[CERT-daily] Tageszusammenfassung - 02.01.2023
Daily end-of-shift report
team at cert.at
Mon Jan 2 18:17:04 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 30-12-2022 18:00 − Montag 02-01-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ EarSpy-Lauschangriff auf Smartphones: Forschern gelingt Abhören aus der Ferne ∗∗∗
---------------------------------------------
In Mobiltelefone integrierte Ohrlautsprecher werden immer leistungsstärker. Dies hat den Nachteil, dass die verursachten Mini-Vibrationen verräterischer sind.
---------------------------------------------
https://heise.de/-7444910
∗∗∗ Rund 230 Millionen Deezer-Datensätze zu Have I been pwned hinzugefügt ∗∗∗
---------------------------------------------
Bei einem Einbruch in einen Deezer-Dienstleister konnten offenbar rund 230 Millionen Datensätze kopiert werden. Have I been pwned hat sie jetzt hinzugefügt.
---------------------------------------------
https://heise.de/-7445237
∗∗∗ Sicherheitsrisiko Microsoft Outlook App: Überträgt Anmeldedaten und Mails in die Cloud ∗∗∗
---------------------------------------------
Ich hole zum Jahresanfang 2023 nochmals ein Thema hoch, welches ich hier im Blog bereits 2015 und im Januar 2021 angesprochen habe. Es geht um die Microsoft Outlook App, die für Android- und iOS-Geräte angeboten und meines Erachtens breit eingesetzt [...]
---------------------------------------------
https://www.borncity.com/blog/2023/01/01/sicherheitsrisiko-microsoft-outlook-app-bertrgt-anmeldedaten-und-mails-in-die-cloud/
∗∗∗ Ransomware gang cloned victim’s website to leak stolen data ∗∗∗
---------------------------------------------
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victims site to publish stolen data on it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/
∗∗∗ NetworkMiner 2.8 Released, (Mon, Jan 2nd) ∗∗∗
---------------------------------------------
First of all, happy new year to all our Readers! There exist tools that are very popular for a long time because they are regularly updated and... just make the job! NetworkMiner is one of them (the first release was in 2007). I don't use it regularly but it is part of my forensic toolbox for a while and already helped me in many investigations.
---------------------------------------------
https://isc.sans.edu/diary/rss/29390
∗∗∗ WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws ∗∗∗
---------------------------------------------
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.
---------------------------------------------
https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html
∗∗∗ Python developers, uninstall this malicious package right now ∗∗∗
---------------------------------------------
If youre a Python developer and one who is accustomed to installed the latest preview builds of libraries, you might want to take immediate mitigative action. PyTorch, an open-source machine learning framework initially developed by Meta and now under the Linux Foundation, has seemingly been the target of a supply chain attack, which has potentially led to many users installing a malicious package.
---------------------------------------------
https://www.neowin.net/news/python-developers-uninstall-this-malicious-package-right-now/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2022-12-30 ∗∗∗
---------------------------------------------
IBM Content Collector, IBM Tivoli Monitoring
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Jetzt patchen: Netgear schließt hochriskante Lücke in mehreren Routern ∗∗∗
---------------------------------------------
Netgear empfiehlt ein dringendes Sicherheitsupdate für mehrere seiner Router-Modelle. Betroffen sind von der Lücke auch Modelle der Nighthawk-Reihe.
---------------------------------------------
https://heise.de/-7444672
∗∗∗ Synology warnt vor kritischer Lücke in VPN-Plus-Server ∗∗∗
---------------------------------------------
Wer Synology-Router als VPN-Server einsetzt, muss die Software zügig aktualisieren. Eine kritische Sicherheitslücke ermöglicht Angreifern sonst Codeschmuggel.
---------------------------------------------
https://heise.de/-7444783
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cacti, emacs, exuberant-ctags, libjettison-java, mplayer, node-loader-utils, node-xmldom, openvswitch, ruby-image-processing, webkit2gtk, wpewebkit, and xorg-server), Fedora (OpenImageIO, systemd, w3m, and webkit2gtk3), Mageia (curl, freeradius, libksba, libtar, python-ujson, sogo, thunderbird, and webkit2), Red Hat (bcel), and SUSE (ffmpeg, ffmpeg-4, mbedtls, opera, saphanabootstrap-formula, sbd, vlc, and webkit2gtk3).
---------------------------------------------
https://lwn.net/Articles/918883/
∗∗∗ Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-34165, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6852357
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list