Tageszusammenfassung - 18.02.2025

End-of-Day report

Timeframe: Montag 17-02-2025 18:00 - Dienstag 18-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

StaryDobry ruins New Year-s Eve, delivering miner instead of presents

Kaspersky GReAT experts have discovered a new campaign distributing the XMRig cryptominer through popular games such as BeamNG.drive and Dyson Sphere Program on torrent trackers.

https://securelist.com/starydobry-campaign-spreads-xmrig-miner-via-torrents/115509/

FreSSH bugs undiscovered for years threaten OpenSSH security

Exploit code now available for MitM and DoS attacks Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.

https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/

Watch where you point that cred! Part 1

TL;DR Poorly protected authentication requests from privileged automated tasks (e.g. vulnerability scanners, health checks) could be intercepted by rogue authentication servers planted in the internal network. Weak authentication methods, ..

https://www.pentestpartners.com/security-blog/watch-where-you-point-that-cred-part-1/

Vorsicht vor Betrug mit Geschenkkarten: -Ich brauche deine Hilfe bei einer kleinen Aufgabe.-

Kriminelle versuchen aktuell verstärkt, über betrügerische E-Mails an Geld zu kommen. Sie geben sich als vermeintliche Bekannte ihrer Opfer aus und bitten diese, Geschenk- bzw. Gutscheinkarten im Gesamtwert von 500 - zu kaufen. Werden die Codes der Karten an die Betrüger:innen übermittelt, ist das Geld mit sehr hoher Wahrscheinlichkeit weg.

https://www.watchlist-internet.at/news/betrug-mit-geschenkkarten/

How Secure Is Your OAuth? Insights from 100 Websites

You might not recognize the term -OAuth,- otherwise known as Open Authorization, but chances are you-ve used it ..

https://www.cyberark.com/resources/threat-research-blog/how-secure-is-your-oauth-insights-from-100-websites

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn ..

https://hackread.com/snake-keylogger-variant-windows-data-telegram-bots/

Weak Passwords Led to (SafePay) Ransomware-Yet Again

This post will delve into a recent incident response engagement handled by NCC Group-s Digital Forensics and Incident Response (DFIR) team, involving SafePay ransomware.

https://www.nccgroup.com/us/research-blog/weak-passwords-led-to-safepay-ransomware-yet-again/

XCSSET Malware Targeting macOS

XCSSET is a sophisticated malware targeting macOS users, especially software developers. Discovered by Trend Micro in 2020, XCSSET has evolved significantly and remains a potent threat. This detailed analysis covers its evolution, attack methods, ..

https://thecyberthrone.in/2025/02/18/xcsset-malware-targeting-macos/

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).

https://lwn.net/Articles/1010621/