End-of-Day report
Timeframe: Montag 03-03-2025 18:00 - Dienstag 04-03-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Polish Space Agency offline as it recovers from cyberattack
-The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure.
https://www.bleepingcomputer.com/news/security/polish-space-agency-offline-as-it-recovers-from-cyberattack/
Booking a Threat: Inside LummaStealers Fake reCAPTCHA
Cybercriminals are taking advantage of the increased demand in travel by setting up fake booking sites, phishing scams and fraudulent listings to trick unsuspecting travelers.
https://www.gdatasoftware.com/blog/2025/03/38154-lummastealer-fake-recaptcha
KI-Trainingsdaten: Tausende gültiger API-Keys in gecrawlten Webdaten entdeckt
Bei der Analyse eines frei verfügbaren Archivs mit rund 400 TBytes an Websitedaten haben Forscher fast 12.000 gültige API-Keys und Passwörter gefunden.
https://www.golem.de/news/ki-trainingsdaten-tausende-gueltiger-api-keys-in-gecrawlten-webdaten-entdeckt-2503-193908.html
Kritische Lücke in VMware ESXi, Fusion und Workstation wird missbraucht
Broadcom warnt vor teils kritischen Sicherheitslecks in VMware ESXi, Fusion und Workstation. Angreifer missbrauchen sie bereits.
https://www.heise.de/news/Kritische-Luecke-in-VMware-ESXi-Fusion-und-Workstation-wird-missbraucht-10303639.html
DNSSEC NSEC. The accidental treasure map to your subdomains
TL;DR: DNSSEC secures DNS but may unintentionally expose domain structures via NSEC/NSEC3 records, enabling zone walking to enumerate subdomains. NSEC openly lists domain names, making enumeration easy. NSEC3 hashes ..
https://www.pentestpartners.com/security-blog/dnssec-nsec-the-accidental-treasure-map-to-your-subdomains/
MeinELBA-Zugang läuft bald ab? Vorsicht, Phishing-Versuch!
Kriminelle versenden aktuell wieder vermehrt SMS-Nachrichten, in denen vor einem Ablaufen des MeinELBA-Zugangs gewarnt wird. Wer verlängern möchte, müsse einen Link anklicken und auf einer vermeintlichen Login-Seite seine Onlinebanking-Daten eingeben. Diese Seite ist natürlich eine Fälschung. Allerdings eine sehr gut gemachte! Wie Sie sie erkennen und was Sie tun können, wenn Sie dort vertrauliche Informationen eingegeben haben, verrät dieser Artikel.
https://www.watchlist-internet.at/news/meinelba-zugang-phishing/
A Revision of the EU Cybersecurity Blueprint
The original EU cybersecurity blueprint from 2017 (officially: -Commission Recommendation of 13.9.2017 on Coordinated Response to Large Scale Cybersecurity Incidents and Crises-) is now close to seven years old and an update is overdue. The Commission recently published a draft for an updated version, and I-d like to take this opportunity to ..
https://www.cert.at/en/blog/2025/3/a-revision-of-the-eu-cybersecurity-blueprint
Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia?
Two blockbuster stories published on Friday that appear to confirm what many Americans suspected would occur under the Trump administration - that the new regime is going to be softer on Russia than previous administrations, particularly with regard to the threat that Russia poses in cyber space. Since publication, however, ..
https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/
The Dangers of Exposed Secrets - and How to Prevent Them
Modern enterprise software relies on authentication tokens, API keys, encryption keys, certificates, and other sensitive credentials to enable secure communication between applications, microservices, APIs, and DevOps pipelines. However, these secrets often end up hardcoded in source code during the development process, whether unintentionally or as a shortcut for quick ..
https://checkmarx.com/blog/exposed-secrets-and-how-to-prevent-them/
Do not run any Cargo commands on untrusted projects
TL;DR: Treat anything starting with cargo as if it is cargo run.
https://shnatsel.medium.com/do-not-run-any-cargo-commands-on-untrusted-projects-4c31c89a78d6
Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit
Welcome to part 2 of the Hacking the Xbox 360 Hypervisor blog series. In this part I-ll cover how I found and exploited bugs in the Xbox 360 hypervisor to get full code execution and create the -Bad Update- exploit. If you haven-t already, I highly recommend you read (or at least skim through) part 1 as this post will reference a lot of the material discussed there.
https://icode4.coffee/?p=1081
Vulnerabilities
Docusnap Inventory Files Encrypted with Static Key
Inventory files created by Docusnap, containing information like installed programs, firewall rules and local administrators, are encrypted with a static key. The decryption key can be obtained easily from the .NET application, downloadable from the vendor-s website. When following Docusnap-s installation instructions for Windows Domains, every domain user has read access to these files.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/
Security Vulnerabilities fixed in Firefox ESR 128.8
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
Security Vulnerabilities fixed in Firefox ESR 115.21
https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/
Security Vulnerabilities fixed in Firefox 136
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/