End-of-Day report
Timeframe: Montag 27-01-2025 18:00 - Dienstag 28-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
EU sanctions Russian GRU hackers for cyberattacks against Estonia
The European Union sanctioned three hackers, part of Unit 29155 of Russias military intelligence service (GRU), for their involvement in cyberattacks targeting Estonias government agencies in 2020.
https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-gru-hackers-for-cyberattacks-against-estonia/
Israel: Hacker kapern Notfallsirenen und spielen arabische Musik
In mehreren israelischen Einrichtungen ist kürzlich unerwartet arabische Musik aus den Notfallsirenen ertönt. Eine Hackergruppe hat sich schuldig bekannt.
https://www.golem.de/news/israel-hacker-kapern-notfallsirenen-und-spielen-arabische-musik-2501-192811.html
Beyond the hype: The business reality of AI for cybersecurity
Real-world insights from 400 IT leaders, plus practical guidance to enhance business outcomes
https://news.sophos.com/en-us/2025/01/28/beyond-the-hype-the-business-reality-of-ai-for-cybersecurity/
Update: Cybercriminals still not fully on board the AI train (yet)
A year after our initial research on threat actors- attitudes to generative AI, we revisit some underground forums and find that many cybercriminals are still skeptical - although there has been a slight shift.
https://news.sophos.com/en-us/2025/01/28/update-cybercriminals-still-not-fully-on-board-the-ai-train-yet/
Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks
DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said its restricting registrations on the service, citing malicious attacks."Due to large-scale malicious attacks on DeepSeeks services, ..
https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html
Apple plugs security hole in its iThings thats already been exploited in iOS
Cupertino kicks off the year with a zero-day Apple has plugged a security hole in the software at the heart of its iPhones, iPads, Vision Pro goggles, Apple TVs and macOS Sequoia Macs, warning some miscreants have already exploited the bug.
https://www.theregister.com/2025/01/28/apple_cve_2025_24085/
Security pros more confident about fending off ransomware, despite being battered by attacks
Data leak, shmata leak. It will all work out, right? IT and security pros say they are more confident in their ability to manage ransomware attacks after nearly nine in ten (88 percent) were forced to contain efforts by criminals to breach their defenses in the past year.
https://www.theregister.com/2025/01/28/research_security_pros_gain_ransomware/
Auf Facebook konnte man E-Mail-Adressen, Telefonnummern, Einmalpasswörter, etc. von Fremden einsehen.
For an unknown period until the end of January 2024, Facebook appears to have suffered a data leak that has exposed users- email addresses, phone numbers and other identifying information. [..] The issue was reported to Facebook via its bug bounty programme. While the demonstrated method stopped working two weeks after submission, the ..
https://social.leckse.net/@leckse/statuses/01JJPE94S1NQM62VY60S767S1H
Sonicwall: Tausende Geräte für trivial angreifbare SSL-VPN-Lücke anfällig
Seit Anfang Januar gibt es einen Patch zum Schließen einer SSL-VPN-Lücke in Sonicwalls. Dennoch sind mehr als 5000 Geräte noch angreifbar.
https://www.heise.de/news/Leicht-angreifbare-Sonicwall-Luecke-Tausende-Geraete-noch-ungepatcht-10258556.html
Teamviewer: Rechteausweitung durch Sicherheitslücke möglich
Teamviewer warnt vor einer Schwachstelle in den Windows-Versionen der Fernwartungssoftware, die Angreifern die Rechteausweitung ermöglicht.
https://www.heise.de/news/Teamviewer-Rechteausweitung-durch-Sicherheitsluecke-moeglich-10259390.html
A Tumultuous Week for Federal Cybersecurity Efforts
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nations cybersecurity posture. The president fired all advisors from the Department of Homeland Securitys Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided ..
https://krebsonsecurity.com/2025/01/a-tumultuous-week-for-federal-cybersecurity-efforts/
How Garmin watches reveal your personal data, and what you can do
TL;DR A walk-through of obtaining sensitive data from a Garmin watch using forensic techniques How digital forensics on a Garmin watch helped solve a double murder case A ..
https://www.pentestpartners.com/security-blog/how-garmin-watches-reveal-your-personal-data-and-what-you-can-do/
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.
https://blog.talosintelligence.com/new-tornet-backdoor-campaign/
ScatterBrain: Unmasking the Shadow of PoisonPlugs Obfuscator
Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears ..
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator/
Stating the Obvious: Vulns On the Rise in 2025
Join Ben Edwards, as he takes a brief look back at one of the stories that was most interesting to him as a security data nerd from 2024.
https://www.bitsight.com/blog/2025-predictions-for-cve-vulnerabilities
Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591
Welcome to Monday, and what an excitingly fresh start to the week were all having. Grab your coffee, grab your vodka - were diving into a currently exploited-in-the-wild critical Authentication Bypass affecting ..
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
Clone2Leak: Your Git Credentials Belong To Us
In October 2024, I was hunting bugs for the GitHub Bug Bounty program. After investigating GitHub Enterprise Server for a while, I felt bored and decided to try to find bugs on GitHub Desktop instead.
https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/
Best practices for key derivation
By Marc Ilunga Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it-s also easy to get wrong: although ..
https://blog.trailofbits.com/2025/01/28/best-practices-for-key-derivation/
Vulnerabilities
Vulnerability in ClamAV Discovered by OSS-Fuzz
A security vulnerability has been identified in ClamAV, stemming from a potential buffer overflow read issue in ..
https://www.qnap.com/en-us/security-advisory/QSA-25-04
WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN88046370/
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
https://typo3.org/security/advisory/typo3-ext-sa-2025-001
Rockwell Automation FactoryTalk
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-03