[CERT-daily] Tageszusammenfassung - 03.01.2023

Daily end-of-shift report team at cert.at
Tue Jan 3 18:20:38 CET 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 02-01-2023 18:00 − Dienstag 03-01-2023 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ BMW, Mercedes, Kia, Porsche: Sicherheitsforscher hacken etliche Autohersteller ∗∗∗
---------------------------------------------
Forschern ist es gelungen die API-Endpunkte etlicher Autohersteller wie BMW oder Kia zu hacken - von der Konten- bis zur Autoübernahme war alles möglich.
---------------------------------------------
https://www.golem.de/news/bmw-mercedes-kia-porsche-sicherheitsforscher-hacken-etliche-autohersteller-2301-170901.html


∗∗∗ Schadcode auf PyPI: Supply-Chain-Angriff auf PyTorch Nightly Builds ∗∗∗
---------------------------------------------
Wer kürzlich PyTorch-nightly unter Linux via pip installiert hat, erhielt Schadcode. Das PyTorch-Team hat Gegenmaßnahmen eingeleitet.
---------------------------------------------
https://heise.de/-7447195


∗∗∗ Its about time: OS Fingerprinting using NTP, (Tue, Jan 3rd) ∗∗∗
---------------------------------------------
Most current operating systems, including many small systems like IoT devices, use some form of NTP to sync time. NTP is lightweight and reasonably accurate in most use cases to synchronize time across the internet with millisecond accuracy [1]. Some protocols, like PTP, are more accurate but are designed for local networks and may require special hardware on the host [2]. Smaller systems with less stringent accuracy requirements sometimes use SNTP, a variant of NTP.
---------------------------------------------
https://isc.sans.edu/diary/rss/29394


∗∗∗ Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe ∗∗∗
---------------------------------------------
Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday.
---------------------------------------------
https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html


∗∗∗ Cloud Metadata - AWS IAM Credential Abuse ∗∗∗
---------------------------------------------
[...] In this run through we have a vulnerable AWS EC2 instance configured to use IMDSv1 (Instance Metadata Service) which we will exploit, escalate our privileges and carry out post-compromise activities. While not every AWS EC2 instance has an associated IAM role (AWS Identity and Access Management), when they do these role profiles contain credentials/keys.
---------------------------------------------
https://sneakymonkey.net/cloud-credential-abuse/


∗∗∗ SSRF vulnerabilities caused by SNI proxy misconfigurations ∗∗∗
---------------------------------------------
SNI proxies are load balancers that use the SNI extension field to select backend systems. When misconfigured, SNI proxies can be vulnerable to SSRF attacks that provide access to web application backends.
---------------------------------------------
https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/


∗∗∗ Exploiting GraphQL Query Depth ∗∗∗
---------------------------------------------
GraphQL was created and developed with flexibility in mind: clients should be given the power to ask for exactly what they need and nothing more. Much of this flexibility involves allowing customers to execute multiple queries in a single request, [...]
---------------------------------------------
https://checkmarx.com/blog/exploiting-graphql-query-depth/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2023-01-03 ∗∗∗
---------------------------------------------
IBM Business Automation Workflow, IBM InfoSphere Information Server, IBM Integrated Analytics System, IBM Process Mining, IBM Security SOAR, IBM Security Verify Governance, IBM Sterling B2B Integrator, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration, Rational Directory Server (Tivoli) & Rational Directory Administrator
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Trend Micros Sicherheitslösung Maximum Security benötigt einen Sicherheitspatch ∗∗∗
---------------------------------------------
Angreifer könnten Windows-PCs mit Sicherheitssoftware von Trend Micro attackieren. Ein Sicherheitspatch ist verfügbar.
---------------------------------------------
https://heise.de/-7446553


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Oracle (bcel), SUSE (ca-certificates-mozilla, glibc, minetest, multimon-ng, nautilus, ovmf, python-Django, samba, saphanabootstrap-formula, and xrdp), and Ubuntu (usbredir).
---------------------------------------------
https://lwn.net/Articles/918965/


∗∗∗ ThinkPad X13s BIOS Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500537

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list