[CERT-daily] Tageszusammenfassung - 06.04.2023

Thu Apr 6 18:51:55 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 05-04-2023 18:00 − Donnerstag 06-04-2023 18:00
Handler:     Stephan Richter
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Telegram now the go-to place for selling phishing tools and services ∗∗∗
---------------------------------------------
Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/telegram-now-the-go-to-place-for-selling-phishing-tools-and-services/


∗∗∗ CAN do attitude: How thieves steal cars using network bus ∗∗∗
---------------------------------------------
It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor. Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicles system bus via a smart headlamps wiring.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/04/06/can_injection_attack_car_theft/


∗∗∗ Technical analysis of the Genesis Market ∗∗∗
---------------------------------------------
[...] In case you are unfamiliar with this market, it was used to sell stolen login credentials, browser cookies and online fingerprints (in order to prevent ‘risky sign-in’ detections), by some referred to as IMPaas, or Impersonation-as-a-Service. [...] its activities have resulted in approximately two million victims. If you want to know more about this operation, you can read our other blog post. You can also check if your data has been compromised [...]
---------------------------------------------
https://sector7.computest.nl/post/2023-04-technical-analysis-genesis-market/


∗∗∗ CyberGhostVPN - the story of finding MITM, RCE, LPE in the Linux client ∗∗∗
---------------------------------------------
This article discloses the vulnerabilities that were present in the CyberGhostVPN Linux 1.3.5 client (and versions below). The latest version of the CyberGhostVPN Linux client is now free from these vulnerabilities.
---------------------------------------------
https://mmmds.pl/cyberghostvpn-mitm-rce-lpe/


∗∗∗ Cisco: Teils hochriskante Lücken in mehreren Produkten abgedichtet ∗∗∗
---------------------------------------------
Cisco-Administratoren bekommen über die Ostertage Arbeit: Der Hersteller hat in diversen Produkten Sicherheitslücken entdeckt. Updates sollen sie schließen.
---------------------------------------------
https://heise.de/-8644498


∗∗∗ Nexx Garagentorsteuerung: Schwachstelle erlaubt Zugriff für Hacker ∗∗∗
---------------------------------------------
Wer eine Home-Automatisierung von Nexx besitzt und diese per Fernsteuerung seiner Garagentore benutzt, hat nun ein fettes Problem. Eine Schwachstelle in der Nexx-Fernsteuerung ermöglicht Hackern den nicht autorisierten Zugriff auf die Garagentore.
---------------------------------------------
https://www.borncity.com/blog/2023/04/06/nexx-garagentorsteuerung-schwachstelle-erlaubt-zugriff-fr-hacker/


∗∗∗ Beware of new YouTube phishing scam using authentic email address ∗∗∗
---------------------------------------------
Watch out for a new YouTube phishing scam and ignore any email from YouTube that claims to provide details about "Changes in YouTube rules and policies | Check the Description.
---------------------------------------------
https://www.hackread.com/youtube-phishing-scam-authentic-email-address/


=====================
=  Vulnerabilities  =
=====================

*** Cisco Security Advisories 2023-04-05 ***
---------------------------------------------
Cisco has released 13 security advisories: (3x High, 9x Medium, 1x Informational)
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2023%2F04%2F05&firstPublishedEndDate=2023%2F04%2F05


∗∗∗ Trellix-Agent ermöglicht Rechteausweitung am System ∗∗∗
---------------------------------------------
Der Agent von Trellix – dem Zusammenschluss von McAfee und FireEye – ermöglicht Angreifern, ihre Rechte im System auszuweiten. Ein Update schließt die Lücke.
---------------------------------------------
https://heise.de/-8645652


∗∗∗ Datenleck: Mastodon-Lücke erlaubt Informationsabfluss ∗∗∗
---------------------------------------------
Aktualisierte Mastodon-Pakete dichten ein Datenleck in der LDAP-Authentifizierung ab. Administratorinnen und Administratoren sollten die Updates zügig anwenden.
---------------------------------------------
https://heise.de/-8645580


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cairosvg, ghostscript, grunt, tomcat9, and trafficserver), Fedora (golang, podman, xen, and zchunk), Red Hat (kpatch-patch), SUSE (systemd), and Ubuntu (apache-log4j1.2, liblouis, linux-aws, and linux-bluefield).
---------------------------------------------
https://lwn.net/Articles/928476/


∗∗∗ Celery as used by IBM QRadar Advisor With Watson App is vulnerable to arbitrary command execution (CVE-2021-23727) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981595


∗∗∗ Node.js passport is vulnerable to CVE-2022-25896 used in IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6966086


∗∗∗ IBM TRIRIGA Application Platform discloses XML external entities injection (CVE-2023-27876) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981115


∗∗∗ IBM TRIRIGA Application Platform discloses Stored Cross Site Scripting (CVE-2022-43914) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981597


∗∗∗ AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6851445


∗∗∗ decode-uri-component is vulnerable to CVE-2022-38900 used in IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981607


∗∗∗ AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6953825


∗∗∗ AIX is vulnerable to denial of service vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847947


∗∗∗ Vulnerability in Apache Tomcat affects App Connect Professional. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981763


∗∗∗ IBM Security Verify Governance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input related to the HtmlResponseWriter (CVE-2013-5855) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981781


∗∗∗ IBM Watson Explorer affected by vulnerability in OpenSSL. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963622


∗∗∗ IBM Watson Explorer affected by vulnerability in Apache Commons. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6964808


∗∗∗ Korenix Jetwave ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-04


∗∗∗ mySCADA myPRO ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06


∗∗∗ JTEKT ELECTRONICS Kostac PLC Programming Software ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-03


∗∗∗ Hitachi Energy MicroSCADA System Data Manager SDM600 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-05


∗∗∗ JTEKT ELECTRONICS Screen Creator Advance 2 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily