End-of-Day report
Timeframe: Mittwoch 08-01-2025 18:00 - Donnerstag 09-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Here-s how hucksters are manipulating Google to promote shady Chrome extensions
How do you stash 18,000 keywords into a description? Turns out its easy.
https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version.
https://www.bleepingcomputer.com/news/security/unpatched-critical-flaws-impact-fancy-product-designer-wordpress-plugin/
Beyond Meh-trics: Examining How CTI Programs Demonstrate Value Using Metrics
A blog about developing cyber threat intelligence (CTI) metrics.
https://www.sans.org/blog/beyond-meh-trics-examining-how-cti-programs-demonstrate-value-using-metrics
The State of Magecart: A Persistent Threat to E-Commerce Security
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-state-of-magecart-a-persistent-threat-to-e-commerce-security/
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
3 CVEs added to CISAs catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw - and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years.
https://www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/
Japanese police claim China ran five-year cyberattack campaign targeting local orgs
-MirrorFace- group found ways to run malware in the Windows sandbox, which is worrying Japan-s National Police Agency and Center of Incident Readiness and Strategy for Cybersecurity have confirmed third party reports of attacks on local orgs by publishing details of a years-long series of attacks attributed to a China-backed source.
https://www.theregister.com/2025/01/09/japan_mirrorface_china_attack/
Angestellte klickten dreimal so oft auf Phishing-Links - häufig in Suchmaschinen
Mitarbeiter klicken trotz Schulungen auf Phishing-Links. Laut einer Studie sind sie bei E-Mails sich der Angriffe eher bewusst, bei der Suche im Netz weniger.
https://www.heise.de/news/E-Mails-sind-out-Phishing-verstaerkt-ueber-Suchmaschinen-10231871.html
New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search
As botnets continue to evolve, so do the techniques required to detect them.
https://www.rapid7.com/blog/post/2025/01/08/new-research-enhancing-botnet-detection-with-ai-using-llms-and-similarity-search/
Banshee: The Stealer That -Stole Code- From MacOS XProtect
As of 2024, approximately 100.4 million people worldwide use macOS, accounting for 15.1% of the global PC market. Of the millions of macOS users, many falsely assume that their systems are inherently secure from malware. This perception stems from macOS-s Unix-based architecture and historically lower market share, ..
https://research.checkpoint.com/2025/banshee-macos-stealer-that-stole-code-from-macos-xprotect/
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (-ICS-) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network.
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/
Angeblich Datenleck bei Datensammler Gravy Analytics
Im Darknet behaupten Kriminelle, Daten vom Positionsdatensammler Gravy Analytics erbeutet zu haben. Sorge um die Privatsphäre macht sich breit.
https://heise.de/-10233802
Vulnerabilities
ZDI-25-008: Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-008/
ZDI-25-007: Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-007/
ZDI-25-006: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-006/
ZDI-25-005: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-005/
ZDI-25-004: Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-004/
ZDI-25-003: Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-003/
ZDI-25-002: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-002/
ZDI-25-001: Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-001/
2025-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 24.1R2 release
https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release