End-of-Day report
Timeframe: Mittwoch 15-01-2025 18:00 - Donnerstag 16-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
MFA Failures - The Worst is Yet to Come
This article delves into the rising tide of MFA failures, the alarming role of generative AI in amplifying these attacks, the growing user discontent weakening our defenses, and the glaring vulnerabilities being frequently exploited. The storm is building, and the worst is yet to come.
https://www.bleepingcomputer.com/news/security/mfa-failures-the-worst-is-yet-to-come/
An honest mistake - and a cautionary tale
We all make mistakes. That is only natural. However, there are cases in which these mistakes can have unexpected consequences. A Twitter user recently found this out the hard way. The ingredients: a cheap USB-C adapter with a network connection, an internet connection and a sandbox.
https://www.gdatasoftware.com/blog/2025/01/38129-usb-network-adapter-malware
Windows 10 und 11: Microsoft verwirrt Nutzer mit Bitlocker-Bug
Auf einigen Windows-Geräten mit aktivierter Bitlocker-Verschlüsselung erscheint eine unerwartete Meldung. Microsoft untersucht das Problem.
https://www.golem.de/news/windows-10-und-11-microsoft-verwirrt-nutzer-mit-bitlocker-bug-2501-192471.html
Tiktok, Xiaomi, Aliexpress: Beschwerden wegen Datentransfers nach China eingereicht
China ist als autoritärer Überwachungsstaat nach Einschätzung von Datenschützern kein zulässiger Standort für europäische Nutzerdaten.
https://www.golem.de/news/tiktok-xiaomi-aliexpress-beschwerden-wegen-datentransfers-nach-china-eingereicht-2501-192486.html
Bidens Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech Fight
Nathaniel Fick, the ambassador for cyberspace and digital policy, has led US tech diplomacy amid a rising tide of pressure from authoritarian regimes. Will the Trump administration undo that work?
https://www.wired.com/story/nathaniel-fick-us-cyber-ambassador-exit-interview/
IT-Sicherheit: EU-Kommission will Gesundheitsbranche unterstützen
Verstärkte Prävention und rasche Reaktion auf Attacken stehen im Zentrum eines EU-Plans für IT-Sicherheit von Krankenhäusern und Gesundheitsdienstleistern.
https://www.heise.de/news/IT-Attacken-So-will-die-EU-Kommission-den-Gesundheitssektor-besser-schuetzen-10244385.html?
Es kann Schadcode auf HPE Aruba Networking AOS Controllers und Gateways gelangen
Netzwerktechnik von HPE Aruba ist verwundbar. Aktuelle Updates schließen insgesamt zwei Sicherheitslücken.
https://www.heise.de/news/Es-kann-Schadcode-auf-HPE-Aruba-Networking-AOS-Controllers-und-Gateways-gelangen-10244669.html?
Achtung vor go.hopeforlifefund.com: Spendenaufruf für Nikolas ist Fake!
Kinder, die an Krebs erkranken, stehen vor großen Herausforderungen und ihre Familien sind oft mit enormen finanziellen Belastungen konfrontiert. Spendenaktionen können hier ein Lichtblick sein. Doch leider gibt es auch Kriminelle, die das Mitgefühl der Menschen schamlos ausnutzen - wie im Fall der betrügerischen Spendenplattform go.hopeforlifefund.com, die angeblich für den krebskranken Jungen Nikolas Spenden sammelt.
https://www.watchlist-internet.at/news/spendenaufruf-fuer-krebskranken-nikolas-ist-fake/
FTC cracks down on GoDaddy for cybersecurity failings
GoDaddy-s failure to use industry standard measures led to what the Federal Trade Commission called -several major security breaches- between 2019 and 2022.
https://therecord.media/ftc-godaddy-cyber-failings-fine
Detecting Teams Chat Phishing Attacks (Black Basta)
For quite a while now, there has been a new ongoing threat campaign where the adversaries first bomb a user-s mailbox with spam emails and then pose as Help Desk or IT Support on Microsoft Teams to trick their potential victims into providing ..
https://blog.nviso.eu/2025/01/16/detecting-teams-chat-phishing-attacks-black-basta/
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.
Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684 ..
https://doublepulsar.com/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f?
Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes
A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext-s clients.-
https://hackread.com/black-basta-cyberattack-hits-inboxes-with-1165-emails/
Proxying PyRIT for fun and profit
If you are in the AI security field, you are probably facing the problem of testing Large Language Models (LLMs) at scale and questioning the optimal balance between automatic testing and manual testing ..
https://www.nccgroup.com/us/research-blog/proxying-pyrit-for-fun-and-profit/
Dont Use Session (Signal Fork)
The main reason I said to avoid Session, all those months ago, was simply due to their decision to remove forward secrecy (which is an important security property of cryptographic protocols they inherited for free when they forked libsignal).
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
UK Officials Consider Banning Ransomware Payments from Public Entities
The UK government is poised to take a decisive step in the fight against ransomware by banning public sector entities from paying ransoms. This collection of proposals, part of a broader effort to protect critical national infrastructure, aims to disrupt the business model of cybercriminals and shield essential services like the NHS, schools, and local ..
https://socket.dev/blog/uk-officials-consider-banning-ransomware-payments-from-public-entities
Vulnerabilities
Security updates for Thursday
Security updates have been issued by AlmaLinux (fence-agents, raptor2, and rsync), Debian (chromium), Fedora (rsync and seamonkey), Mageia (openjpeg2), Red Hat (tuned), Slackware (git), SUSE (dcmtk, dnsmasq, govulncheck-vulndb, libQtWebKit4, libraptor-devel, opera, python311-Pillow, python311-translate-toolkit, rsync, and SDL2_sound-devel), and Ubuntu (linux-raspi-5.4, neomutt, and python2.7).
https://lwn.net/Articles/1005292/
CVE-2024-9042
Command Injection affecting Windows nodes via nodes/*/logs/query API
https://github.com/kubernetes/kubernetes/issues/129654