End-of-Day report
Timeframe: Donnerstag 09-01-2025 18:00 - Freitag 10-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
In-the-wild attacks tamper with built-in security tool to suppress infection warnings.
https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/
Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection
Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we-ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress ..
https://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpress-checkout-pages-via-database-injection.html
Sicherheitsupdates: Angreifer können Netzwerkgeräte mit Junos OS crashen lassen
Netzwerkgeräte wie Switches von Juniper sind verwundbar. Ansatzpunkte sind mehrere Schwachstellen im Betriebssystem Junos OS.
https://www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Netzwerkgeraete-mit-Junos-OS-crashen-lassen-10235188.html
Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI
Executive Summary: The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month FunkSec operators appear to use AI-assisted malware development, which can enable even inexperienced actors to quickly produce and refine advanced tools The group-s activities straddle the line ..
https://blog.checkpoint.com/research/meet-funksec-a-new-surprising-ransomware-group-powered-by-ai/
Do we still have to keep doing it like this?
Hazel gets inspired by watching Wendy Nather-s recent keynote, and explores ways to challenge security assumptions.
https://blog.talosintelligence.com/do-we-still-have-to-keep-doing-it-like-this/
How Cracks and Installers Bring Malware to Your Device
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.
https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
Banshee Stealer Hits macOS Users via Fake GitHub Repositories
Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed ..
https://hackread.com/banshee-stealer-hits-macos-fake-github-repositories/
Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)
Did you have a good break? Have you had a chance to breathe? Wake up. It-s 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly ..
https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-ivanti-connect-secure-rce-cve-2025-0282/
How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering ..
https://github.blog/security/application-security/how-to-secure-your-github-actions-workflows-with-codeql/
Vulnerabilities
ZDI-25-010: Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-46981.
http://www.zerodayinitiative.com/advisories/ZDI-25-010/
ZDI-25-009: Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-55656.
http://www.zerodayinitiative.com/advisories/ZDI-25-009/