End-of-Day report
Timeframe: Donnerstag 30-01-2025 18:00 - Freitag 31-01-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access ..
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Infrastructure Laundering: Blending in with the Cloud
In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services.
https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/
Operation "Talent" nimmt weltgrößte Plattformen für Cyberkriminalität vom Netz
Bei einer internationalen Aktion wurden die Cracking-Foren nulled.to und cracked.io vom Netz genommen
https://www.derstandard.at/story/3000000255412/operation-talent-nimmt-weltgroesste-plattformen-fuer-cyberkriminalitaet-vom-netz
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek
Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content.
https://unit42.paloaltonetworks.com/jailbreaking-deepseek-three-techniques/
On hackers, hackers, and hilarious misunderstandings
"Hacker", as we in the bizz know well, carries different meanings for different people, and this can cause hilarious misunderstandings. Yesterday, the Polish TV network TVN aired the second part of an ongoing documentary about issues in NEWAG trains that were analyzed by Dragon Sector. Near the end, the documentary featured a recording ..
https://gynvael.coldwind.pl/?id=799
Cyberangriffe auf SimpleHelp RMM beobachtet
In SimepleHelp RMM missbrauchen Angreifer Sicherheitslücken, um Netzwerke zu kompromittieren. Updates stehen bereit.
https://heise.de/-10265414
The Slow Death of OCSP
Everybody is talking about OCSP now because, just last month, at the end of 2024, Let-s Encrypt announced it was going to stop supporting online certificate revocation checking. Beginning in early May 2025, there will no longer be any OCSP revocation information in Let-s Encrypt-s certificates. Once all its earlier certificates expire, Let-s Encrypt will shut down its OCSP servers.
https://www.feistyduck.com/newsletter/issue_121_the_slow_death_of_ocsp
PyPI-s New Archival Feature Closes a Major Security Gap
A major security improvement has landed on PyPI: maintainers can now archive projects, making it clear when a package is no longer actively maintained. This long-awaited feature, developed by Trail of Bits and funded by Alpha-Omega, helps developers make informed decisions about dependencies while protecting the Python ecosystem from risks associated ..
https://socket.dev/blog/pypi-adds-support-for-archiving-projects
VMware Aria Vulnerabilities Addressed
VMware Security Advisory VMSA-2025-0003 addresses multiple vulnerabilities identified in VMware Aria Operations for Logs and VMware Aria Operations. These vulnerabilities, if exploited, could allow attackers to ..
https://thecyberthrone.in/2025/01/31/vmware-aria-vulnerabilities-addressed/
DeepSeek-s Popularity Sparks Surge in Crypto Phishing and Malware Campaigns
The rapid rise of DeepSeek, a Chinese artificial intelligence company known for its open-source large language models (LLMs), has sparked not only excitement but also a significant increase in cyber threats. As of January 2025, the company launched its first free chatbot app, -DeepSeek - AI Assistant,- which quickly became the most downloaded ..
https://thecyberexpress.com/deepseeks-surge-sparks-malware-campaigns/
Vulnerabilities
Security updates for Friday
Security updates have been issued by AlmaLinux (libsoup), Debian (debian-security-support and redis), Fedora (expat, java-21-openjdk, lemonldap-ng, and phpMyAdmin), Mageia (chromium-browser-stable and git-lfs), Oracle (bzip2, git-lfs, libsoup, mariadb:10.11, mariadb:10.5, python-jinja2, redis, and unbound), Red Hat (git-lfs, libsoup, python-jinja2, ..
https://lwn.net/Articles/1007252/
VU#733789: ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit"
https://kb.cert.org/vuls/id/733789
ZDI-25-060: Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-060/