Tageszusammenfassung - 06.04.2023

End-of-Day report

Timeframe: Mittwoch 05-04-2023 18:00 - Donnerstag 06-04-2023 18:00 Handler: Stephan Richter Co-Handler: Michael Schlagenhaufer

News

Telegram now the go-to place for selling phishing tools and services

Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers.

https://www.bleepingcomputer.com/news/security/telegram-now-the-go-to-place-for-selling-phishing-tools-and-services/

CAN do attitude: How thieves steal cars using network bus

It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor. Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicles system bus via a smart headlamps wiring.

https://go.theregister.com/feed/www.theregister.com/2023/04/06/can_injection_attack_car_theft/

Technical analysis of the Genesis Market

[...] In case you are unfamiliar with this market, it was used to sell stolen login credentials, browser cookies and online fingerprints (in order to prevent -risky sign-in- detections), by some referred to as IMPaas, or Impersonation-as-a-Service. [...] its activities have resulted in approximately two million victims. If you want to know more about this operation, you can read our other blog post. You can also check if your data has been compromised [...]

https://sector7.computest.nl/post/2023-04-technical-analysis-genesis-market/

CyberGhostVPN - the story of finding MITM, RCE, LPE in the Linux client

This article discloses the vulnerabilities that were present in the CyberGhostVPN Linux 1.3.5 client (and versions below). The latest version of the CyberGhostVPN Linux client is now free from these vulnerabilities.

https://mmmds.pl/cyberghostvpn-mitm-rce-lpe/

Cisco: Teils hochriskante Lücken in mehreren Produkten abgedichtet

Cisco-Administratoren bekommen über die Ostertage Arbeit: Der Hersteller hat in diversen Produkten Sicherheitslücken entdeckt. Updates sollen sie schließen.

https://heise.de/-8644498

Nexx Garagentorsteuerung: Schwachstelle erlaubt Zugriff für Hacker

Wer eine Home-Automatisierung von Nexx besitzt und diese per Fernsteuerung seiner Garagentore benutzt, hat nun ein fettes Problem. Eine Schwachstelle in der Nexx-Fernsteuerung ermöglicht Hackern den nicht autorisierten Zugriff auf die Garagentore.

https://www.borncity.com/blog/2023/04/06/nexx-garagentorsteuerung-schwachstelle-erlaubt-zugriff-fr-hacker/

Beware of new YouTube phishing scam using authentic email address

Watch out for a new YouTube phishing scam and ignore any email from YouTube that claims to provide details about "Changes in YouTube rules and policies | Check the Description.

https://www.hackread.com/youtube-phishing-scam-authentic-email-address/

Vulnerabilities

Cisco Security Advisories 2023-04-05

Cisco has released 13 security advisories: (3x High, 9x Medium, 1x Informational)

https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2023%2F04%2F05&firstPublishedEndDate=2023%2F04%2F05

Trellix-Agent ermöglicht Rechteausweitung am System

Der Agent von Trellix - dem Zusammenschluss von McAfee und FireEye - ermöglicht Angreifern, ihre Rechte im System auszuweiten. Ein Update schließt die Lücke.

https://heise.de/-8645652

Datenleck: Mastodon-Lücke erlaubt Informationsabfluss

Aktualisierte Mastodon-Pakete dichten ein Datenleck in der LDAP-Authentifizierung ab. Administratorinnen und Administratoren sollten die Updates zügig anwenden.

https://heise.de/-8645580

Security updates for Thursday

Security updates have been issued by Debian (cairosvg, ghostscript, grunt, tomcat9, and trafficserver), Fedora (golang, podman, xen, and zchunk), Red Hat (kpatch-patch), SUSE (systemd), and Ubuntu (apache-log4j1.2, liblouis, linux-aws, and linux-bluefield).

https://lwn.net/Articles/928476/

Celery as used by IBM QRadar Advisor With Watson App is vulnerable to arbitrary command execution (CVE-2021-23727)

https://www.ibm.com/support/pages/node/6981595

Node.js passport is vulnerable to CVE-2022-25896 used in IBM Maximo Application Suite

https://www.ibm.com/support/pages/node/6966086

IBM TRIRIGA Application Platform discloses XML external entities injection (CVE-2023-27876)

https://www.ibm.com/support/pages/node/6981115

IBM TRIRIGA Application Platform discloses Stored Cross Site Scripting (CVE-2022-43914)

https://www.ibm.com/support/pages/node/6981597

AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)

https://www.ibm.com/support/pages/node/6851445

decode-uri-component is vulnerable to CVE-2022-38900 used in IBM Maximo Application Suite

https://www.ibm.com/support/pages/node/6981607

AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

https://www.ibm.com/support/pages/node/6953825

AIX is vulnerable to denial of service vulnerabilities

https://www.ibm.com/support/pages/node/6847947

Vulnerability in Apache Tomcat affects App Connect Professional.

https://www.ibm.com/support/pages/node/6981763

IBM Security Verify Governance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input related to the HtmlResponseWriter (CVE-2013-5855)

https://www.ibm.com/support/pages/node/6981781