End-of-Day report
Timeframe: Dienstag 10-01-2023 18:00 - Mittwoch 11-01-2023 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
Lorenz ransomware gang plants backdoors to use months later
Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.
https://www.bleepingcomputer.com/news/security/lorenz-ransomware-gang-plants-backdoors-to-use-months-later/
Bad Paths & The Importance of Using Valid URL Characters
To ensure that your web files and pages are accessible to a wide range of users with various different devices and operating systems, it-s important to use valid URL characters. Unsafe characters are known to cause compatibility issues with various browser clients, web servers, and even lead to incompatibility issues with web application firewalls.
https://blog.sucuri.net/2023/01/bad-paths-the-importance-of-using-valid-url-characters.html
Gefälschte Telegram-App spioniert unter Android
IT-Forscher von Eset haben eine gefälschte Telegram-App aufgespürt, die ihre Opfer umfassend ausspioniert. Sie wird jedoch außerhalb von Google Play verteilt.
https://heise.de/-7455996
Cybercrime Group Exploiting Old Windows Driver Vulnerability to Bypass Security Products
A cybercrime group tracked as Scattered Spider has been observed exploiting an old vulnerability in an Intel Ethernet diagnostics driver for Windows in recent attacks on telecom and BPO firms.
https://www.securityweek.com/cybercrime-group-exploiting-old-windows-driver-vulnerability-bypass-security-products
SMB -Access is denied- caused by anti-NTLM relay protection
We investigated a situation where an SMB client could not connect to an SMB server. The SMB server returned an -Access Denied- during the NTLM authentication, even though the credentials were correct and there were no restrictions on both the server-side share and client-side (notably UNC Hardened Access).
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895
Dark Pink
New APT hitting Asia-Pacific, Europe that goes deeper and darker
https://blog.group-ib.com/dark-pink-apt
Vulnerabilities
Webbrowser: 17 Sicherheitslücken in Google Chrome gestopft
Das erste Update des Jahres hievt den Webbrowser Chrome auf Stand 109. Die Entwickler schließen darin 17 Schwachstellen, von denen einige hochriskant sind.
https://heise.de/-7455130
Patchday: Schadcode-Attacken auf Adobe InCopy und InDesign möglich
Die Entwickler von Adobe haben in mehreren Anwendungen gefährliche Sicherheitslücken geschlossen.
https://heise.de/-7455222
Patchday: Angreifer verschaffen sich unter Windows System-Rechte
Microsoft hat wichtige Sicherheitsupdates für unter anderem Exchange Server, Office und Windows veröffentlicht.
https://heise.de/-7455122
Exploit-Code gesichtet: Attacken auf IT-Monitoring-Tool Cacti möglich
Angreifer könnten an einer kritischen Sicherheitslücke in Cacti ansetzen und Schadcode auf Servern ausführen.
https://heise.de/-7455833
Security updates for Wednesday
Security updates have been issued by Debian (exiv2, hsqldb, libjettison-java, ruby-sinatra, and viewvc), Fedora (golang-github-docker, mbedtls, and vim), Gentoo (alpine, commons-text, jupyter_core, liblouis, mbedtls, ntfs3g, protobuf-java, scikit-learn, and twisted), Red Hat (kernel and kpatch-patch), SUSE (rubygem-activerecord-5.2, tiff, and webkit2gtk3), and Ubuntu (dotnet6, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-oracle, linux-ibm, and linux-oem-5.17, linux-oem-6.0).
https://lwn.net/Articles/919649/
Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs
Researchers at firmware security company Red Balloon Security have discovered a potentially serious vulnerability affecting many of Siemens- programmable logic controllers (PLCs).
https://www.securityweek.com/unpatchable-hardware-vulnerability-allows-hacking-siemens-plcs
Exchange Server Sicherheitsupdates (10. Januar 2023), dringend patchen
Microsoft hat zum 10. Januar 2023 Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht. Diese Sicherheitsupdates schließen zwei Schwachstellen (Elevation of Privilege und Spoofing) in dieser Software.
https://www.borncity.com/blog/2023/01/11/exchange-server-sicherheitsupdates-10-januar-2023-dringend-patchen/
AMD Client Vulnerabilities - January 2023
http://support.lenovo.com/product_security/PS500539-AMD-CLIENT-VULNERABILITIES-JANUARY-2023
AMD Server Vulnerabilities - January 2023
http://support.lenovo.com/product_security/PS500538-AMD-SERVER-VULNERABILITIES-JANUARY-2023
Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676
https://www.ibm.com/support/pages/node/6854413
Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165)
https://www.ibm.com/support/pages/node/6854451
IBM Security Verify Governance is vulnerable to denial of service due to an OpenSSL vulnerability
https://www.ibm.com/support/pages/node/6854571
IBM Security Verify Governance is vulnerable to denial of service due to OpenSSL as a part of Node.js
https://www.ibm.com/support/pages/node/6854575
IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty
https://www.ibm.com/support/pages/node/6854577
The IBM Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104
https://www.ibm.com/support/pages/node/6825215