End-of-Day report
Timeframe: Donnerstag 23-02-2023 18:00 - Freitag 24-02-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Vorsicht: ChatGPT-Scams nehmen stark zu
Im Internet gibt es viele Seiten, die vorgeben, der intelligente Chatbot zu sein. In Wahrheit verbreiten sie Schadsoftware.
https://futurezone.at/produkte/chatgpt-scam-malware-apps-android-chatbot-vorsicht-betrug/402341793
KI: Journalist überlistet Bank mit künstlicher Intelligenz
Einem Journalisten ist es gelungen, die Stimmauthentifizierung einer Bank mit KI zu umgehen. Das könnten auch Betrüger.
https://www.golem.de/news/ki-journalist-ueberlistet-bank-mit-kuenstlicher-intelligenz-2302-172169.html
Privatsphäre: Chrome-Extensions können noch immer eine Menge anrichten
Eine Analyse zeigt, was sich trotz Googles Chrome Extension Manifest V3 alles ausspähen lässt, wenn Nutzer bei der Installation nicht vorsichtig sind.
https://www.golem.de/news/privatsphaere-chrome-extensions-koennen-noch-immer-eine-menge-anrichten-2302-172166.html
The code that wasn-t there: Reading memory on an Android device by accident
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.
https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/
In Final Cut & Co: Warnung vor Cryptojacking durch gecrackte Mac-Apps
Malware für Cryptomining wird über gecrackte Mac-Apps verbreitet und verbirgt sich dabei immer besser, warnen Sicherheitsforscher. Apple reagiert.
https://heise.de/-7527273
Update on the Exchange Server Antivirus Exclusions
For years we have been saying how running antivirus (AV) software on your Exchange Servers can enhance the security and health of your Exchange organization. We-ve also said that if you are deploying file-level scanners on Exchange servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning. But times have changed, and so has the cybersecurity landscape.
https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
Trend Micro-s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.
https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html
Vulnerabilities
Cisco stopft teils hochriskante Schwachstellen
Für mehrere Produkte stellt Netzwerkausrüster Cisco Sicherheitsupdates bereit. Sie schließen teils als hohe Bedrohung eingestufte Schwachstellen.
https://heise.de/-7526208
Security updates for Friday
Security updates have been issued by Debian (binwalk, chromium, curl, emacs, frr, git, libgit2, and tiff), Fedora (qt5-qtbase), SUSE (c-ares, kernel, openssl-1_1-livepatches, pesign, poppler, rubygem-activerecord-5_1, and webkit2gtk3), and Ubuntu (linux-aws).
https://lwn.net/Articles/924358/
Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769)
https://www.ibm.com/support/pages/node/301273
IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to information disclosure (CVE-2022-43923)
https://www.ibm.com/support/pages/node/6957654
AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)
https://www.ibm.com/support/pages/node/6851445
A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)
https://www.ibm.com/support/pages/node/6958016
A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-23477)
https://www.ibm.com/support/pages/node/6958024
A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)
https://www.ibm.com/support/pages/node/6958016
Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition
https://www.ibm.com/support/pages/node/6958056
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023
https://www.ibm.com/support/pages/node/6958062
Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow
https://www.ibm.com/support/pages/node/6958064
CVE-2022-32149 may affect IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/6958066
CVE-2022-32149 may affect IBM CICS TX Standard
https://www.ibm.com/support/pages/node/6958072
Multiple vulnerabilities in Go may affect IBM CICS TX Standard
https://www.ibm.com/support/pages/node/6958068
CVE-2022-3676 may affect IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/6958086
CVE-2022-3676 may affect IBM CICS TX Standard
https://www.ibm.com/support/pages/node/6958074
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Go
https://www.ibm.com/support/pages/node/6855111
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
https://www.ibm.com/support/pages/node/6955929
CVE-2022-37734 may affect IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/6958076
CVE-2022-37734 may affect IBM CICS TX Standard
https://www.ibm.com/support/pages/node/6958084
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
https://www.ibm.com/support/pages/node/6955937
CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/6958080
CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard
https://www.ibm.com/support/pages/node/6958082
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token
https://www.ibm.com/support/pages/node/6955935
Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
https://www.ibm.com/support/pages/node/6957710
Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility
https://www.ibm.com/support/pages/node/6957822