End-of-Day report
Timeframe: Donnerstag 26-01-2023 18:00 - Freitag 27-01-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
ProxyShell & Co.: Microsoft gibt Tipps, um Exchange Server abzusichern
Vor dem Hintergrund mehrerer kritischer Sicherheitslücken und Attacken auf Exchange Server zeigt Microsoft, welche Updates Admins dringend installieren müssen.
https://heise.de/-7472639
CPUs von Intel und ARM: Linux und der Umgang mit datenabhängigem Timing
Wenn die Dauer von Operationen von den Daten abhängt, ermöglicht dies Timing-Attacken auf Informationen. Wie geht Linux damit um?
https://www.golem.de/news/cpus-von-intel-und-arm-linux-und-der-umgang-mit-datenabhaengigem-timing-2301-171499.html
Bitwarden password vaults targeted in Google ads phishing attack
Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users password vault credentials.
https://www.bleepingcomputer.com/news/security/bitwarden-password-vaults-targeted-in-google-ads-phishing-attack/
Live Linux IR with UAC, (Thu, Jan 26th)
The other day, I was looking for Linux IR scripts and ran across the tool Unix-like Artifacts Collector or UAC(1) created by Thiago Lahr. As you would expect, it gathers most live stats but also collects Virtual box and Docker info and other data on the system. [...] With any tool, you should always test to understand how it affects your system. I ran a simple file timeline collection before and after to see what changes were made.
https://isc.sans.edu/diary/rss/29480
WhatsApp hijackers take over your account while you sleep
Theres an easy way to protect yourself. Heres how.
https://www.malwarebytes.com/blog/news/2023/01/protect-your-whatsapp-account-against-actors-who-try-to-steal-it-while-you-sleep
"2.6 million DuoLingo account entries" up for sale
We take a look at claims of large amounts of DuoLingo user data up for sale, supposedly scraped from publicly available sources.
https://www.malwarebytes.com/blog/news/2023/01/2.6-million-duolingo-account-entries-up-for-sale
Tourismusbranche im Visier von Kriminellen: Cyberangriffe über booking.com
Der Hotelverband Deutschland, der französische Hotelverband GNI und die Wirtschaftskammer Österreich warnen vor zwei unterschiedlichen Betrugsversuchen über die Kommunikationskanäle von booking.com. Die Angriffe zielen darauf ab, das Computer-System der Unterkünfte mit Schadsoftware zu infizieren oder Kunden:innendaten abzugreifen.
https://www.watchlist-internet.at/news/tourismusbranche-im-visier-von-kriminellen-cyberangriffe-ueber-bookingcom/
Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms
We recap our research on privilege escalation and powerful permissions in Kubernetes and analyze the ways various platforms have addressed it.
https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/
A Blog with NoName
Further Insight into the Hacktivist Operation Targeting NATO and Affiliated Nations
https://www.team-cymru.com/post/a-blog-with-noname
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (bind9, chromium, and modsecurity-apache), Fedora (libgit2, mediawiki, and redis), Oracle (go-toolset:ol8, java-1.8.0-openjdk, systemd, and thunderbird), Red Hat (java-1.8.0-openjdk and redhat-ds:12), SUSE (apache2, bluez, chromium, ffmpeg-4, glib2, haproxy, kernel, libXpm, podman, python-py, python-setuptools, samba, xen, xrdp, and xterm), and Ubuntu (samba).
https://lwn.net/Articles/921477/
CISA Releases Eight Industrial Control Systems Advisories
https://us-cert.cisa.gov/ncas/current-activity/2023/01/26/cisa-releases-eight-industrial-control-systems-advisories
IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-47983)
https://www.ibm.com/support/pages/node/6857695
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023
https://www.ibm.com/support/pages/node/6857999
IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to [CVE-2022-42898]
https://www.ibm.com/support/pages/node/6858007
IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-27664]
https://www.ibm.com/support/pages/node/6858011
IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-32189]
https://www.ibm.com/support/pages/node/6858009
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to [CVE-2022-23491]
https://www.ibm.com/support/pages/node/6858005
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime
https://www.ibm.com/support/pages/node/6858015
Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21626)
https://www.ibm.com/support/pages/node/6847951