End-of-Day report
Timeframe: Montag 10-02-2025 18:00 - Dienstag 11-02-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875.
https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/
US sanctions LockBit ransomware-s bulletproof hosting provider
-The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang.
https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates.
https://www.bleepingcomputer.com/news/security/russian-military-hackers-deploy-malicious-windows-activators-in-ukraine/
All your 8Base are belong to us: Ransomware crew busted in global sting
Dark web site seized, four cuffed in Thailand An international police operation spanning the US, Europe, and Asia has shuttered the 8Base ransomware crews dark web presence and resulted in the arrest of four European suspects accused of stealing $16 million from more than 1,000 victims worldwide.
https://www.theregister.com/2025/02/10/8base_police_arrrest/
Im a security expert, and I almost fell for a North Korea-style deepfake job applicant -Twice
Remote position, webcam not working, then glitchy AI face ... Red alert! Twice, over the past two months, Dawid Moczad-o has interviewed purported job seekers only to discover that these "software developers" were scammers using AI-based tools - likely to get hired at a security company also using artificial intelligence, and then steal source code or other sensitive IP.
https://www.theregister.com/2025/02/11/it_worker_scam/
Sicherheitsupdates Zimbra: Angreifer können Metadaten von E-Mails auslesen
Die Zimbra-Entwickler haben unter anderem mindestens eine kritische Lücke in der E-Mail- und Groupwarelösung geschlossen.
https://www.heise.de/news/Sicherheitsupdates-Zimbra-Angreifer-koennen-Metadaten-von-E-Mails-auslesen-10277628.html
Hugging Face: Bösartige ML-Modelle auf Entwicklungsplattform aufgedeckt
Auf der KI-Entwicklungsplattform Hugging Face haben IT-Forscher bösartige ML-Modelle entdeckt. Angreifer könnten damit Befehle einschleusen.
https://www.heise.de/news/Hugging-Face-Boesartige-ML-Modelle-auf-Entwicklungsplattform-aufgedeckt-10278387.html
PCI DSS. Where to start?
TL;DR Determine your role: Merchant or service provider Determine your level and requirements Identify your validation method: SAQ or RoC Use the PCI website ..
https://www.pentestpartners.com/security-blog/pci-dss-where-to-start/
Hacker who hijacked SEC-s X account pleads guilty, faces maximum five-year sentence
Alabama native Eric Council Jr. confessed to taking over the Securities and Exchange Commissions account and posting false information that caused the price of bitcoin to swing wildly.
https://therecord.media/hacker-hijacked-sec-account-maximum
SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers
SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks.
https://hackread.com/systembc-rat-targets-linux-ransomware-infostealers/
Cisco Rejects Kraken Ransomware-s Data Breach Claims
Cisco denies recent data breach claims by the Kraken ransomware group, stating leaked credentials are from a resolved 2022 incident. Learn more about Ciscos response and the details of the original attack.
https://hackread.com/cisco-rejects-kraken-ransomware-data-breach-claim/
!exploitable Episode One - Breaking IoT
For our last company retreat, the Doyensec team went on a cruise along the coasts of the Mediterranean Sea. As amazing as each stop was, us being geeks, we had to break the monotony of daily pool parties with some much-needed hacking sessions. Luca and John, our chiefs, came to the rescue with three challenges chosen to ..
https://blog.doyensec.com/2025/02/11/exploitable-iot.html
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).
https://lwn.net/Articles/1008966/
Zahlreiche Schwachstellen in Wattsense Bridge
https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachstellen-in-wattsense-bridge/
February Security Update
https://www.ivanti.com/blog/february-security-update