[CERT-daily] Tageszusammenfassung - 27.02.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 24-02-2023 18:00 − Montag 27-02-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ QUICforge - Client-seitige Request-Forgery-Angriffe im QUIC Protokoll ∗∗∗
---------------------------------------------
Ein Überblick warum das QUIC Protokoll ein für die Sicherheit relevantes und besonders aktuelles Forschungsgebiet ist und welche Herausforderung die Nutzung von QUIC birgt.
---------------------------------------------
https://sec-consult.com/de/blog/detail/quicforge-client-seitige-request-forgery-angriffe-im-quic-protokoll/


∗∗∗ Exchange Server: Microsoft empfiehlt Aktualisierung der Antivirus-Ausnahmen (Feb. 2023) ∗∗∗
---------------------------------------------
Microsofts Exchange Server-Team hat seine Empfehlungen in Bezug auf Ausnahmen für Antivirus-Scans überarbeitet und bittet Administratoren die Einstellungen der Antivirus-Software zu überprüfen und gegebenenfalls anzupassen.
---------------------------------------------
https://www.borncity.com/blog/2023/02/27/exchange-server-microsoft-empfiehlt-aktualisierung-der-antivirus-ausnahmen-feb-2023/


∗∗∗ Bösartige Authenticator-Apps auch im Google-Play-Store ∗∗∗
---------------------------------------------
Vergangene Woche haben App-Entwickler bösartige Authenticator-Apps in Apples App-Store entdeckt. Jetzt wurden sie auch im Google-Play-Store fündig.
---------------------------------------------
https://heise.de/-7528469


∗∗∗ Nur mit iPhone-PIN: Diebe räumen Apple-ID und Bankkonten ab ∗∗∗
---------------------------------------------
iPhone-Diebstähle können zu einer vollständigen Apple-ID- und Bankkonten-Übernahme führen. Schuld ist Apples (zu) einfache Passwort-Recovery per PIN.
---------------------------------------------
https://heise.de/-7527961


∗∗∗ Kleinanzeigenplattformen: Betrügerische Käufer:innen täuschen Zahlung auf gefälschter PayPal-Website vor ∗∗∗
---------------------------------------------
Willhaben, Ebay, Shpock und Co.: Nehmen Sie sich vor betrügerischen Interessent:innen in Acht! Betrügerische Interessent:innen auf Kleinanzeigenplattformen behaupten, den Kaufbetrag inklusive Versandkosten an den Zahlungsdienst PayPal überwiesen zu haben. Sie schicken Ihnen einen personalisierten Link, über den Sie das Geld angeblich anfordern können. Brechen Sie den Kontakt ab, Sie werden auf eine gefälschte PayPal-Seite gelockt. Kriminelle stehlen damit Ihre Zugangsdaten und Geld von Ihrem PayPal-Konto!
---------------------------------------------
https://www.watchlist-internet.at/news/neue-betrugsmasche-auf-kleinanzeigenplattformen-betruegerische-kaeuferinnen-faelschen-paypal-website/


∗∗∗ PureCrypter malware hits govt orgs with ransomware, info-stealers ∗∗∗
---------------------------------------------
A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/purecrypter-malware-hits-govt-orgs-with-ransomware-info-stealers/


∗∗∗ RIG Exploit Kit still infects enterprise users via Internet Explorer ∗∗∗
---------------------------------------------
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the services long operational history.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/rig-exploit-kit-still-infects-enterprise-users-via-internet-explorer/


∗∗∗ Is My Site Hacked? (13 Signs) ∗∗∗
---------------------------------------------
Symptoms of a hack can vary wildly. A concerning security alert from Google, a browser warning when you visit your site, or even a notice from your hosting provider that they’ve taken down your website - all of these events may indicate that your site has been hacked. Fortunately, there are a number of quick (and free) ways you can check and find out if your website has been compromised.
---------------------------------------------
https://blog.sucuri.net/2023/02/is-my-website-hacked.html


∗∗∗ Open Source Security and Risk Analysis Report ∗∗∗
---------------------------------------------
In its 8 th edition this year, the 2023 “Open Source Security and Risk Analysis” (OSSRA) report delivers our annual in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software. 
https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/rep-ossra-2023.pdf
---------------------------------------------
https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdate: Zoho ManageEngine ServiceDesk Plus ist verwundbar ∗∗∗
---------------------------------------------
Angreifer könnten Systeme mit dem IT-Verwaltungssystem ManageEngine ServiceDesk Plus von Zoho attackieren. Eine ältere Zoho-Lücke wird derweil angegriffen.
---------------------------------------------
https://heise.de/-7528332


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apr-util, freeradius, mono, nodejs, php7.3, php7.4, and python-cryptography), Fedora (epiphany, haproxy, and podman), SUSE (chromium, libraw, php7, php74, python-pip, and rubygem-activerecord-4_2), and Ubuntu (apr, clamav, curl, intel-microcode, nss, openvswitch, webkit2gtk, and zoneminder).
---------------------------------------------
https://lwn.net/Articles/924546/


∗∗∗ Windows: Microsoft liefert cURL-Bibliothek weiterhin mit Schwachstellen aus (Feb. 2023) ∗∗∗
---------------------------------------------
Es ist eine unschöne Geschichte, die ich erneut hier im Blog einstelle. Microsoft gelingt es nicht, cURL mit Windows so auszuliefern, dass die Software auf dem aktuellen Stand ist und keine bekannte Sicherheitslücken mehr aufweist.
---------------------------------------------
https://www.borncity.com/blog/2023/02/25/windows-microsoft-liefert-curl-bibliothek-weiterhin-mit-schwachstellen-aus-feb-2023/


∗∗∗ WAGO: Multiple vulnerabilities in web-based management of multiple products ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-060/


∗∗∗ Advisory: Vulnerable TigerVNC Version used in B&R Products ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1676909111782-en-original-1.0.pdf


∗∗∗ AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6851445


∗∗∗ IBM MQ for HPE NonStop Server is affected by channel CCDT vulnerability CVE-2022-40237 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958136


∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958146


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Pypa Setuptools (CVE-2022-40897) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958142


∗∗∗ IBM Security Verify Bridge (windows and docker versions) affected by a denial of service issue in Go (CVE-2022-32149) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958156


∗∗∗ Certifi package as used by IBM QRadar User Behavior Analytics is vulnerable to improper certificate validation (CVE-2022-23491) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958452


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2023-23477) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958458


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics Predictive Insights (CVE-2022-38712) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958478


∗∗∗ A security vulnerability ( CVE-2022-3509, CVE-2022-3171 ) has been identified in IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958474


∗∗∗ FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958482


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955937


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics Predictive Insights (CVE-2023-23477) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958476


∗∗∗ Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958484


∗∗∗ Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958486


∗∗∗ IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2177, CVE-2016-2178). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/697949


∗∗∗ IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2180). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/697951


∗∗∗ IBM b-type SAN switches and directors affected by OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016]. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/697953


∗∗∗ IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/650695


∗∗∗ IBM b-type SAN Network\/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/650699


∗∗∗ IBM b-type SAN directors and switches is affected by privilege escalation vulnerability (CVE-2016-8202). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/697803


∗∗∗ Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2016-2108) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/697943

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily