End-of-Day report
Timeframe: Freitag 07-03-2025 18:00 - Montag 10-03-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
FTC will send $25.5 million to victims of tech support scams
-Later this week, the Federal Trade Commission (FTC) will start distributing over $25.5 million in refunds to those misled by tech support companies Restoro and Reimages scare tactics.
https://www.bleepingcomputer.com/news/security/ftc-will-send-255-million-to-victims-of-tech-support-scams/
Datenschutz: Polizist ruft Daten von Frauen ab und muss Strafe zahlen
Der Polizist hat eine persönliche Attraktivitätsskala geführt und ab bestimmten Werten persönliche Daten von Frauen abgefragt.
https://www.golem.de/news/datenschutz-polizist-ruft-daten-von-frauen-ab-und-muss-strafe-zahlen-2503-194100.html
SideWinder targets the maritime and nuclear sectors with an updated toolset
In this article, we discuss the tools and TTPs used in the SideWinder APTs attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.
https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/
The Russia-Ukraine Cyber War Part 4: Development in Group Attributions for Russian State Actors
This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital battlefield series, which has spanned topics including the differences between Russia and Ukraine cyber actors, how government entities, defense organizations, and human targets were caught in the cyber crossfire, and how both countries targeted the telecommunications, critical ..
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/russian-state-actors-development-in-group-attributions/
Rhysida pwns two US healthcare orgs, extracts over 300K patients data
Terabytes of sensitive info remain available for download Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients.
https://www.theregister.com/2025/03/10/rhysida_healthcare/
Strings Attached: Talking about Russias agenda for laws in cyberspace
Russias longstanding proposals for "information security" agreements may sound cooperative, but they conceal a Trojan horse - a push to legitimize censorship, silence dissent, and bind others to rules it won-t follow.
https://bytesandborscht.com/strings-attached-talking-about-russias-agenda-for-laws-in-cyberspace/
Größter Diebstahl der Geschichte: Bybit nutzte Freeware und wurde dadurch Opfer
Eine unsichere Freeware ermöglichte den Angreifern den Milliarden-Diebstahl bei Bybit. Die Probleme waren schon lang bekannt.
https://www.heise.de/news/Groesster-Diebstahl-der-Geschichte-Bybit-nutzte-Freeware-und-wurde-dadurch-Opfer-10309241.html
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/
Vulnerability Reward Program: 2024 in Review
In 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward ..
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
WordPress Security Research Series: WordPress Security Architecture
Learn how WordPress security works from the inside out. A guide for vulnerability researchers on identifying flaws in WordPress core, plugins, and themes.
https://www.wordfence.com/blog/2025/03/wordpress-security-research-series-wordpress-security-architecture/
Scam spoofs Binance website and uses TRUMP coin as lure for malware
Researchers at phishing defense company Cofense say hackers are spreading a malicious remote access tool through a fake Binance page that offers access to the TRUMP coin.
https://therecord.media/email-scam-spoofs-binance-offers-trump-coin-connectwise-rat
Navigating AI - Fighting Skynet
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor can you trust dates of commits!
https://blog.zsec.uk/navigating-ai-fighting-skynet/
No, there isn-t a world ending Apache Camel vulnerability
Posts have been circulating publicly on the internet for several days about a -critical-, end of the world -zero day- in Apache Camel, CVE-2025-27636. Many of the posts explained in specific detail about how to exploit the vulnerability ..
https://doublepulsar.com/no-there-isnt-a-world-ending-apache-camel-vulnerability-edd055f40d39
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign
-GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.
https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457
How to distrust a CA without any certificate errors
A -distrust- is when a certification authority (CA) that issues HTTPS certificates to websites is removed from a root store because it is no longer trusted to issue certificates. This means certificates issued by that CA will be treated as invalid, likely causing certificate error interstitials in any browser that distrusted the ..
https://dadrian.io/blog/posts/sct-not-after/
Exploiting Neverwinter Nights
Back in 2024, we looked for vulnerabilities in Neverwinter Nights : Enhanced Edition as a side research project. We found and reported multiple vulnerabilities to the publisher Beamdog. In this article we will detail how we can chain two vulnerabilities to obtain a remote code execution in multiplayer mode.
https://www.synacktiv.com/en/publications/exploiting-neverwinter-nights.html