End-of-Day report
Timeframe: Dienstag 04-02-2025 18:00 - Mittwoch 05-02-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Kosteneinsparungen: Lets Encrypt stellt Ablaufwarnungen für Zertifikate ein
Ab Juni erinnert Lets Encrypt nicht mehr an ablaufende Zertifikate. Administratoren wird empfohlen, auf alternative Dienste umzusteigen.
https://www.golem.de/news/kosteneinsparungen-let-s-encrypt-stellt-ablaufwarnungen-fuer-zertifikate-ein-2502-193063.html
Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge
International security squads all focus on stopping baddies busting in through routers, IoT kit etc Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers.
https://www.theregister.com/2025/02/05/netgear_fixes_critical_bugs_while/
In eigener Sache, wir stellen ein: System-Administrator:in (m/w/d - Vollzeit - Wien)
Für die Betreuung unserer Informations- und Kommunikationstechnik suchen wir eine/n System-Administrator:in mit Fachwissen im Bereich IT- und Netzwerk-Security.
https://www.cert.at/de/ueber-uns/jobs/
7-Zip: Mark-of-the-Web-Lücke wurde von Angreifern missbraucht
Die kürzlich gemeldete Mark-of-the-Web-Schwachstelle in 7-Zip wurde von Angreifern in freier Wildbahn für Schadcode-Schmuggel missbraucht.
https://www.heise.de/news/7-Zip-Mark-of-the-Web-Luecke-wurde-von-Angreifern-missbraucht-10269973.html
Support ausgelaufen: Keine Sicherheitsupdates mehr für attackierte Zyxel-Router
Derzeit hat es eine Mirai-Botnet-Malware auf bestimmte Routermodelle von Zyxel abgesehen. Weil der Support ausgelaufen ist, müssen Admins jetzt handeln.
https://www.heise.de/news/Support-ausgelaufen-Keine-Sicherheitsupdates-mehr-fuer-attackierte-Zyxel-Router-10269938.html
Who-s Behind the Seized Forums -Cracked- & -Nulled-?
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet ..
https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nulled/
Secure sanitisation and disposal of storage media
How to ensure data cannot be recovered from electronic storage media.
https://www.ncsc.gov.uk/guidance/secure-sanitisation-storage-media
Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials
A global phishing campaign is actively exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication (MFA), targeting over 150 organizations.
https://hackread.com/hackers-fake-microsoft-adfs-login-pages-steal-credentials/
Banking Malware Uses Live Numbers to Hijack OTPs, Targeting 50,000 Victims
A banking malware campaign using live phone numbers to redirect SMS messages has been identified by the zLabs research team, uncovering 1,000+ malicious apps and 2.5GB of exposed data.
https://hackread.com/banking-malware-live-numbers-hijack-otp-50000-victims/
Preventing account takeover on centralized cryptocurrency exchanges in 2025
This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes.
https://blog.trailofbits.com/2025/02/05/preventing-account-takeover-on-centralized-cryptocurrency-exchanges-in-2025/
Vulnerabilities
Multiple vulnerabilities in Defense Platform Home Edition
https://jvn.jp/en/jp/JVN66673020/
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34
Cisco Secure Web Appliance Range Request Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-range-bypass-2BsEHYSu
Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF
Cisco Expressway Series Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-xss-uexUZrEW
Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-xss-WCk2WcuG
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX