End-of-Day report
Timeframe: Mittwoch 12-02-2025 18:00 - Donnerstag 13-02-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Google fixes flaw that could unmask YouTube users email addresses
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously.
https://www.bleepingcomputer.com/news/security/google-fixes-flaw-that-could-unmask-youtube-users-email-addresses/
Chinese espionage tools deployed in RA World ransomware attack
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors.
https://www.bleepingcomputer.com/news/security/chinese-espionage-tools-deployed-in-ra-world-ransomware-attack/
Wie Handynutzer mit einem Uralt-Bezahlsystem in die Abofalle tappen
WAP-Billing ermöglicht, auf dem Smartphone unbeabsichtigt teure Mehrwertdienste zu bestellen. Das Geld wird sofort per Handyrechnung abgebucht.
https://futurezone.at/digital-life/wap-mobilfunk-abofalle-abzocke-sms-bezahlen-per-handyrechnung-drei-cookies-factory-srl/403009819
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the -BadPilot campaign-. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell ..
https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/
Woeful Security On Financial Phone Apps Is Getting People Murdered
Longtime Slashdot reader theodp writes: Monday brought chilling news reports of the all-count trial convictions of three individuals for a conspiracy to rob and drug people outside of LGBTQ+ nightclubs in Manhattans Hells Kitchen neighborhood, which led to the deaths of two of their victims. The defendants were found guilty on all 24 counts, which ..
https://news.slashdot.org/story/25/02/12/2339225/woeful-security-on-financial-phone-apps-is-getting-people-murdered
Magento Credit Card Stealer Disguised in an Tag
Tag" align="center" style="display: block;margin: 0 auto 20px;max-width:100%" />Recently, we had a client come to us concerned that their website was infected with credit card stealing malware, often referred to as MageCart. Their website was running on Magento, a popular eCommerce content management system that skilled attackers often ..
https://blog.sucuri.net/2025/02/magento-credit-card-stealer-disguised-in-an-tag.html
Ransomware isnt always about the money: Government spies have objectives, too
Analysts tell El Reg why Russias operators arent that careful, and why North Korea wants money AND data Feature Ransomware gangsters and state-sponsored online spies fall on opposite ends of the cyber-crime spectrum.
https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
Sophos sheds 6% of staff after swallowing Secureworks
De-dupes some roles, hints others arent needed as the infosec scene shifts Nine days after completing its $859 million acquisition of managed detection and response provider Secureworks, Sophos has laid off around six percent of its staff.
https://www.theregister.com/2025/02/13/sophos_secureworks_layoff/
Feds want devs to stop coding unforgivable buffer overflow vulnerabilities
FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects-, pointed to the presence of the holes in products from the likes of Microsoft and VMware, and urged all software developers to adopt secure-by-design practices to avoid creating more of them.
https://www.theregister.com/2025/02/13/fbi_cisa_unforgivable_buffer_overflow/
The Loneliness Epidemic Is a Security Crisis
Romance scams cost victims hundreds of millions of dollars a year. As people grow increasingly isolated, and generative AI helps scammers scale their crimes, the problem could get worse.
https://www.wired.com/story/loneliness-epidemic-romance-scams-security-crisis/
WTF: ICANN Opfer von Phishing: Online-Konto für Kryptowährungs-Reklame missbraucht
"Die ICANN gibt dem Internet seine eigene Währung", schallte es von einem offiziellen ICANN-Konto eines sozialen Netzes. Hinter "$DNS" stecken aber Kriminelle.
https://www.heise.de/news/ICANN-Opfer-von-Phishing-Online-Konto-fuer-Kryptowaehrungs-Reklame-missbraucht-10280537.html
Patchday: Intel schließt Sicherheitslücken in CPUs und Grafiktreibern
Es sind wichtige Updates für verschiedene Produkte von Intel erschienen. Admins sollten sie zeitnah installieren.
https://www.heise.de/news/Patchday-Intel-schliesst-kritische-Sicherheitsluecke-in-Fernwartungsfunktion-BMC-10280666.html
Massiver Cyberangriff auf US-Provider: Attacken gehen immer noch weiter
Im Herbst wurde der schlimmste Telekommunikationshack in der US-Geschichte entdeckt. Die Angreifer wurden noch nicht gestoppt, ganz im Gegenteil.
https://www.heise.de/news/Massiver-Cyberangriff-auf-US-Provider-Attacken-gehen-immer-noch-weiter-10281222.html
PCI DSS v4.0 Evidence and documentation requirements checklist
TL;DR PCI DSS is complex and challenging Review the 12 top level controls Arm yourself with this checklist to help you navigate it Introduction PCI DSS v4.0 is challenging for ..
https://www.pentestpartners.com/security-blog/pci-dss-v4-0-evidence-and-documentation-requirements-checklist/
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap
Alexander Vinnik, who ran the defunct cryptocurrency exchange BTC-e and pleaded guilty last year to participating in a money laundering scheme, is heading back to Russia as part of a prisoner swap that freed an American teacher, reports said.
https://therecord.media/alexander-vinnik-reported-released-prisoner-swap-russia-us
An Italian journalist speaks about being targeted with Paragon spyware
As an undercover journalist covering Italian politics, Francesco Cancellato is used to reporting on scandals. But he never thought he would be part of the story.
https://therecord.media/italian-journalist-speaks-about-being-targeted-spyware
FortiOS Vulnerability Allows Super-Admin Privilege Escalation - Patch Now!
Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has ..
https://hackread.com/fortios-vulnerability-super-admin-privilege-escalation/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by AlmaLinux (doxygen and openssl), Debian (dcmtk and webkit2gtk), Fedora (chromium, clevis-pin-tpm2, envision, fido-device-onboard, gotify-desktop, keylime-agent-rust, keyring-ima-signer, libkrun, python3.10, python3.11, python3.14, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, ..
https://lwn.net/Articles/1009450/
CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2025-0108