[CERT-daily] Tageszusammenfassung - 24.01.2023

Tue Jan 24 18:08:29 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 23-01-2023 18:00 − Dienstag 24-01-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers use Golang source code interpreter to evade detection ∗∗∗
---------------------------------------------
A Chinese-speaking hacking group tracked as DragonSpark was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-use-golang-source-code-interpreter-to-evade-detection/


∗∗∗ Microsoft 365 to block downloaded Excel XLL add-ins to boost security ∗∗∗
---------------------------------------------
Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-block-downloaded-excel-xll-add-ins-to-boost-security/


∗∗∗ Emotet Malware Makes a Comeback with New Evasion Techniques ∗∗∗
---------------------------------------------
The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.
---------------------------------------------
https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html


∗∗∗ Identitätsdiebstahl: Erste Hilfe bei Onlinebetrug unter Ihrem Namen ∗∗∗
---------------------------------------------
Kriminelle kaufen mit illegal erworbenen Login-Daten auf Ihre Rechnung ein oder posten Beschimpfungen in Ihrem Namen? Das sollten Sie jetzt tun.
---------------------------------------------
https://heise.de/-7452745


∗∗∗ A security audit of Git ∗∗∗
---------------------------------------------
The Open Source Technology Improvement Fund has announced the completion of a security audit of the Git source.
---------------------------------------------
https://lwn.net/Articles/921067/


∗∗∗ OSINT your OT suppliers ∗∗∗
---------------------------------------------
There is much talk about supply chain security and reviewing your suppliers for cyber security. But how much information do they intentionally and unintentionally leak about your organisation online?
---------------------------------------------
https://www.pentestpartners.com/security-blog/osint-your-ot-suppliers/


∗∗∗ Facebook: E-Bike-Gewinnspiele sind Fake ∗∗∗
---------------------------------------------
Mit „Danke“ kommentieren und E-Bike gewinnen: Dieses Gewinnspiel macht gerade auf Facebook die Runde. Angeblich haben die Fahrräder kleine Kratzer, die Motoren funktionieren aber einwandfrei. Vorsicht: Das Gewinnspiel ist Fake.
---------------------------------------------
https://www.watchlist-internet.at/news/facebook-e-bike-gewinnspiele-sind-fake/


∗∗∗ Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats ∗∗∗
---------------------------------------------
We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.
---------------------------------------------
https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/


∗∗∗ Vice Society Ransomware Group Targets Manufacturing Companies ∗∗∗
---------------------------------------------
In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html


∗∗∗ A step-by-step introduction to the use of ROP gadgets to bypass DEP ∗∗∗
---------------------------------------------
DEP (Data Execution Prevention) is a memory protection feature that allows the system to mark memory pages as non-executable. ROP (Return-oriented programming) is an exploit technique that allows an attacker to execute shellcode with protections such as DEP enabled.
---------------------------------------------
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdate: Symantec Endpoint Protection als Sprungbrett für Angreifer ∗∗∗
---------------------------------------------
Aufgrund einer Schwachstelle könnten Angreifer Windows-PCs mit Sicherheitssoftware von Symantec attackieren.
---------------------------------------------
https://heise.de/-7468961


∗∗∗ iOS 16.3, iPadOS 16.3 und macOS 13.2: Welche Lücken Apple stopft ∗∗∗
---------------------------------------------
Erneut bekommen Macs, iPhones und iPads jede Menge Sicherheitsfixes. Zu den Details schweigt sich Apple teilweise mal wieder aus.
---------------------------------------------
https://heise.de/-7469023


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel and spip), Fedora (kernel), Mageia (chromium-browser-stable, docker, firefox, jpegoptim, nautilus, net-snmp, phoronix-test-suite, php, php-smarty, samba, sdl2, sudo, tor, viewvc, vim, virtualbox, and x11-server), Red Hat (bash, curl, dbus, expat, firefox, go-toolset, golang, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, kpatch-patch, libreoffice, libtasn1, libtiff, libxml2, libXpm, nodejs, nodejs-nodemon, pcs, postgresql-jdbc, [...]
---------------------------------------------
https://lwn.net/Articles/921024/


∗∗∗ Critical Vulnerabilities Patched in OpenText Enterprise Content Management System ∗∗∗
---------------------------------------------
Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.
---------------------------------------------
https://www.securityweek.com/critical-vulnerabilities-patched-opentext-enterprise-content-management-system/


∗∗∗ Pgpool-II vulnerable to information disclosure ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN72418815/


∗∗∗ pgAdmin 4 vulnerable to directory traversal ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN01398015/


∗∗∗ VMSA-2023-0001 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0001.html


∗∗∗ XINJE XD ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-024-01


∗∗∗ SOCOMEC MODULYS GP ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-024-02


∗∗∗ IBM WebSphere Application Server traditional container is vulnerable to information disclosure (CVE-2022-43917) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6857007


∗∗∗ Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6857039


∗∗∗ FileNet Content Manager GraphQL jackson-databind security vulnerabilities, affected but not vulnerable ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6857047


∗∗∗ Multiple vulnerabilities in OpenSSL affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6857295

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily