End-of-Day report
Timeframe: Donnerstag 02-01-2025 18:00 - Freitag 03-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
SwaetRAT Delivery Through Python
We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all ..
https://isc.sans.edu/forums/diary/SwaetRAT+Delivery+Through+Python/31554/
3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt - Tendenz steigend
In einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend.
https://www.heise.de/news/3-1-Millionen-boesartige-Fake-Sterne-auf-GitHub-entdeckt-Tendenz-steigend-10223115.html
Configurations Mega Blog: Why Configurations Are the Wrong Thing to Get Wrong
So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on "up there" somewhere. In reality, most breaches still originate ..
https://www.tripwire.com/state-of-security/configurations-mega-blog-why-configurations-are-wrong-thing-get-wrong
10 Non-tech things you wish you had done after being breached
TL;DR Non-tech aspects to breach follow-up are often overlooked but essential NDAs, supply chain, and third party contracts and obligations should be reviewed Reviewing communication protocols and employee ..
https://www.pentestpartners.com/security-blog/10-non-tech-things-you-wish-you-had-done-after-being-breached/
Von Social Media bis App: So sind Sie Kriminellen einen Schritt voraus
Internetbetrug wird immer raffinierter und kann jeden Menschen treffen. Deshalb ist es wichtig, auf dem Laufenden zu bleiben und die aktuellen Betrugsmaschen zu kennen. Vom klassischen Newsletter über ..
https://www.watchlist-internet.at/news/unsere-kanaele/
NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar ..
https://hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/
Schädliche Versionen von zahlreichen Chrome-Erweiterungen in Umlauf
Über die Weihnachtstage verschafften sich die Täter Zugriff auf diverse Chrome-Extensions - in einigen Fällen sogar schon deutlich früher.
https://heise.de/-10224745
Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
Wiz-s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution.
https://www.wiz.io/blog/nuclei-signature-verification-bypass
Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages
Hardhat, maintained by the Nomic Foundation, is a vital tool for Ethereum developers. As a versatile development environment for Ethereum, it streamlines the creation, testing, and deployment of smart contracts and dApps. Its flexible plugin architecture allows developers to customize workflows with tools and extensions, optimizing productivity and supporting ..
https://socket.dev/blog/malicious-npm-campaign-targets-ethereum-developers
Vulnerabilities
iTerm2 3.5.11 released with a critical security fix
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog