[CERT-daily] Tageszusammenfassung - 11.01.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-01-2023 18:00 − Mittwoch 11-01-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Lorenz ransomware gang plants backdoors to use months later ∗∗∗
---------------------------------------------
Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lorenz-ransomware-gang-plants-backdoors-to-use-months-later/


∗∗∗ Bad Paths & The Importance of Using Valid URL Characters ∗∗∗
---------------------------------------------
To ensure that your web files and pages are accessible to a wide range of users with various different devices and operating systems, it’s important to use valid URL characters. Unsafe characters are known to cause compatibility issues with various browser clients, web servers, and even lead to incompatibility issues with web application firewalls.
---------------------------------------------
https://blog.sucuri.net/2023/01/bad-paths-the-importance-of-using-valid-url-characters.html


∗∗∗ Gefälschte Telegram-App spioniert unter Android ∗∗∗
---------------------------------------------
IT-Forscher von Eset haben eine gefälschte Telegram-App aufgespürt, die ihre Opfer umfassend ausspioniert. Sie wird jedoch außerhalb von Google Play verteilt.
---------------------------------------------
https://heise.de/-7455996


∗∗∗ Cybercrime Group Exploiting Old Windows Driver Vulnerability to Bypass Security Products ∗∗∗
---------------------------------------------
A cybercrime group tracked as Scattered Spider has been observed exploiting an old vulnerability in an Intel Ethernet diagnostics driver for Windows in recent attacks on telecom and BPO firms.
---------------------------------------------
https://www.securityweek.com/cybercrime-group-exploiting-old-windows-driver-vulnerability-bypass-security-products


∗∗∗ SMB “Access is denied” caused by anti-NTLM relay protection ∗∗∗
---------------------------------------------
We investigated a situation where an SMB client could not connect to an SMB server. The SMB server returned an “Access Denied” during the NTLM authentication, even though the credentials were correct and there were no restrictions on both the server-side share and client-side (notably UNC Hardened Access).
---------------------------------------------
https://medium.com/tenable-techblog/smb-access-is-denied-caused-by-anti-ntlm-relay-protection-659c60089895


∗∗∗ Dark Pink ∗∗∗
---------------------------------------------
New APT hitting Asia-Pacific, Europe that goes deeper and darker
---------------------------------------------
https://blog.group-ib.com/dark-pink-apt



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Webbrowser: 17 Sicherheitslücken in Google Chrome gestopft ∗∗∗
---------------------------------------------
Das erste Update des Jahres hievt den Webbrowser Chrome auf Stand 109. Die Entwickler schließen darin 17 Schwachstellen, von denen einige hochriskant sind.
---------------------------------------------
https://heise.de/-7455130


∗∗∗ Patchday: Schadcode-Attacken auf Adobe InCopy und InDesign möglich ∗∗∗
---------------------------------------------
Die Entwickler von Adobe haben in mehreren Anwendungen gefährliche Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-7455222


∗∗∗ Patchday: Angreifer verschaffen sich unter Windows System-Rechte ∗∗∗
---------------------------------------------
Microsoft hat wichtige Sicherheitsupdates für unter anderem Exchange Server, Office und Windows veröffentlicht.
---------------------------------------------
https://heise.de/-7455122


∗∗∗ Exploit-Code gesichtet: Attacken auf IT-Monitoring-Tool Cacti möglich ∗∗∗
---------------------------------------------
Angreifer könnten an einer kritischen Sicherheitslücke in Cacti ansetzen und Schadcode auf Servern ausführen.
---------------------------------------------
https://heise.de/-7455833


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (exiv2, hsqldb, libjettison-java, ruby-sinatra, and viewvc), Fedora (golang-github-docker, mbedtls, and vim), Gentoo (alpine, commons-text, jupyter_core, liblouis, mbedtls, ntfs3g, protobuf-java, scikit-learn, and twisted), Red Hat (kernel and kpatch-patch), SUSE (rubygem-activerecord-5.2, tiff, and webkit2gtk3), and Ubuntu (dotnet6, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-oracle, linux-ibm, and linux-oem-5.17, linux-oem-6.0).
---------------------------------------------
https://lwn.net/Articles/919649/


∗∗∗ Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs ∗∗∗
---------------------------------------------
Researchers at firmware security company Red Balloon Security have discovered a potentially serious vulnerability affecting many of Siemens’ programmable logic controllers (PLCs).
---------------------------------------------
https://www.securityweek.com/unpatchable-hardware-vulnerability-allows-hacking-siemens-plcs


∗∗∗ Exchange Server Sicherheitsupdates (10. Januar 2023), dringend patchen ∗∗∗
---------------------------------------------
Microsoft hat zum 10. Januar 2023 Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht. Diese Sicherheitsupdates schließen zwei Schwachstellen (Elevation of Privilege und Spoofing) in dieser Software.
---------------------------------------------
https://www.borncity.com/blog/2023/01/11/exchange-server-sicherheitsupdates-10-januar-2023-dringend-patchen/


∗∗∗ AMD Client Vulnerabilities - January 2023 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500539-AMD-CLIENT-VULNERABILITIES-JANUARY-2023


∗∗∗ AMD Server Vulnerabilities - January 2023 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500538-AMD-SERVER-VULNERABILITIES-JANUARY-2023


∗∗∗ Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6854413


∗∗∗ Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6854451


∗∗∗ IBM Security Verify Governance is vulnerable to denial of service due to an OpenSSL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6854571


∗∗∗ IBM Security Verify Governance is vulnerable to denial of service due to OpenSSL as a part of Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6854575


∗∗∗ IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6854577


∗∗∗ The IBM Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6825215

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily