[CERT-daily] Tageszusammenfassung - 24.02.2023
Daily end-of-shift report
team at cert.at
Fri Feb 24 19:09:02 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 23-02-2023 18:00 − Freitag 24-02-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Vorsicht: ChatGPT-Scams nehmen stark zu ∗∗∗
---------------------------------------------
Im Internet gibt es viele Seiten, die vorgeben, der intelligente Chatbot zu sein. In Wahrheit verbreiten sie Schadsoftware.
---------------------------------------------
https://futurezone.at/produkte/chatgpt-scam-malware-apps-android-chatbot-vorsicht-betrug/402341793
∗∗∗ KI: Journalist überlistet Bank mit künstlicher Intelligenz ∗∗∗
---------------------------------------------
Einem Journalisten ist es gelungen, die Stimmauthentifizierung einer Bank mit KI zu umgehen. Das könnten auch Betrüger.
---------------------------------------------
https://www.golem.de/news/ki-journalist-ueberlistet-bank-mit-kuenstlicher-intelligenz-2302-172169.html
∗∗∗ Privatsphäre: Chrome-Extensions können noch immer eine Menge anrichten ∗∗∗
---------------------------------------------
Eine Analyse zeigt, was sich trotz Googles Chrome Extension Manifest V3 alles ausspähen lässt, wenn Nutzer bei der Installation nicht vorsichtig sind.
---------------------------------------------
https://www.golem.de/news/privatsphaere-chrome-extensions-koennen-noch-immer-eine-menge-anrichten-2302-172166.html
∗∗∗ The code that wasn’t there: Reading memory on an Android device by accident ∗∗∗
---------------------------------------------
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.
---------------------------------------------
https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/
∗∗∗ In Final Cut & Co: Warnung vor Cryptojacking durch gecrackte Mac-Apps ∗∗∗
---------------------------------------------
Malware für Cryptomining wird über gecrackte Mac-Apps verbreitet und verbirgt sich dabei immer besser, warnen Sicherheitsforscher. Apple reagiert.
---------------------------------------------
https://heise.de/-7527273
∗∗∗ Update on the Exchange Server Antivirus Exclusions ∗∗∗
---------------------------------------------
For years we have been saying how running antivirus (AV) software on your Exchange Servers can enhance the security and health of your Exchange organization. We’ve also said that if you are deploying file-level scanners on Exchange servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning. But times have changed, and so has the cybersecurity landscape.
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
∗∗∗ Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool ∗∗∗
---------------------------------------------
Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco stopft teils hochriskante Schwachstellen ∗∗∗
---------------------------------------------
Für mehrere Produkte stellt Netzwerkausrüster Cisco Sicherheitsupdates bereit. Sie schließen teils als hohe Bedrohung eingestufte Schwachstellen.
---------------------------------------------
https://heise.de/-7526208
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (binwalk, chromium, curl, emacs, frr, git, libgit2, and tiff), Fedora (qt5-qtbase), SUSE (c-ares, kernel, openssl-1_1-livepatches, pesign, poppler, rubygem-activerecord-5_1, and webkit2gtk3), and Ubuntu (linux-aws).
---------------------------------------------
https://lwn.net/Articles/924358/
∗∗∗ Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/301273
∗∗∗ IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to information disclosure (CVE-2022-43923) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957654
∗∗∗ AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6851445
∗∗∗ A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958016
∗∗∗ A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-23477) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958024
∗∗∗ A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958016
∗∗∗ Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958056
∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958062
∗∗∗ Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958064
∗∗∗ CVE-2022-32149 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958066
∗∗∗ CVE-2022-32149 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958072
∗∗∗ Multiple vulnerabilities in Go may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958068
∗∗∗ CVE-2022-3676 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958086
∗∗∗ CVE-2022-3676 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958074
∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Go ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855111
∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955929
∗∗∗ CVE-2022-37734 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958076
∗∗∗ CVE-2022-37734 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958084
∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955937
∗∗∗ CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958080
∗∗∗ CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958082
∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955935
∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957710
∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957822
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list