Tageszusammenfassung - 24.02.2023

End-of-Day report

Timeframe: Donnerstag 23-02-2023 18:00 - Freitag 24-02-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

Vorsicht: ChatGPT-Scams nehmen stark zu

Im Internet gibt es viele Seiten, die vorgeben, der intelligente Chatbot zu sein. In Wahrheit verbreiten sie Schadsoftware.

https://futurezone.at/produkte/chatgpt-scam-malware-apps-android-chatbot-vorsicht-betrug/402341793


KI: Journalist überlistet Bank mit künstlicher Intelligenz

Einem Journalisten ist es gelungen, die Stimmauthentifizierung einer Bank mit KI zu umgehen. Das könnten auch Betrüger.

https://www.golem.de/news/ki-journalist-ueberlistet-bank-mit-kuenstlicher-intelligenz-2302-172169.html


Privatsphäre: Chrome-Extensions können noch immer eine Menge anrichten

Eine Analyse zeigt, was sich trotz Googles Chrome Extension Manifest V3 alles ausspähen lässt, wenn Nutzer bei der Installation nicht vorsichtig sind.

https://www.golem.de/news/privatsphaere-chrome-extensions-koennen-noch-immer-eine-menge-anrichten-2302-172166.html


The code that wasn-t there: Reading memory on an Android device by accident

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.

https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/


In Final Cut & Co: Warnung vor Cryptojacking durch gecrackte Mac-Apps

Malware für Cryptomining wird über gecrackte Mac-Apps verbreitet und verbirgt sich dabei immer besser, warnen Sicherheitsforscher. Apple reagiert.

https://heise.de/-7527273


Update on the Exchange Server Antivirus Exclusions

For years we have been saying how running antivirus (AV) software on your Exchange Servers can enhance the security and health of your Exchange organization. We-ve also said that if you are deploying file-level scanners on Exchange servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning. But times have changed, and so has the cybersecurity landscape.

https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464


Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Trend Micro-s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.

https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html

Vulnerabilities

Cisco stopft teils hochriskante Schwachstellen

Für mehrere Produkte stellt Netzwerkausrüster Cisco Sicherheitsupdates bereit. Sie schließen teils als hohe Bedrohung eingestufte Schwachstellen.

https://heise.de/-7526208


Security updates for Friday

Security updates have been issued by Debian (binwalk, chromium, curl, emacs, frr, git, libgit2, and tiff), Fedora (qt5-qtbase), SUSE (c-ares, kernel, openssl-1_1-livepatches, pesign, poppler, rubygem-activerecord-5_1, and webkit2gtk3), and Ubuntu (linux-aws).

https://lwn.net/Articles/924358/


Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769)

https://www.ibm.com/support/pages/node/301273


IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to information disclosure (CVE-2022-43923)

https://www.ibm.com/support/pages/node/6957654


AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)

https://www.ibm.com/support/pages/node/6851445


A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)

https://www.ibm.com/support/pages/node/6958016


A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-23477)

https://www.ibm.com/support/pages/node/6958024


A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)

https://www.ibm.com/support/pages/node/6958016


Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

https://www.ibm.com/support/pages/node/6958056


Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

https://www.ibm.com/support/pages/node/6958062


Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

https://www.ibm.com/support/pages/node/6958064


CVE-2022-32149 may affect IBM CICS TX Advanced

https://www.ibm.com/support/pages/node/6958066


CVE-2022-32149 may affect IBM CICS TX Standard

https://www.ibm.com/support/pages/node/6958072


Multiple vulnerabilities in Go may affect IBM CICS TX Standard

https://www.ibm.com/support/pages/node/6958068


CVE-2022-3676 may affect IBM CICS TX Advanced

https://www.ibm.com/support/pages/node/6958086


CVE-2022-3676 may affect IBM CICS TX Standard

https://www.ibm.com/support/pages/node/6958074


IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Go

https://www.ibm.com/support/pages/node/6855111


IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go

https://www.ibm.com/support/pages/node/6955929


CVE-2022-37734 may affect IBM CICS TX Advanced

https://www.ibm.com/support/pages/node/6958076


CVE-2022-37734 may affect IBM CICS TX Standard

https://www.ibm.com/support/pages/node/6958084


IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

https://www.ibm.com/support/pages/node/6955937


CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Advanced

https://www.ibm.com/support/pages/node/6958080


CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard

https://www.ibm.com/support/pages/node/6958082


IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token

https://www.ibm.com/support/pages/node/6955935


Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

https://www.ibm.com/support/pages/node/6957710


Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

https://www.ibm.com/support/pages/node/6957822