[CERT-daily] Tageszusammenfassung - 11.04.2023

Tue Apr 11 18:17:38 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 07-04-2023 18:00 − Dienstag 11-04-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ YouTube warnt vor täuschend echter Betrugsmasche ∗∗∗
---------------------------------------------
Derzeit werden Phishing-E-Mails im Namen von YouTube versandt, die eine glaubwürdige Mailadresse verwenden.
---------------------------------------------
https://futurezone.at/digital-life/youtube-warnt-vor-taeuschend-echter-betrugsmasche/402395924


∗∗∗ Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories ∗∗∗
---------------------------------------------
Repo jacking is an attack on GitHub repositories, where attackers are able to hijack GitHub repositories by reregistering previously used usernames. In this blog post, we discuss how many AUR packages (use GitHub packages that) are vulnerable to repo jacking attacks.
---------------------------------------------
https://blog.nietaanraken.nl/posts/aur-packages-github-repo-jacking/


∗∗∗ Stepping Insyde System Management Mode ∗∗∗
---------------------------------------------
In October of 2022, Intel’s Alder Lake BIOS source code was leaked online. [..] I obtained a copy of the leaked code and began to hunt for vulnerabilities. [..] All these vulnerabilities share a common root cause (insufficient input validation) and a common impact (SMRAM corruption). Their details are summarized in the following table [..]
---------------------------------------------
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/


∗∗∗ Jetzt patchen! ALPHV-Ransomware schlüpft durch Veritas-Backup-Lücken ∗∗∗
---------------------------------------------
Angreifer nehmen derzeit drei Sicherheitslücken in Veritas Backup Exec ins Visier. Patches sind verfügbar.
---------------------------------------------
https://heise.de/-8875233


∗∗∗ MSI-Hack: Hardware-Hersteller warnt vor Fake-BIOS-Updates ∗∗∗
---------------------------------------------
Bei MSI ist es zu einem IT-Sicherheitsvorfall gekommen. Die Angreifer sollen Zugriff auf interne Daten gehabt haben.
---------------------------------------------
https://heise.de/-8875303


∗∗∗ Studie: Kriminelle schmuggeln Trojaner-Apps ab 2000 US-Dollar in Google Play ∗∗∗
---------------------------------------------
Für die Abzocke von Android-Nutzern bieten Kriminelle in Untergrundforen All-in-one-Trojaner-Pakete zum Verkauf an.
---------------------------------------------
https://heise.de/-8927162


∗∗∗ Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse ∗∗∗
---------------------------------------------
An exploitation path involving Azure shared key authorization could allow full access to accounts and business data and ultimately lead to remote code execution (RCE), cloud security company Orca warns.
---------------------------------------------
https://www.securityweek.com/microsoft-azure-users-warned-of-potential-shared-key-authorization-abuse/


∗∗∗ Webinar: Sicher unterwegs in Sozialen Netzwerken ∗∗∗
---------------------------------------------
Soziale Netzwerke sind längst unsere täglichen Begleiter geworden. Doch worauf muss ich eigentlich achten, wenn ich Plattformen wie Facebook oder Instagram sicher nutzen will? Das Webinar gibt Tipps zum verantwortungsvollen Umgang mit Sozialen Netzwerken. Nehmen Sie kostenlos teil: Dienstag 18. April 2023, 18:30 - 20:00 Uhr via zoom
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-sicher-unterwegs-in-sozialen-netzwerken-1/


∗∗∗ Amazon ruft an? Legen Sie auf! ∗∗∗
---------------------------------------------
Am Telefon stellen sich Kriminelle als Amazon-Mitarbeiter:innen vor und behaupten, dass Ihr Amazon-Konto gehackt wurde. Sie hätten verdächtige Bestellungen entdeckt. Die „Amazon-Mitarbeiter:innen“ bieten Ihnen an, die Bestellung zu stornieren und Ihr Konto zu schützen. Dabei handelt es sich aber um Betrug! Kriminelle versuchen Ihnen Geld, Ausweiskopien und Amazon-Zugangsdaten zu stehlen!
---------------------------------------------
https://www.watchlist-internet.at/news/amazon-ruft-an-legen-sie-auf/


∗∗∗ AlienFox: Toolkit zur Kompromittierung von E-Mail- und Webhosting-Diensten in der Cloud ∗∗∗
---------------------------------------------
[English]AlienFox ist ein Toolkit zur Kompromittierung von E-Mail- und Webhosting-Diensten. Dieses Toolkit ist hochgradig modular, liegt in mehreren Versionen vor und versucht Fehlkonfigurationen in der Cloud auszunutzen, um die Anmeldedaten für Dienste wie AWS, Microsoft 365, Google Workspace, 1und1 etc. abzugreifen. 
---------------------------------------------
https://www.borncity.com/blog/2023/04/11/alienfox-toolkit-zur-kompromittierung-von-e-mail-und-webhosting-diensten-in-der-cloud/


∗∗∗ WinVerifyTrust Signature Validation Vulnerability ∗∗∗
---------------------------------------------
Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, the information herein remains unchanged from the original text published on December 10, 2013.
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112 ∗∗∗
---------------------------------------------
CVE-2023-29531, CVE-2023-29532, CVE-2023-29533, CVE-2023-29534, CVE-2023-29535, CVE-2023-29536, CVE-2023-29537, CVE-2023-29538, CVE-2023-29539, CVE-2023-29540, CVE-2023-29541, CVE-2023-29542, CVE-2023-29543, CVE-2023-29544, CVE-2023-29545, CVE-2023-29546, CVE-2023-29547, CVE-2023-29548, CVE-2023-29549, CVE-2023-29550, CVE-2023-29551
Davon 11x "Severity: high".
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/


∗∗∗ Exploit-Code: Schadcode könnte aus JavaScript-Sandbox vm2 ausbrechen ∗∗∗
---------------------------------------------
Die populäre vm2-Sandbox hat eine kritische Sicherheitslücke und Exploit-Code ist bereits im Umlauf.
---------------------------------------------
https://heise.de/-8875269


∗∗∗ Patchday: SAP meldet 19 teils kritische Sicherheitslücken ∗∗∗
---------------------------------------------
Im April hat SAP 19 Schwachstellen in den eigenen Produkten mit Sicherheitsmeldungen bedacht. Davon stuft der Hersteller zwei als kritisch ein.
---------------------------------------------
https://heise.de/-8931365


∗∗∗ iOS 15, macOS 11 und 12: Apple schiebt Notfallfix nach ∗∗∗
---------------------------------------------
Nachdem iOS 16 und macOS 13 bereits voll gepatcht worden waren, legt Apple auch einen Fix für eine bereits ausgenutzte Lücke für ältere Betriebssysteme nach.
---------------------------------------------
https://heise.de/-8922448


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openimageio and udisks2), Fedora (chromium, curl, kernel, mediawiki, and seamonkey), Oracle (httpd:2.4), Red Hat (httpd and mod_http2 and tigervnc), SUSE (ghostscript and kernel), and Ubuntu (irssi).
---------------------------------------------
https://lwn.net/Articles/928667/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (keepalived and lldpd), Oracle (kernel), and SUSE (kernel, podman, seamonkey, and upx).
---------------------------------------------
https://lwn.net/Articles/928736/


∗∗∗ ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities ∗∗∗
---------------------------------------------
Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-dozens-of-vulnerabilities/


∗∗∗ PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-004/


∗∗∗ Insyde BIOS Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500557


∗∗∗ Lenovo XClarity Controller (XCC) Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500556-LENOVO-XCLARITY-CONTROLLER-XCC-VULNERABILITIES


∗∗∗ Lenovo Smart Clock Essential Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500555-LENOVO-SMART-CLOCK-ESSENTIAL-VULNERABILITY


∗∗∗ IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982187


∗∗∗ IBM i components are affected by CVE-2021-4104 (log4j version 1.x) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6539162


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Lucene ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982359


∗∗∗ IBM Watson Explorer affected by vulnerability in Apache Commons. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6964808


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982539


∗∗∗ Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/888295


∗∗∗ Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/888299


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982833


∗∗∗ Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982841


∗∗∗ The IBM\u00ae Engineering Lifecycle Engineering product using IBM Java - Eclipse OpenJ9 is vulnerable to CVE-2022-3676 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982847


∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Webpack (CVE-2023-28154) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982851


∗∗∗ IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981111


∗∗∗ IBM Operational Decision Manager March 2023 - CVE-2014-0114, CVE-2019-10086, CVE-2023-24998 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982881


∗∗∗ IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982895


∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982903


∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982905


∗∗∗ IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982047

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily