===================== = End-of-Day report = =====================
Timeframe: Freitag 27-12-2024 18:00 − Montag 30-12-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Customer data from 800,000 electric cars and owners exposed online ∗∗∗ --------------------------------------------- Volkswagens automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers names and reveal precise vehicle locations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/customer-data-from-800-000-el...
∗∗∗ Malware botnets exploit outdated D-Link routers in recent attacks ∗∗∗ --------------------------------------------- Two botnets tracked as Ficora and Capsaicin have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outda...
∗∗∗ Hackerangriff auf Flughäfen von Mailand ∗∗∗ --------------------------------------------- Eine prorussische Hackergruppe bekannte sich zu dem Cyberangriff. Der Flugbetrieb war nicht gefährdet. --------------------------------------------- https://futurezone.at/digital-life/hackerangriff-auf-flughaefen-von-mailand-...
∗∗∗ Bundestagswahlen: Wahlsoftware immer noch unsicher ∗∗∗ --------------------------------------------- Seit Jahren fordert der CCC eine transparente Wahlsoftware. Wie sinnvoll das wäre, zeigt die Analyse eines weit verbreiteten Tools. Ein Bericht von Friedhelm Greis. --------------------------------------------- https://www.golem.de/news/bundestagswahlen-wahlsoftware-immer-noch-unsicher-...
∗∗∗ Rundsteuerempfänger gehackt: Lässt sich über Funksignale ein Blackout herbeiführen? ∗∗∗ --------------------------------------------- Zwei Sicherheitsforscher haben die Protokolle für funkbasierte Rundsteuerempfänger entschlüsselt. Doch es ist strittig, in welchem Umfang sich manipulierte Signale missbrauchen lassen. Ein Bericht von Friedhelm Greis. --------------------------------------------- https://www.golem.de/news/rundsteuerempfaenger-gehackt-laesst-sich-ueber-fun...
∗∗∗ Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks ∗∗∗ --------------------------------------------- In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS --------------------------------------------- https://news.sophos.com/en-us/2024/12/30/prioritizing-patching-a-deep-dive-i...
∗∗∗ 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft ∗∗∗ --------------------------------------------- A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal --------------------------------------------- https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html
∗∗∗ Its only a matter of time before LLMs jump start supply-chain attacks ∗∗∗ --------------------------------------------- The greatest concern is with spear phishing and social engineering Interview Now that criminals have realized theres no need to train their own LLMs for any nefarious purposes - its much cheaper and easier to steal credentials and then jailbreak existing ones - the threat of a large-scale supply chain attack using generative AI becomes more real. --------------------------------------------- https://www.theregister.com/2024/12/29/llm_supply_chain_attacks/
∗∗∗ 38C3: Große Sicherheitsmängel in elektronischer Patientenakte 3.0 aufgedeckt ∗∗∗ --------------------------------------------- Gravierende Sicherheitslücken müssten bis zum Start der ePA 3.0 noch geschlossen werden. Das demonstrieren Martin Tschirsich und Bianca Kastl auf dem 38C3. --------------------------------------------- https://www.heise.de/news/38C3-Weitere-Sicherheitsmaengel-in-elektronischer-...
∗∗∗ 38C3: BogusBazaar-Bande betreibt noch immer Tausende Fakeshops ∗∗∗ --------------------------------------------- Monate nach der Entdeckung operiert eine chinesische Cyberbande weiterhin unbehelligt, berichten Sicherheitsforscher. Schützenhilfe leisten auch US-Anbieter. --------------------------------------------- https://www.heise.de/news/38C3-BogusBazaar-Bande-betreibt-noch-immer-Tausend...
∗∗∗ 38C3: BitLocker-Verschlüsselung von Windows 11 umgangen, ohne PC zu öffnen. ∗∗∗ --------------------------------------------- Zwei Jahre nach der vermeintlichen Behebung einer Lücke kann diese weiterhin genutzt werden, um BitLocker-geschützte Festplatten von Windows 11 zu entschlüsseln --------------------------------------------- https://www.heise.de/news/38C3-BitLocker-Verschluesselung-von-Windows-11-umg...
∗∗∗ On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE ∗∗∗ --------------------------------------------- An account with the name @NSA_Employee39 claimed to have dropped a zero-day vulnerability for the popular file archive software 7-Zip. Nobody could get it to work. --------------------------------------------- https://therecord.media/fake-zero-day-7Zip
∗∗∗ Lets Encrypt to end OCSP support in 2025 ∗∗∗ --------------------------------------------- Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate Status Protocol.What is OCSP?The Online Certificate Status Protocol is a --------------------------------------------- https://scotthelme.ghost.io/lets-encrypt-to-end-ocsp-support-in-2025/
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gst-plugins-good1.0 and opensc), Fedora (iwd and libell), and SUSE (chromium, govulncheck-vulndb, and poppler). --------------------------------------------- https://lwn.net/Articles/1003768/