Tageszusammenfassung - 11.01.2023

End-of-Day report

Timeframe: Dienstag 10-01-2023 18:00 - Mittwoch 11-01-2023 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer


Lorenz ransomware gang plants backdoors to use months later

Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.


Bad Paths & The Importance of Using Valid URL Characters

To ensure that your web files and pages are accessible to a wide range of users with various different devices and operating systems, it-s important to use valid URL characters. Unsafe characters are known to cause compatibility issues with various browser clients, web servers, and even lead to incompatibility issues with web application firewalls.


Gefälschte Telegram-App spioniert unter Android

IT-Forscher von Eset haben eine gefälschte Telegram-App aufgespürt, die ihre Opfer umfassend ausspioniert. Sie wird jedoch außerhalb von Google Play verteilt.


Cybercrime Group Exploiting Old Windows Driver Vulnerability to Bypass Security Products

A cybercrime group tracked as Scattered Spider has been observed exploiting an old vulnerability in an Intel Ethernet diagnostics driver for Windows in recent attacks on telecom and BPO firms.


SMB -Access is denied- caused by anti-NTLM relay protection

We investigated a situation where an SMB client could not connect to an SMB server. The SMB server returned an -Access Denied- during the NTLM authentication, even though the credentials were correct and there were no restrictions on both the server-side share and client-side (notably UNC Hardened Access).


Dark Pink

New APT hitting Asia-Pacific, Europe that goes deeper and darker



Webbrowser: 17 Sicherheitslücken in Google Chrome gestopft

Das erste Update des Jahres hievt den Webbrowser Chrome auf Stand 109. Die Entwickler schließen darin 17 Schwachstellen, von denen einige hochriskant sind.


Patchday: Schadcode-Attacken auf Adobe InCopy und InDesign möglich

Die Entwickler von Adobe haben in mehreren Anwendungen gefährliche Sicherheitslücken geschlossen.


Patchday: Angreifer verschaffen sich unter Windows System-Rechte

Microsoft hat wichtige Sicherheitsupdates für unter anderem Exchange Server, Office und Windows veröffentlicht.


Exploit-Code gesichtet: Attacken auf IT-Monitoring-Tool Cacti möglich

Angreifer könnten an einer kritischen Sicherheitslücke in Cacti ansetzen und Schadcode auf Servern ausführen.


Security updates for Wednesday

Security updates have been issued by Debian (exiv2, hsqldb, libjettison-java, ruby-sinatra, and viewvc), Fedora (golang-github-docker, mbedtls, and vim), Gentoo (alpine, commons-text, jupyter_core, liblouis, mbedtls, ntfs3g, protobuf-java, scikit-learn, and twisted), Red Hat (kernel and kpatch-patch), SUSE (rubygem-activerecord-5.2, tiff, and webkit2gtk3), and Ubuntu (dotnet6, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-oracle, linux-ibm, and linux-oem-5.17, linux-oem-6.0).


Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs

Researchers at firmware security company Red Balloon Security have discovered a potentially serious vulnerability affecting many of Siemens- programmable logic controllers (PLCs).


Exchange Server Sicherheitsupdates (10. Januar 2023), dringend patchen

Microsoft hat zum 10. Januar 2023 Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht. Diese Sicherheitsupdates schließen zwei Schwachstellen (Elevation of Privilege und Spoofing) in dieser Software.


AMD Client Vulnerabilities - January 2023


AMD Server Vulnerabilities - January 2023


Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676


Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165)


IBM Security Verify Governance is vulnerable to denial of service due to an OpenSSL vulnerability


IBM Security Verify Governance is vulnerable to denial of service due to OpenSSL as a part of Node.js


IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty


The IBM Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104