End-of-Day report
Timeframe: Freitag 30-12-2022 18:00 - Montag 02-01-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
EarSpy-Lauschangriff auf Smartphones: Forschern gelingt Abhören aus der Ferne
In Mobiltelefone integrierte Ohrlautsprecher werden immer leistungsstärker. Dies hat den Nachteil, dass die verursachten Mini-Vibrationen verräterischer sind.
https://heise.de/-7444910
Rund 230 Millionen Deezer-Datensätze zu Have I been pwned hinzugefügt
Bei einem Einbruch in einen Deezer-Dienstleister konnten offenbar rund 230 Millionen Datensätze kopiert werden. Have I been pwned hat sie jetzt hinzugefügt.
https://heise.de/-7445237
Sicherheitsrisiko Microsoft Outlook App: Überträgt Anmeldedaten und Mails in die Cloud
Ich hole zum Jahresanfang 2023 nochmals ein Thema hoch, welches ich hier im Blog bereits 2015 und im Januar 2021 angesprochen habe. Es geht um die Microsoft Outlook App, die für Android- und iOS-Geräte angeboten und meines Erachtens breit eingesetzt [...]
https://www.borncity.com/blog/2023/01/01/sicherheitsrisiko-microsoft-outlook-app-bertrgt-anmeldedaten-und-mails-in-die-cloud/
Ransomware gang cloned victim-s website to leak stolen data
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victims site to publish stolen data on it.
https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/
NetworkMiner 2.8 Released, (Mon, Jan 2nd)
First of all, happy new year to all our Readers! There exist tools that are very popular for a long time because they are regularly updated and... just make the job! NetworkMiner is one of them (the first release was in 2007). I don't use it regularly but it is part of my forensic toolbox for a while and already helped me in many investigations.
https://isc.sans.edu/diary/rss/29390
WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.
https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html
Python developers, uninstall this malicious package right now
If youre a Python developer and one who is accustomed to installed the latest preview builds of libraries, you might want to take immediate mitigative action. PyTorch, an open-source machine learning framework initially developed by Meta and now under the Linux Foundation, has seemingly been the target of a supply chain attack, which has potentially led to many users installing a malicious package.
https://www.neowin.net/news/python-developers-uninstall-this-malicious-package-right-now/
Vulnerabilities
IBM Security Bulletins 2022-12-30
IBM Content Collector, IBM Tivoli Monitoring
https://www.ibm.com/support/pages/bulletin/
Jetzt patchen: Netgear schließt hochriskante Lücke in mehreren Routern
Netgear empfiehlt ein dringendes Sicherheitsupdate für mehrere seiner Router-Modelle. Betroffen sind von der Lücke auch Modelle der Nighthawk-Reihe.
https://heise.de/-7444672
Synology warnt vor kritischer Lücke in VPN-Plus-Server
Wer Synology-Router als VPN-Server einsetzt, muss die Software zügig aktualisieren. Eine kritische Sicherheitslücke ermöglicht Angreifern sonst Codeschmuggel.
https://heise.de/-7444783
Security updates for Monday
Security updates have been issued by Debian (cacti, emacs, exuberant-ctags, libjettison-java, mplayer, node-loader-utils, node-xmldom, openvswitch, ruby-image-processing, webkit2gtk, wpewebkit, and xorg-server), Fedora (OpenImageIO, systemd, w3m, and webkit2gtk3), Mageia (curl, freeradius, libksba, libtar, python-ujson, sogo, thunderbird, and webkit2), Red Hat (bcel), and SUSE (ffmpeg, ffmpeg-4, mbedtls, opera, saphanabootstrap-formula, sbd, vlc, and webkit2gtk3).
https://lwn.net/Articles/918883/
Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-34165, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619
https://www.ibm.com/support/pages/node/6852357