-to-harmf...
∗∗∗ North Korean dev who renamed himself Bane accused of IT worker fraud scheme ∗∗∗ --------------------------------------------- 5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act The US is indicting yet another five suspects it believes were involved in North Koreas long-running, fraudulent remote IT worker scheme – including one who changed their last name to "Bane" and scored a gig at a tech biz in San Francisco. --------------------------------------------- https://www.theregister.com/2025/01/24/north_korean_devs_and_their/
∗∗∗ Dont want your Kubernetes Windows nodes hijacked? Patch this hole now ∗∗∗ --------------------------------------------- SYSTEM-level command injection via API parameter *chefs kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled. --------------------------------------------- https://www.theregister.com/2025/01/24/kubernetes_windows_nodes_bug/
∗∗∗ Subaru Security Flaws Exposed Its System for Tracking Millions of Cars ∗∗∗ --------------------------------------------- Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can. --------------------------------------------- https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
∗∗∗ Mehrere Staaten desinfizieren Botnetz, Deutschland nicht ∗∗∗ --------------------------------------------- Während Behörden in Frankreich und den USA die Schadsoftware Plug-X auf betroffenen Computern abschalten, wird in Deutschland über Infektionen nur informiert. --------------------------------------------- https://www.heise.de/news/Botnetz-Plug-X-Reinemachen-geht-nicht-10252309.htm...
∗∗∗ Jetzt patchen: Cross-Site-Scripting und Denial of Service in GitLab möglich ∗∗∗ --------------------------------------------- GitLab warnt vor drei Schwachstellen, von denen eine den Bedrohungsgrad "hoch" trägt. Patches stehen für die jüngeren Versionen bereit. --------------------------------------------- https://www.heise.de/news/Jetzt-patchen-Cross-Site-Scripting-und-Denial-of-S...
∗∗∗ Malvertising: Mac-Homebrew-User im Visier ∗∗∗ --------------------------------------------- Kriminelle haben bösartige Werbeanzeigen auf Google geschaltet, die anstatt auf die Homebrew-Webseite auf eine echt wirkende Malware-Seite leitet. --------------------------------------------- https://www.heise.de/news/Malvertising-Mac-Homebrew-User-im-Visier-10255909....
∗∗∗ Cyber security guidance for small fleet operators ∗∗∗ --------------------------------------------- Introduction Cyber threats aren’t just a problem for large shipping organizations, small maritime fleet operators are also at risk. Anything from phishing emails to ransomware attacks, these threats can disrupt .. --------------------------------------------- https://www.pentestpartners.com/security-blog/cyber-security-guidance-for-sm...
∗∗∗ Private Keys in the Fortigate Leak ∗∗∗ --------------------------------------------- A few days ago, a download link for a leak of configuration files for Fortigate/Fortinet devices was posted on an Internet forum. It appears that the data was collected in 2022 due to a security vulnerability known as CVE-2022-40684. According to a blog post by Fortinet in 2022, they were already aware of active exploitation of the issue back then. It was first .. --------------------------------------------- https://blog.hboeck.de:443/archives/908-Private-Keys-in-the-Fortigate-Leak.h...
∗∗∗ Exchange Server 2016 / 2019 erreichen im Oktober 2025 ihr EOL ∗∗∗ --------------------------------------------- Kleiner Nachtrag von dieser Woche zu einem Thema, welches eigentlich alle Exchange-Administratoren auf dem Radar haben sollten und auch dürften. Im Oktober 2025 fallen sowohl Microsoft Exchange Server 2016 als auch Microsoft Exchange .. --------------------------------------------- https://www.borncity.com/blog/2025/01/24/exchange-server-2016-2019-erreichen...
∗∗∗ Seasoning email threats with hidden text salting ∗∗∗ --------------------------------------------- Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos has observed an increase in the number of email threats leveraging hidden text salting. --------------------------------------------- https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-...
∗∗∗ SUSCTL (CVE-2024-54507) A particularly sus sysctl in the XNU Kernel ∗∗∗ --------------------------------------------- Every time Apple releases a new version of XNU, I run a custom suite of tests under an address sanitizer to see if I can spot any regressions, or even possibly new bugs. When I was messing around with macOS 15.0, I was shocked to see a very simple command was causing the sanitizer to report an invalid load. --------------------------------------------- https://jprx.io/cve-2024-54507/
∗∗∗ The J-Magic Show: Magic Packets and Where to find them ∗∗∗ --------------------------------------------- The Black Lotus Labs team at Lumen Technologies has been tracking the use of a backdoor attack tailored for use against enterprise-grade Juniper routers. This backdoor is opened by a passive agent that continuously monitors for a “magic packet,” sent by .. --------------------------------------------- https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them...
∗∗∗ cURL Project and Go Security Teams Reject CVSS as Broken ∗∗∗ --------------------------------------------- The CVSS (Common Vulnerability Scoring System) is facing significant pushback as both the cURL project and Go security teams are publicly distance themselves from the framework. While CVSS is designed to assign a severity score to vulnerabilities, its one-size-fits-all approach often produces misleading results, particularly for projects like cURL, which .. --------------------------------------------- https://socket.dev/blog/curl-project-and-go-security-teams-reject-cvss-as-br...
∗∗∗ FalconFeedsio X Account Hacked, Promoting Fraudulent Crypto Scams ∗∗∗ --------------------------------------------- FalconFeedsios official X (formerly Twitter) account has been compromised, leading to the promotion of fraudulent cryptocurrency posts and scams. This hacking of FalconFeed has shocked the cybersecurity community as the platform was renowned for dark web news alerts. With this hacking of FalconFeed x account, many users and cybersecurity experts are advising .. --------------------------------------------- https://thecyberexpress.com/hacking-of-falconfeed/
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and python-django), Fedora (git-lfs and pam-u2f), Mageia (golang), Red Hat (java-11-openjdk with Extended Lifecycle Support, java-17-openjdk, and java-21-openjdk), SUSE (cheat, dante, docker-stable, grafana, and kernel), and Ubuntu (cacti, cyrus-imapd, HTMLDOC, and PCL). --------------------------------------------- https://lwn.net/Articles/1006103/