[CERT-daily] Tageszusammenfassung - 27.01.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-01-2023 18:00 − Freitag 27-01-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ ProxyShell & Co.: Microsoft gibt Tipps, um Exchange Server abzusichern ∗∗∗
---------------------------------------------
Vor dem Hintergrund mehrerer kritischer Sicherheitslücken und Attacken auf Exchange Server zeigt Microsoft, welche Updates Admins dringend installieren müssen.
---------------------------------------------
https://heise.de/-7472639


∗∗∗ CPUs von Intel und ARM: Linux und der Umgang mit datenabhängigem Timing ∗∗∗
---------------------------------------------
Wenn die Dauer von Operationen von den Daten abhängt, ermöglicht dies Timing-Attacken auf Informationen. Wie geht Linux damit um?
---------------------------------------------
https://www.golem.de/news/cpus-von-intel-und-arm-linux-und-der-umgang-mit-datenabhaengigem-timing-2301-171499.html


∗∗∗ Bitwarden password vaults targeted in Google ads phishing attack ∗∗∗
---------------------------------------------
Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users password vault credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bitwarden-password-vaults-targeted-in-google-ads-phishing-attack/


∗∗∗ Live Linux IR with UAC, (Thu, Jan 26th) ∗∗∗
---------------------------------------------
The other day, I was looking for Linux IR scripts and ran across the tool Unix-like Artifacts Collector or UAC(1) created by Thiago Lahr. As you would expect, it gathers most live stats but also collects Virtual box and Docker info and other data on the system. [...] With any tool, you should always test to understand how it affects your system. I ran a simple file timeline collection before and after to see what changes were made.
---------------------------------------------
https://isc.sans.edu/diary/rss/29480


∗∗∗ WhatsApp hijackers take over your account while you sleep ∗∗∗
---------------------------------------------
Theres an easy way to protect yourself. Heres how.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/01/protect-your-whatsapp-account-against-actors-who-try-to-steal-it-while-you-sleep


∗∗∗ "2.6 million DuoLingo account entries" up for sale ∗∗∗
---------------------------------------------
We take a look at claims of large amounts of DuoLingo user data up for sale, supposedly scraped from publicly available sources.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/01/2.6-million-duolingo-account-entries-up-for-sale


∗∗∗ Tourismusbranche im Visier von Kriminellen: Cyberangriffe über booking.com ∗∗∗
---------------------------------------------
Der Hotelverband Deutschland, der französische Hotelverband GNI und die Wirtschaftskammer Österreich warnen vor zwei unterschiedlichen Betrugsversuchen über die Kommunikationskanäle von booking.com. Die Angriffe zielen darauf ab, das Computer-System der Unterkünfte mit Schadsoftware zu infizieren oder Kunden:innendaten abzugreifen.
---------------------------------------------
https://www.watchlist-internet.at/news/tourismusbranche-im-visier-von-kriminellen-cyberangriffe-ueber-bookingcom/


∗∗∗ Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms ∗∗∗
---------------------------------------------
We recap our research on privilege escalation and powerful permissions in Kubernetes and analyze the ways various platforms have addressed it.
---------------------------------------------
https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/


∗∗∗ A Blog with NoName ∗∗∗
---------------------------------------------
Further Insight into the Hacktivist Operation Targeting NATO and Affiliated Nations
---------------------------------------------
https://www.team-cymru.com/post/a-blog-with-noname



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9, chromium, and modsecurity-apache), Fedora (libgit2, mediawiki, and redis), Oracle (go-toolset:ol8, java-1.8.0-openjdk, systemd, and thunderbird), Red Hat (java-1.8.0-openjdk and redhat-ds:12), SUSE (apache2, bluez, chromium, ffmpeg-4, glib2, haproxy, kernel, libXpm, podman, python-py, python-setuptools, samba, xen, xrdp, and xterm), and Ubuntu (samba).
---------------------------------------------
https://lwn.net/Articles/921477/


∗∗∗ CISA Releases Eight Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2023/01/26/cisa-releases-eight-industrial-control-systems-advisories


∗∗∗ IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-47983) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6857695


∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6857999


∗∗∗ IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to [CVE-2022-42898] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6858007


∗∗∗ IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-27664] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6858011


∗∗∗ IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-32189] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6858009


∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to [CVE-2022-23491] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6858005


∗∗∗ TADDM affected by multiple vulnerabilities due to IBM Java and its runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6858015


∗∗∗ Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21626) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847951

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily