End-of-Day report
Timeframe: Freitag 07-02-2025 18:00 - Montag 10-02-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Microsoft raises rewards for Copilot AI bug bounty program
-Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities.
https://www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/
Malware from fake recruiters
Fake recruiters are currently on the hunt for CVs - and also your data. Reports have emerged about malware being put into work assignments that supposedly test a candidate-s technical skills.
https://www.gdatasoftware.com/blog/2025/02/38143-malware-fake-recruiters
Cybersicherheit: OpenAI-Benutzerdatenbank angeblich gehackt
Im Darknet sind Hinweise veröffentlicht worden, dass die Benutzerdatenbank von OpenAI angeblich gehackt worden sei. Es gibt aber Zweifel.
https://www.golem.de/news/cybersicherheit-openai-benutzerdatenbank-angeblich-gehackt-2502-193173.html
Reminder: 7-Zip & MoW, (Mon, Feb 10th)
CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn't propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not have the MoW propagated from the outer ZIP file.
https://isc.sans.edu/forums/diary/Reminder+7Zip+MoW/31668/
Server Attack Stops the Presses at US Newspaper Chain
They publish 77 newspapers in 26 U.S. states, according to Wikipedia. But this week a "cybersecurity event" at the newspapers parent company "disrupted systems and networks," according to an article at one of their news sites which quotes an email sent to employees by the publishing companys CEO. "We have notified law enforcement of ..
https://news.slashdot.org/story/25/02/10/0614233/server-attack-stops-the-presses-at-us-newspaper-chain
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.Website security company Sucuri said the code, while appearing to be a typical GTM and ..
https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html
Anonymisierendes Linux: Tails 6.12 schließt Deanonymisierungs-Lücke
Sicherheitslücken in der anonymisierenden Linux-Distribution Tails erlauben Angreifern die Deanonymisierung von Nutzern. Tails 6.12 stoppt das.
https://www.heise.de/news/Anonymisierendes-Linux-Tails-6-12-schliesst-Deanonymisierungs-Luecke-10276001.html
Teen on Musk-s DOGE Team Graduated from -The Com-
Wired reported this week that a 19-year-old working for Elon Musks so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As todays story explores, the DOGE teen is a ..
https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-graduated-from-the-com/
Millionen Thermomix-Nutzer von Datenleck betroffen
Im Darknet werden bei Rezeptwelt.de erbeutete Daten zum Verkauf angeboten. Die Lücke wurde geschlossen, der Hersteller warnt aber vor anderen Konsequenzen
https://www.derstandard.at/story/3000000256481/millionen-thermomix-nutzer-von-datenleck-betroffen
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn-t
Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification ..
https://blog.talosintelligence.com/small-praise-for-modern-compilers-a-case-of-ubuntu-printing-vulnerability-that-wasnt/
Teen Hacker -Natohub- Caught for NATO, UN, and US Army Breaches
A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a -dangerous hacker- suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally.
https://hackread.com/teen-hacker-natohub-caught-nato-un-us-army-breach/
Scammers Use Fake Facebook Copyright Notices to Hijack Accounts
A new phishing campaign is targeting businesses with fake Facebook copyright notices. Learn how to spot the signs and keep your Facebook account secure.
https://hackread.com/scammers-use-fake-facebook-copyright-notices-to-hijack-accounts/
Be Skeptical of All Code - Not Just the Funny Stuff
Should you be more skeptical of code that is a -self-admitted keylogger- than code that purports to be useful? I-m not so sure.
https://eieio.games/blog/be-skeptical-of-all-code-not-just-the-funny-stuff/
Obsidian Publish Directory Enumeration
I have been using Obsidian for a while now. It is a great tool for organizing my life. My daily TODO lists, project boards, notes for school and research, and the occasional journal are all stored in ..
https://ezrizhu.com/blog/obsidian-dir-enum
New OG Spoof Toolkit Manipulates Social Media Links for Cybercrime
Cyble Research and Intelligence Labs (CRIL) highlighted the growing misuse of the Open Graph Spoofing Toolkit, a dangerous tool designed to manipulate Open Graph Protocol metadata to trick users into clicking on harmful links. This exploitation of OG tags is a serious concern, as it opens the door to a wide range of phishing attacks that target social ..
https://thecyberexpress.com/open-graph-spoofing-toolkit-phishing-attacks/
Vulnerabilities
Security updates for Monday
Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, ..
https://lwn.net/Articles/1008829/
Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to ..
https://www.cisa.gov/news-events/alerts/2025/02/07/trimble-releases-security-updates-address-vulnerability-cityworks-software