End-of-Day report
Timeframe: Mittwoch 05-02-2025 18:00 - Donnerstag 06-02-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Ransomware payments declined in 2024 despite massive well-known hacks
Amount paid by victims to hackers declined by hundreds of millions of dollars.
https://arstechnica.com/security/2025/02/ransomware-payments-declined-in-2024-despite-well-known-massive-hacks/
Cisco Anyconnect: Hacker klonen Webseite der TU Dresden und verbreiten Malware
Mutmaßlich russische Angreifer wollten Nutzern von Cisco Anyconnect eine Malware unterjubeln. Mit einem Trick sollte die Masche unentdeckt bleiben.
https://www.golem.de/news/cisco-anyconnect-hacker-klonen-webseite-der-tu-dresden-und-verbreiten-malware-2502-193091.html
Scalable Vector Graphics files pose a novel phishing threat
The SVG file format can harbor malicious HTML, scripts, and malware
https://news.sophos.com/en-us/2025/02/05/svg-phishing/
Cisco stopft Sicherheitslücken in mehreren Produkten - auch kritische
In mehreren Produkten hat Cisco Sicherheitslücken entdeckt und warnt in Sicherheitsmitteilungen davor. Updates stehen bereit.
https://www.heise.de/news/Cisco-stopft-Sicherheitsluecken-in-mehreren-Produkten-auch-kritische-10272291.html
Thailand cuts power supply to Myanmar scam hubs
"It-s time to take decisive action,- Prime Minister Paethongthan Shinawatra said about Thailands move to cut off electricity from scam compounds in Myanmar border areas.
https://therecord.media/thailand-cuts-power-scam-compounds-myanmar
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
The number of zero-day vulnerabilities the government disclosed to vendors to be fixed, rather than keep them secret to exploit, comes out to about three a month. But the figure could rise dramatically under the Trump ..
https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/
Network security fundamentals
How to design, use, and maintain secure networks.
https://www.ncsc.gov.uk/guidance/network-security-fundamentals
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).
https://lwn.net/Articles/1008275/
OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013
https://www.drupal.org/sa-contrib-2025-013
2025-02-06: Cyber Security Advisory - Hard-coded credentials in ASPECT Energy Management System
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch
CISA Releases Six Industrial Control Systems Advisories
https://www.cisa.gov/news-events/alerts/2025/02/06/cisa-releases-six-industrial-control-systems-advisories