End-of-Day report
Timeframe: Montag 30-12-2024 18:00 - Donnerstag 02-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Cyberangriff: Hacker wollen Daten von IT-Dienstleister Atos erbeutet haben
Die Angreifer behaupten, im Besitz einer Firmendatenbank von Atos zu sein. Der IT-Dienstleister findet bisher keine Beweise für einen Angriff.
https://www.golem.de/news/cyberangriff-hacker-wollen-daten-von-it-dienstleister-atos-erbeutet-haben-2501-192063.html
Supportende naht: Forscher warnt vor Security-Fiasko durch Windows 10
Rund zwei Drittel aller Windows-PCs in Deutschland arbeiten noch mit Windows 10. Es besteht dringender Handlungsbedarf - nicht erst im Oktober dieses Jahres.
https://www.golem.de/news/supportende-naht-forscher-warnt-vor-security-fiasko-durch-windows-10-2501-192072.html
Chinas cyber intrusions took a sinister turn in 2024
>From targeted espionage to pre-positioning - not that they are mutually exclusive The Chinese governments intrusions into Americas telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks.
https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/
US Treasury Department outs the blast radius of BeyondTrusts key leak
Data pilfered as miscreants roamed affected workstations The US Department of the Treasury has admitted that miscreants were in its systems, accessing documents in what has been called a "major incident."
https://www.theregister.com/2024/12/31/us_treasury_department_hacked/
"Die perfekte Phishing-Mail": Mit KI-Textgeneratoren gegen Führungskräfte
KI-Technik ermöglicht es Kriminellen, hochpersonalisierte Phishing-Mails an Führungskräfte zu schicken, warnt ein Versicherer. Trainingsmaterial gibt es online.
https://www.heise.de/news/Die-perfekte-Phishing-Mail-Mit-KI-Textgeneratoren-gegen-Fuehrungskraefte-10222995.html
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and ..
https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/
Vorsicht vor betrügerischen E-Mails zur Rückerstattung von ORF-Gebühren
Derzeit finden zahlreiche Personen ein E-Mail in ihrem Postfach, in dem behauptet wird, dass sie Anspruch auf eine Rückerstattung von ORF-Gebühren in Höhe von 34,40 Euro haben. Achtung: Es handelt sich dabei um einen Phishing-Versuch, der darauf abzielt, Kontodaten zu stehlen.
https://www.watchlist-internet.at/news/betruegerisches-orf-rueckerstattung-e-mail/
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.
https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/
DORA Regulation (Digital Operational Resilience Act): A Threat Intelligence Perspective
The Digital Operational Resilience Act (DORA) is coming in 2025.
https://www.team-cymru.com/post/dora-regulation-digital-operational-resilience-act-a-threat-intelligence-perspective
Passkey technology is elegant, but it-s most definitely not usable security
It's that time again, when families and friends gather and implore the more technically inclined among them to troubleshoot problems they're having behind the device screens all around them. One of the most vexing ..
https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/
I-m Lovin- It: Exploiting McDonald-s APIs to hijack deliveries and order food for a penny
API flaws in the McDonald-s McDelivery system in India, one of the world-s most popular food delivery apps, enabled a variety of fun exploits ..
https://eaton-works.com/2024/12/19/mcdelivery-india-hack/
Déjà vu: Ghostly CVEs in my terminal title
As I've spoken and written about all modern terminals are actually "emulating" something dating from the ..
https://dgl.cx/2024/12/ghostty-terminal-title
Vulnerabilities
ZDI-24-1737: Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1737/
ZDI-24-1736: (0Day) Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1736/
ZDI-24-1739: Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1739/
ZDI-24-1738: Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-24-1738/
PAN-OS Firewall Denial of Service (DoS) Vulnerability
https://fortiguard.fortinet.com/threat-signal-report/5610