January 2024 - rwth-security - lists.rwth-aachen.de

5G-Spector
by Bernd Kohler 26 Jan '24

26 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "5G-Spector" --> "... Open Radio Access Network (O-RAN) compliant layer-3 cellular attack detection service ..." --> Paper: "5G-SPECTOR: An O-RAN Compliant Layer-3 Cellular Attack Detection Service" - siehe [1] VG Bernd [0] https://github.com/5GSEC/5G-Spector [1] https://web.cse.ohio-state.edu/~wen.423/papers/5G-Spector-NDSS24.pdf -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

SSH ProxyCommand == unexpected code execution (CVE-2023-51385)
by Bernd Kohler 24 Jan '24

24 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "SSH ProxyCommand == unexpected code execution (CVE-2023-51385)" --> bereist vom 17.12.2023 --> Infos von RedHat [1] --> Infos von Debian [2] --> Infos von Ubuntu [3] --> PoC [4] VG Bernd [0] https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-e… [1] https://access.redhat.com/security/cve/cve-2023-51385 [2] https://security-tracker.debian.org/tracker/CVE-2023-51385 [3] https://ubuntu.com/security/notices/USN-6565-1 [4] https://github.com/Le1a/CVE-2023-51385 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Exploiting 0-click Android Bluetooth vulnerability to inject
by Bernd Kohler 23 Jan '24

23 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing" --> critical vulnerabilities (CVE-2023-45866, CVE-2024-21306) in Bluetooth --> can be exploited to inject keystrokes without user confirmation – by accepting any Bluetooth pairing request --> affect Android, Linux, macOS, iOS, and Windows operating systems ein PoC findet sich auf [1] VG Bernd [0] https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetoo… [1] https://github.com/marcnewlin/hi_my_name_is_keyboard -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

About Stolen Device Protection for iPhone
by Bernd Kohler 23 Jan '24

23 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "About Stolen Device Protection for iPhone" --> "... adds a layer of security when your iPhone is away from familiar locations, such as home or work, and helps protect your accounts and personal information in case your iPhone is ever stolen ..." VG Bernd [0] https://support.apple.com/en-us/HT212510 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

iPhone, Android Ambient Light Sensors Allow Stealthy Spying
by Bernd Kohler 19 Jan '24

19 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "iPhone, Android Ambient Light Sensors Allow Stealthy Spying" VG Bernd [0] https://www.darkreading.com/endpoint-security/iphone-android-ambient-light-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

npm Package Found Delivering Sophisticated RAT
by Bernd Kohler 19 Jan '24

19 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "npm Package Found Delivering Sophisticated RAT" --> "... It was signed 2023 NOV 06 using a certificate that was revoked 2023 MAR 09. ..." VG Bernd [0] https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

TeamViewer abused to breach networks in new ransomware attacks
by Bernd Kohler 19 Jan '24

19 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "TeamViewer abused to breach networks in new ransomware attacks" VG Bernd [0] https://www.bleepingcomputer.com/news/security/teamviewer-abused-to-breach-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Locksmith - small tool built to detect and fix common
by Bernd Kohler 19 Jan '24

19 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Locksmith" - small tool built to detect and fix common misconfigurations in Active Directory Certificate Services. --> siehe dazu auch den Artikel [1] von Mandiant "Active Directory Certificate Services: Modern Attack Paths, Mitigations, and Hardening" VG Bernd [0] https://github.com/TrimarcJake/Locksmith [1] https://services.google.com/fh/files/misc/active-directory-certificate-serv… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your
by Bernd Kohler 17 Jan '24

17 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone" VG Bernd [0] https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

xeol - scanner for end-of-life software in container images,
by Bernd Kohler 16 Jan '24

16 Jan '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "xeol" - A scanner for end-of-life (EOL) packages in container images, filesystems, and SBOMs --> als Daten-Basis wird [1] verwendet VG Bernd [0] https://github.com/xeol-io/xeol#installation [1] https://endoflife.date/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0