Tageszusammenfassung - 19.01.2026

End-of-Day report

Timeframe: Freitag 16-01-2026 18:00 - Montag 19-01-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

News

StealC hackers hacked as researchers hijack malware control panels

A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers- hardware.

https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/

Autotype: Windows-11-Update macht beliebte Keepass-Funktion kaputt

Seit dem Januar-Patchday kann Keepass in einigen Windows-Dialogen keine Zugangsdaten mehr per Autotype einfügen. Ein Fix ist nicht zu erwarten.

https://www.golem.de/news/autotype-windows-11-update-macht-beliebte-keepass-funktion-kaputt-2601-204337.html

What Happened After Security Researchers Found 60 Flock Cameras Livestreaming to the Internet

A couple months ago, YouTuber Benn Jordan "found vulnerabilities in some of Flock's license plate reader cameras," reports 404 Media's Jason Koebler. "He reached out to me to tell me he had learned that some of Flock's Condor cameras were left live-streaming to the open internet."

https://yro.slashdot.org/story/26/01/17/0718211/what-happened-after-security-researchers-found-60-flock-cameras-livestreaming-to-the-internet?utm_source=rss1.0mainlinkanon&utm_medium=feed

China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusions

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.

https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT.

https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html

Fehlende Postleitzahl? Nachricht von DPD ist eine Phishing-Falle

Ein Klassiker des Online-Betrugs. Ein Paketdienstleister meldet sich aus heiterem Himmel. Angeblich war ein Zustellversuch aufgrund einer fehlenden Postleitzahl nicht erfolgreich. Tatsächlich versuchen Kriminelle über ein gefälschtes Portal an Kreditkartendaten zu kommen.

https://www.watchlist-internet.at/news/dpd-phishing-falle/

Windows Januar 2026 Update tauscht Secure Boot Zertifikate

Im Juni 2026 laufen UEFI Secure Boot-Zertifikate für Windows ab. Im Oktober 2026 trifft es dann das nächste ablaufende UEFI-Zertifikat für den Secure Boot. Microsoft hat zum 13. Januar 2026 im Rahmen des Patchday erneut den Ansatz unternommen, das Secure Boot-Zertifikat im UEFI auszutauschen. Hier eine kurze Nachlese zum Sachstand.

https://borncity.com/blog/2026/01/17/windows-januar-2026-update-tauscht-secure-boot-zertifikate/

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers

This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers.

https://www.trendmicro.com/en_us/research/26/a/analysis-of-the-evelyn-stealer-campaign.html

Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications.

https://hackread.com/hackers-exploit-pdf24-app-pdfsider-backdoor/

Blink and youll miss them: 6-day certificates are here!

What a great way to start 2026! Let's Encrypt have now made their short-lived certificates available, so you can go and start using them right away.

https://scotthelme.ghost.io/blink-and-youll-miss-them-6-day-certificates-are-here/

Microsoft startet mit Identifizierung von unsicherer RC4-Verschlüsselung

Die Windows-Sicherheitsupdates aus dem Januar läuten den Rauswurf unsicherer RC4-Verschlüsselung ein. Eine Lücke erfordert Maßnahmen.

https://heise.de/-11145332

Malware Peddlers Are Now Hijacking Snap Publisher Domains

tl;dr: There-s a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some gets caught by automated filters, but plenty slips through. Recently, these miscreants have changed tactics - they-re now registering expired domains belonging to legitimate snap publishers, taking over their accounts, and pushing malicious updates to previously trustworthy applications. This is a significant escalation.

https://blog.popey.com/2026/01/malware-purveyors-taking-over-published-snap-email-domains/

TPM on Embedded Systems: Pitfalls and Caveats

Trusted Platform Module (TPM) chips have been around since the release of the TPM 1.2 specification more than 20 years ago, and the TPM 2.0 specification1 was released in 2014. The technology is now seeing widespread adoption in various computing sectors. TPMs have been a standard feature in PCs, particularly notebooks, for some time. With integration into tools like systemd-s tooling for LUKS/dm-crypt and legal requirements like EU-s CRA, TPM functionality is also now making its way into the embedded Linux sector. In this post, we-ll highlight common pitfalls and considerations for using TPM chips on embedded devices.

https://sigma-star.at/blog/2026/01/tpm-on-embedded-systems-pitfalls-and-caveats/

How to Remove Saved Passwords From Google Chrome (And Why You Should)

It usually starts with a small convenience. You log into a site once, Chrome offers to remember the password, and you click -Save- without thinking twice. Weeks turn into months, devices multiply, and before you know it, your browser knows more about your digital life than you do. This is exactly how many users end up relying on Chrome-s built-in tools without ever learning how to delete passwords from Chrome when it actually matters.

https://thecyberexpress.com/how-to-delete-saved-passwords-in-google-chrome/

All In One SEO Plugin Flaw Exposes AI Token to Low-Privilege WordPress Users

A newly disclosed security vulnerability in the All In One SEO ecosystem has drawn attention across the WordPress community due to its potential reach and impact. The flaw affects the widely used AIOSEO plugin, which is active on more than 3 million WordPress websites. It allows low-privileged users to access a site-wide AI access token tied to the plugin-s artificial intelligence features.

https://thecyberexpress.com/all-in-one-seo-wordpress-ai-token/

Vulnerabilities

Security updates for Monday

Security updates have been issued by AlmaLinux (cups, libpq, libsoup3, podman, and postgresql16), Debian (ffmpeg, gpsd, python-urllib3, and thunderbird), Fedora (chromium, foomuuri, forgejo, freerdp, harfbuzz, libtpms, musescore, python-biopython, and python3.12), Mageia (gimp, libpng, nodejs, and python-urllib3), and SUSE (alloy, avahi, bind, chromedriver, chromium, cpp-httplib, docker, erlang, fluidsynth, freerdp, go-sendxmpp, govulncheck-vulndb, kernel, libwireshark19, NetworkManager-applet-l2tp, python, python311-virtualenv, thunderbird, and zk).

https://lwn.net/Articles/1054992/

Unberechtigte Zugriffe möglich: Lücken in Dells OneFS-NAS-Betriebssystem

Dells NAS-Betriebssystem PowerScale OneFS ist über mehrere Sicherheitslücken angreifbar. Dagegen stehen abgesicherte Ausgaben zum Download bereit.

https://heise.de/-11145497