End-of-Day report
Timeframe: Dienstag 27-12-2022 18:00 - Mittwoch 28-12-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
KI-Wunder ChatGPT kann bösartige E-Mails und Code generieren
Check Point Research (CPR) warnt vor Hackern, die ChatGPT und Codex von OpenAI nutzen könnten, um gezielte Cyberangriffe durchzuführen.
https://research.checkpoint.com/2022/opwnai-ai-that-can-save-the-day-or-hack-it-away/
https://www.zdnet.de/88406214/ki-wunder-chatgpt-kann-boesartige-e-mails-und-code-generieren/
Droht eine Exchange ProxyNotShell-Katastrophe zum Jahreswechsel 2022/2023?
Beunruhigende Informationen, die mich gerade erreicht haben. Nicht auf dem aktuellen Patchstand befindliche Microsoft Exchange On-Premises-Server sind anfällig für Angriffe über die ProxyNotShell-Schwachstellen. Vor Weihnachten gab es dann die Information, dass die Hackergruppe FIN7 seit längerem eine automatisierte Angriffsplattform zum [...]
https://www.borncity.com/blog/2022/12/28/droht-eine-exchange-proxynotshell-katastrophe-zum-jahreswechsel-2022-2023/
Why Attackers Target GitHub, and How You Can Secure It
The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.
https://www.darkreading.com/edge-articles/why-attackers-target-github-and-how-you-can-secure-it
Playing with Powershell and JSON (and Amazon and Firewalls), (Wed, Dec 28th)
In this post we'll take a look at parsing and manipulating JSON in Powershell.
https://isc.sans.edu/diary/rss/29380
CVE-2022-27510, CVE-2022-27518 - Measuring Citrix ADC & Gateway version adoption on the Internet
Recently, two critical vulnerabilities were reported in Citrix ADC and Citrix Gateway; where one of them was being exploited in the wild by a threat actor. Due to these vulnerabilities being exploitable remotely and given the situation of past Citrix vulnerabilities, RIFT started to research on how to identify the [...]
https://blog.fox-it.com/2022/12/28/cve-2022-27510-cve-2022-27518-measuring-citrix-adc-gateway-version-adoption-on-the-internet/
EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer
As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user-s conversations, according to a team of researchers from several universities in the United States.
https://www.securityweek.com/earspy-spying-phone-calls-ear-speaker-vibrations-captured-accelerometer
Alias and Directive Overloading in GraphQL
Denial of Service (DoS) attacks in GraphQL APIs are nothing new. It turns out that when you let clients control what data they want to receive from the server, malicious users try to abuse this flexibility to exhaust resources.
https://checkmarx.com/blog/alias-and-directive-overloading-in-graphql/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Fedora (curl) and SUSE (curl, freeradius-server, sqlite3, systemd, and vim).
https://lwn.net/Articles/918655/
Microsoft Patches Azure Cross-Tenant Data Access Flaw
Microsoft has silently fixed an important-severity security flaw in its Azure Cognitive Search (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.
https://www.securityweek.com/microsoft-patches-azure-cross-tenant-data-access-flaw
ABB Security Advisory: NE843 Pulsar Plus Controller
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732&LanguageCode=en&DocumentPartId=&Action=Launch
A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2022-34165).
https://www.ibm.com/support/pages/node/6851953