[CERT-daily] Tageszusammenfassung - 16.01.2023

Daily end-of-shift report team at cert.at
Mon Jan 16 19:39:57 CET 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 13-01-2023 18:00 − Montag 16-01-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Viele Cacti-Server öffentlich erreichbar und verwundbar ∗∗∗
---------------------------------------------
Sicherheitsforscher stoßen auf tausende über das Internet erreichbare Server mit dem IT-Monitoring-Tool Cacti. Zahlreiche Instanzen wurden noch nicht gepatcht.
---------------------------------------------
https://heise.de/-7459904


∗∗∗ CircleCI-Hack: 2FA-Zugangsdaten von Mitarbeiter ergaunert ∗∗∗
---------------------------------------------
Die Betreiber der Cloud-basierten Continuous-Integration-Plattform CircleCI haben ihren Bericht über den Sicherheitsvorfall veröffentlicht.
---------------------------------------------
https://heise.de/-7460123


∗∗∗ Gefälschte Job-Angebote im Namen der Wirtschafskammer auf Facebook ∗∗∗
---------------------------------------------
Auf Facebook kursieren gefälschte Jobangebote im Namen der Wirtschaftskammer Österreich. Die Anzeigen versprechen Gehälter zwischen 50 und 200 Euro pro Stunde. Die Wirtschaftskammern selbst warnen bereits auf Facebook vor den gefälschten Stellenangeboten. Bewerben Sie sich nicht und klicken Sie nicht auf den Link!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-job-angebote-im-namen-der-wirtschafskammer-auf-facebook/


∗∗∗ Avast releases free BianLian ransomware decryptor ∗∗∗
---------------------------------------------
Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/avast-releases-free-bianlian-ransomware-decryptor/


∗∗∗ Malicious ‘Lolip0p’ PyPi packages install info-stealing malware ∗∗∗
---------------------------------------------
A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malicious-lolip0p-pypi-packages-install-info-stealing-malware/


∗∗∗ PSA: Why you must run an ad blocker when using Google, (Mon, Jan 16th) ∗∗∗
---------------------------------------------
Today, I just have a short public service announcement: You MUST run an adblocker while using Google. It may be best just to keep the adblocker enabled all the time.
---------------------------------------------
https://isc.sans.edu/diary/rss/29438


∗∗∗ Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware ∗∗∗
---------------------------------------------
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022.
---------------------------------------------
https://thehackernews.com/2023/01/beware-tainted-vpns-being-used-to.html


∗∗∗ Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software ∗∗∗
---------------------------------------------
A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and Vidar since early 2020.
---------------------------------------------
https://thehackernews.com/2023/01/raccoon-and-vidar-stealers-spreading.html


∗∗∗ Hacked! My Twitter user data is out on the dark web -- now what? ∗∗∗
---------------------------------------------
Your Twitter user data may now be out there too, including your phone number. Heres how to check and what you can do about it.
---------------------------------------------
https://www.zdnet.com/article/hacked-my-twitter-user-data-is-out-on-the-dark-web-now-what/


∗∗∗ Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML ∗∗∗
---------------------------------------------
Cisco ASIG and Cisco Talos recently discovered code execution vulnerabilities in QT QML. Qt is a popular software suite primarily used to create graphical user interfaces. It also contains several supporting libraries which all [...]
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ PoC exploits released for critical bugs in popular WordPress plugins ∗∗∗
---------------------------------------------
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-critical-bugs-in-popular-wordpress-plugins/


∗∗∗ Webbrowser: Microsoft Edge-Update schließt hochriskante Lücken ∗∗∗
---------------------------------------------
Microsoft hat in einem Update des Webbrowsers Edge Sicherheitslücken aus dem Chromium-Projekt abgedichtet. Sie schließt auch weitere hochriskante Lücken.
---------------------------------------------
https://heise.de/-7459742


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, lava, libapreq2, net-snmp, node-minimatch, and openvswitch), Fedora (jpegoptim, kernel, kernel-headers, kernel-tools, and python2.7), Mageia (ctags, ffmpeg, minetest, python-gitpython, w3m, and xrdp), Oracle (kernel), Red Hat (dpdk and libxml2), Slackware (netatalk), SUSE (apptainer, chromium, libheimdal, python-wheel, python310-setuptools, and SDL2), and Ubuntu (linux-aws, linux-gcp-4.15, maven, and net-snmp).
---------------------------------------------
https://lwn.net/Articles/920120/


∗∗∗ Nach RemotePotato0 kommt die Windows Local Potato NTLM-Schwachstelle (CVE-2023-21746) ∗∗∗
---------------------------------------------
Im April 2021 hatten Sicherheitsforscher eine Privilege Escalation Schwachstelle im Windows RPC-Protokoll entdeckt, der eine lokale Privilegienerweiterung durch NTLM-Relay-Angriffe ermöglichte. Nun scheint ein Sicherheitsforscher auf eine nicht so bekannte Möglichkeit zur Durchführung von NTLM Reflection-Angriffen gestoßen zu sein, die er [...]
---------------------------------------------
https://www.borncity.com/blog/2023/01/15/nach-remotepotato0-kommt-die-windows-local-potato-ntlm-schwachstelle-cve-2023-21746/


∗∗∗ IBM Security Bulletins 2023-01-16 ∗∗∗
---------------------------------------------
IBM App Connect Enterprise, IBM® Engineering Lifecycle Engineering products, IBM Integration Bus, IBM Maximo Asset Management, IBM MQ Internet Pass-Thru, IBM QRadar SIEM, IBM Sterling Partner Engagement Manager, IBM Tivoli Application Dependency Discovery Manager (TADDM), IBM Tivoli Netcool Configuration Manager, IBM Tivoli Network Manager (ITNM), IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM), Rational Functional Tester
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ HIMA: unquoted path vulnerabilities in X-OPC and X-OTS ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-059/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list