Tageszusammenfassung - 02.01.2023

End-of-Day report

Timeframe: Freitag 30-12-2022 18:00 - Montag 02-01-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

EarSpy-Lauschangriff auf Smartphones: Forschern gelingt Abhören aus der Ferne

In Mobiltelefone integrierte Ohrlautsprecher werden immer leistungsstärker. Dies hat den Nachteil, dass die verursachten Mini-Vibrationen verräterischer sind.

https://heise.de/-7444910


Rund 230 Millionen Deezer-Datensätze zu Have I been pwned hinzugefügt

Bei einem Einbruch in einen Deezer-Dienstleister konnten offenbar rund 230 Millionen Datensätze kopiert werden. Have I been pwned hat sie jetzt hinzugefügt.

https://heise.de/-7445237


Sicherheitsrisiko Microsoft Outlook App: Überträgt Anmeldedaten und Mails in die Cloud

Ich hole zum Jahresanfang 2023 nochmals ein Thema hoch, welches ich hier im Blog bereits 2015 und im Januar 2021 angesprochen habe. Es geht um die Microsoft Outlook App, die für Android- und iOS-Geräte angeboten und meines Erachtens breit eingesetzt [...]

https://www.borncity.com/blog/2023/01/01/sicherheitsrisiko-microsoft-outlook-app-bertrgt-anmeldedaten-und-mails-in-die-cloud/


Ransomware gang cloned victim-s website to leak stolen data

The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victims site to publish stolen data on it.

https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/


NetworkMiner 2.8 Released, (Mon, Jan 2nd)

First of all, happy new year to all our Readers! There exist tools that are very popular for a long time because they are regularly updated and... just make the job! NetworkMiner is one of them (the first release was in 2007). I don't use it regularly but it is part of my forensic toolbox for a while and already helped me in many investigations.

https://isc.sans.edu/diary/rss/29390


WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.

https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html


Python developers, uninstall this malicious package right now

If youre a Python developer and one who is accustomed to installed the latest preview builds of libraries, you might want to take immediate mitigative action. PyTorch, an open-source machine learning framework initially developed by Meta and now under the Linux Foundation, has seemingly been the target of a supply chain attack, which has potentially led to many users installing a malicious package.

https://www.neowin.net/news/python-developers-uninstall-this-malicious-package-right-now/

Vulnerabilities

IBM Security Bulletins 2022-12-30

IBM Content Collector, IBM Tivoli Monitoring

https://www.ibm.com/support/pages/bulletin/


Jetzt patchen: Netgear schließt hochriskante Lücke in mehreren Routern

Netgear empfiehlt ein dringendes Sicherheitsupdate für mehrere seiner Router-Modelle. Betroffen sind von der Lücke auch Modelle der Nighthawk-Reihe.

https://heise.de/-7444672


Synology warnt vor kritischer Lücke in VPN-Plus-Server

Wer Synology-Router als VPN-Server einsetzt, muss die Software zügig aktualisieren. Eine kritische Sicherheitslücke ermöglicht Angreifern sonst Codeschmuggel.

https://heise.de/-7444783


Security updates for Monday

Security updates have been issued by Debian (cacti, emacs, exuberant-ctags, libjettison-java, mplayer, node-loader-utils, node-xmldom, openvswitch, ruby-image-processing, webkit2gtk, wpewebkit, and xorg-server), Fedora (OpenImageIO, systemd, w3m, and webkit2gtk3), Mageia (curl, freeradius, libksba, libtar, python-ujson, sogo, thunderbird, and webkit2), Red Hat (bcel), and SUSE (ffmpeg, ffmpeg-4, mbedtls, opera, saphanabootstrap-formula, sbd, vlc, and webkit2gtk3).

https://lwn.net/Articles/918883/


Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-34165, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619

https://www.ibm.com/support/pages/node/6852357