End-of-Day report
Timeframe: Montag 02-01-2023 18:00 - Dienstag 03-01-2023 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
BMW, Mercedes, Kia, Porsche: Sicherheitsforscher hacken etliche Autohersteller
Forschern ist es gelungen die API-Endpunkte etlicher Autohersteller wie BMW oder Kia zu hacken - von der Konten- bis zur Autoübernahme war alles möglich.
https://www.golem.de/news/bmw-mercedes-kia-porsche-sicherheitsforscher-hacken-etliche-autohersteller-2301-170901.html
Schadcode auf PyPI: Supply-Chain-Angriff auf PyTorch Nightly Builds
Wer kürzlich PyTorch-nightly unter Linux via pip installiert hat, erhielt Schadcode. Das PyTorch-Team hat Gegenmaßnahmen eingeleitet.
https://heise.de/-7447195
Its about time: OS Fingerprinting using NTP, (Tue, Jan 3rd)
Most current operating systems, including many small systems like IoT devices, use some form of NTP to sync time. NTP is lightweight and reasonably accurate in most use cases to synchronize time across the internet with millisecond accuracy [1]. Some protocols, like PTP, are more accurate but are designed for local networks and may require special hardware on the host [2]. Smaller systems with less stringent accuracy requirements sometimes use SNTP, a variant of NTP.
https://isc.sans.edu/diary/rss/29394
Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe
Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday.
https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html
Cloud Metadata - AWS IAM Credential Abuse
[...] In this run through we have a vulnerable AWS EC2 instance configured to use IMDSv1 (Instance Metadata Service) which we will exploit, escalate our privileges and carry out post-compromise activities. While not every AWS EC2 instance has an associated IAM role (AWS Identity and Access Management), when they do these role profiles contain credentials/keys.
https://sneakymonkey.net/cloud-credential-abuse/
SSRF vulnerabilities caused by SNI proxy misconfigurations
SNI proxies are load balancers that use the SNI extension field to select backend systems. When misconfigured, SNI proxies can be vulnerable to SSRF attacks that provide access to web application backends.
https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/
Exploiting GraphQL Query Depth
GraphQL was created and developed with flexibility in mind: clients should be given the power to ask for exactly what they need and nothing more. Much of this flexibility involves allowing customers to execute multiple queries in a single request, [...]
https://checkmarx.com/blog/exploiting-graphql-query-depth/
Vulnerabilities
IBM Security Bulletins 2023-01-03
IBM Business Automation Workflow, IBM InfoSphere Information Server, IBM Integrated Analytics System, IBM Process Mining, IBM Security SOAR, IBM Security Verify Governance, IBM Sterling B2B Integrator, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration, Rational Directory Server (Tivoli) & Rational Directory Administrator
https://www.ibm.com/support/pages/bulletin/
Trend Micros Sicherheitslösung Maximum Security benötigt einen Sicherheitspatch
Angreifer könnten Windows-PCs mit Sicherheitssoftware von Trend Micro attackieren. Ein Sicherheitspatch ist verfügbar.
https://heise.de/-7446553
Security updates for Tuesday
Security updates have been issued by Oracle (bcel), SUSE (ca-certificates-mozilla, glibc, minetest, multimon-ng, nautilus, ovmf, python-Django, samba, saphanabootstrap-formula, and xrdp), and Ubuntu (usbredir).
https://lwn.net/Articles/918965/
ThinkPad X13s BIOS Vulnerabilities
http://support.lenovo.com/product_security/PS500537