End-of-Day report
Timeframe: Dienstag 14-01-2025 18:00 - Mittwoch 15-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data.
https://www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/
Undercover Operations: Scraping the Cybercrime Underground
A blog about web scraping methods, use cases, challenges, and how to overcome them.
https://www.sans.org/blog/undercover-operations-scraping-the-cybercrime-underground
Cyber-Bedrohungen für die öffentliche Ladeinfrastruktur: Risiken und Schutzmaßnahmen durch Penetrationstests
Angriffe auf die öffentliche Ladeinfrastruktur für Elektrofahrzeuge nehmen zu und gefährden den Ruf und die Sicherheit der ..
https://sec-consult.com/de/blog/detail/cyber-bedrohungen-fuer-die-oeffentliche-ladeinfrastruktur-risiken-und-schutzmassnahmen-durch-penetrationstests/
Phishing False Alarm
A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it-until it turned out it was company management sending the gift cards.
https://www.schneier.com/blog/archives/2025/01/phishing-false-alarm.html
Miscreants mass exploited Fortinet firewalls, highly probable zero-day used
Ransomware not off the table, Arctic Wolf threat hunter tells El Reg Updated Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to security researchers who say theyve observed the ..
https://www.theregister.com/2025/01/14/miscreants_mass_exploited_fortinet_firewalls/
Patchday Fortinet: Hintertür ermöglicht unbefugte Zugriffe auf FortiSwitch
Der Anbieter von IT-Securitylösungen Fortinet hat zahlreiche Sicherheitsupdates für seine Produkte veröffentlicht. Das sollten Netzwerkadmins im Blick haben.
https://www.heise.de/news/Patchday-Fortinet-Hintertuer-ermoeglicht-unbefugte-Zugriffe-auf-FortiSwitch-10243684.html
Cybergang Cl0p: Angeblich Daten durch Cleo-Sicherheitslücke abgezogen
Die kriminelle Bande Cl0p hat angeblich bei vielen Unternehmen Daten durch eine Sicherheitslücke in der Transfersoftware Cleo gestohlen.
https://www.heise.de/news/Cybergang-Cl0p-Angeblich-Daten-durch-Cleo-Sicherheitsluecke-abgezogen-10243744.html
Security flaws found in tiny phones promoted to children
TL;DR Three mini smartphones promoted to children were analysed These types of phones are heavily promoted on TikTok All had outdated operating systems All could be rooted without wiping the ..
https://www.pentestpartners.com/security-blog/security-flaws-found-in-tiny-phones-promoted-to-children/
Security flaws found in tiny phones promoted to children
TL;DR Three mini smartphones promoted to children were analysed Those devices are heavily promoted on TikTok All had outdated operating systems All could be rooted without wiping the phone, allowing ..
https://www.pentestpartners.com/security-blog/security-flaws-found-in-tiny-phones-promoted-to-children/
Adobe Releases Security Updates for Multiple Products
Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Photoshop, Animate, and Illustrator for iPad. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following ..
https://www.cisa.gov/news-events/alerts/2025/01/14/adobe-releases-security-updates-multiple-products
TAG Bulletin: Q3 2024
This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q3 2024.
https://blog.google/threat-analysis-group/tag-bulletin-q3-2024/
Patchday: Windows 10/11 Updates (14. Januar 2025)
Am 14. Januar 2024 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft auch kumulative Updates für die noch unterstützten Versionen der Client-Betriebssysteme Windows 10 und Windows 11 veröffentlicht. Hier einige ..
https://www.borncity.com/blog/2025/01/15/patchday-windows-10-11-updates-14-januar-2025/
Passkeys: the promise of a simpler and safer alternative to passwords
The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this
https://www.ncsc.gov.uk/blog-post/passkeys-promise-simpler-alternative-passwords
Your Single-Page Applications Are Vulnerable: Heres How to Fix Them
Due to their client-side nature, single-page applications (SPAs) will typically have multiple access control vulnerabilitiesBy implementing a robust access control policy on supporting APIs, the risks associated with client-side rendering can be largely mitigatedUsing server-side ..
https://cloud.google.com/blog/topics/threat-intelligence/single-page-applications-vulnerable/
Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.
https://www.wiz.io/blog/detecting-behavioral-cloud-indicators-of-compromise-iocs
The Risks of Misguided Research in Supply Chain Security
On January 8, 2025, it came to light that Snyk, a well-known security tool-frequently used to protect against supply chain attacks-was implicated in a troubling event. Several malicious packages targeting the popular AI coding platform Cursor were deployed to the public npm registry. These packages, named -cursor-retrieval,- -cursor-always-local,- ..
https://socket.dev/blog/the-risks-of-misguided-research-in-supply-chain-security
Penetration Testing for ISO/IEC 27001: A Detailed Guide to Compliance
In an era where data breaches and cyber threats dominate headlines, safeguarding sensitive information has become a critical priority for organizations worldwide. ISO/IEC 27001, the internationally recognized standard for Information Security Management Systems (ISMS), offers a robust framework to protect valuable information assets. By ..
https://fortbridge.co.uk/regulations/penetration-testing-for-iso-iec-27001-a-detailed-guide-to-compliance/
Vulnerabilities
Six vulnerabilities discovered in rsync
Nick Tait announced on the oss-security mailing list that rsync, the widely used file transfer program, had a number of serious vulnerabilities.Users can mitigate all six vulnerabilities by upgrading to version 3.4.0, which was released on January 14. While all users should upgrade, servers that use rsyncd are especially impacted:In the most severe CVE, an attacker ..
https://lwn.net/Articles/1005129/
Security updates for Wednesday
Security updates have been issued by Arch Linux (rsync), Debian (rsync), Fedora (perl-Net-OAuth and redis), Red Hat (ipa, raptor2, rsync, and tuned), Slackware (rsync), SUSE (apache2-mod_jk, git, kernel, rclone, rsync, and webkit2gtk3), and Ubuntu (git, linux-azure-5.4, pdns, pdns-recursor, python-django, rlottie, and rsync).
https://lwn.net/Articles/1005163/