===================== = End-of-Day report = =====================
Timeframe: Donnerstag 30-01-2025 18:00 − Freitag 31-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) ∗∗∗ --------------------------------------------- Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access .. --------------------------------------------- https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-t...
∗∗∗ Infrastructure Laundering: Blending in with the Cloud ∗∗∗ --------------------------------------------- In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services. --------------------------------------------- https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-wi...
∗∗∗ Operation "Talent" nimmt weltgrößte Plattformen für Cyberkriminalität vom Netz ∗∗∗ --------------------------------------------- Bei einer internationalen Aktion wurden die Cracking-Foren nulled.to und cracked.io vom Netz genommen --------------------------------------------- https://www.derstandard.at/story/3000000255412/operation-talent-nimmt-weltgr...
∗∗∗ Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek ∗∗∗ --------------------------------------------- Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content. --------------------------------------------- https://unit42.paloaltonetworks.com/jailbreaking-deepseek-three-techniques/
∗∗∗ On hackers, hackers, and hilarious misunderstandings ∗∗∗ --------------------------------------------- "Hacker", as we in the bizz know well, carries different meanings for different people, and this can cause hilarious misunderstandings. Yesterday, the Polish TV network TVN aired the second part of an ongoing documentary about issues in NEWAG trains that were analyzed by Dragon Sector. Near the end, the documentary featured a recording .. --------------------------------------------- https://gynvael.coldwind.pl/?id=799
∗∗∗ Cyberangriffe auf SimpleHelp RMM beobachtet ∗∗∗ --------------------------------------------- In SimepleHelp RMM missbrauchen Angreifer Sicherheitslücken, um Netzwerke zu kompromittieren. Updates stehen bereit. --------------------------------------------- https://heise.de/-10265414
∗∗∗ The Slow Death of OCSP ∗∗∗ --------------------------------------------- Everybody is talking about OCSP now because, just last month, at the end of 2024, Let’s Encrypt announced it was going to stop supporting online certificate revocation checking. Beginning in early May 2025, there will no longer be any OCSP revocation information in Let’s Encrypt’s certificates. Once all its earlier certificates expire, Let’s Encrypt will shut down its OCSP servers. --------------------------------------------- https://www.feistyduck.com/newsletter/issue_121_the_slow_death_of_ocsp
∗∗∗ PyPI’s New Archival Feature Closes a Major Security Gap ∗∗∗ --------------------------------------------- A major security improvement has landed on PyPI: maintainers can now archive projects, making it clear when a package is no longer actively maintained. This long-awaited feature, developed by Trail of Bits and funded by Alpha-Omega, helps developers make informed decisions about dependencies while protecting the Python ecosystem from risks associated .. --------------------------------------------- https://socket.dev/blog/pypi-adds-support-for-archiving-projects
∗∗∗ VMware Aria Vulnerabilities Addressed ∗∗∗ --------------------------------------------- VMware Security Advisory VMSA-2025-0003 addresses multiple vulnerabilities identified in VMware Aria Operations for Logs and VMware Aria Operations. These vulnerabilities, if exploited, could allow attackers to .. --------------------------------------------- https://thecyberthrone.in/2025/01/31/vmware-aria-vulnerabilities-addressed/
∗∗∗ DeepSeek’s Popularity Sparks Surge in Crypto Phishing and Malware Campaigns ∗∗∗ --------------------------------------------- The rapid rise of DeepSeek, a Chinese artificial intelligence company known for its open-source large language models (LLMs), has sparked not only excitement but also a significant increase in cyber threats. As of January 2025, the company launched its first free chatbot app, “DeepSeek – AI Assistant,” which quickly became the most downloaded .. --------------------------------------------- https://thecyberexpress.com/deepseeks-surge-sparks-malware-campaigns/
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (libsoup), Debian (debian-security-support and redis), Fedora (expat, java-21-openjdk, lemonldap-ng, and phpMyAdmin), Mageia (chromium-browser-stable and git-lfs), Oracle (bzip2, git-lfs, libsoup, mariadb:10.11, mariadb:10.5, python-jinja2, redis, and unbound), Red Hat (git-lfs, libsoup, python-jinja2, .. --------------------------------------------- https://lwn.net/Articles/1007252/
∗∗∗ VU#733789: ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit" ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/733789
∗∗∗ ZDI-25-060: Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-060/