[CERT-daily] Tageszusammenfassung - 15.12.2021

Wed Dec 15 18:08:40 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-12-2021 18:00 − Mittwoch 15-12-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New ransomware now being deployed in Log4Shell attacks ∗∗∗
---------------------------------------------
The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-ransomware-now-being-deployed-in-log4shell-attacks/


∗∗∗ Simple but Undetected PowerShell Backdoor, (Wed, Dec 15th) ∗∗∗
---------------------------------------------
For a while, most security people agree on the fact that antivirus products are not enough for effective protection against malicious code. If they can block many threats, some of them remain undetected by classic technologies. Here is another example with a simple but effective PowerShell backdoor that I spotted yesterday.
---------------------------------------------
https://isc.sans.edu/diary/rss/28138


∗∗∗ GitHubs Antwort auf die kritische Log4j-Lücke ∗∗∗
---------------------------------------------
Zu der kritischen Sicherheitslücke im Log4j-Logging-Framework hat der Code-Hoster Sicherheitshinweise veröffentlicht. Ein Update auf Log4j 2.16 schafft Abhilfe.
---------------------------------------------
https://heise.de/-6294120


∗∗∗ Patchday: Kritische Sicherheitslücken in SAP-Geschäftssoftware ∗∗∗
---------------------------------------------
15 Sicherheitslücken melden die Walldorfer zum Dezember-Patchday in ihrer Business-Software. Viele schätzt SAP als hohes oder gar kritisches Risiko ein.
---------------------------------------------
https://heise.de/-6294773


∗∗∗ Patchday: Adobe schließt kritische Lücken in Experience Manager & Co. ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Anwendungen von Adobe. In einigen Fällen könnten Angreifer Schadcode auf Computern ausführen.
---------------------------------------------
https://heise.de/-6295316


∗∗∗ Patchday: Sechs Windows-Lücken öffentlich bekannt, durch eine schlüpft Emotet ∗∗∗
---------------------------------------------
Microsoft schließt zahlreiche Sicherheitslücken in beispielsweise Azure, Office und Windows. Darunter sind auch als kritisch eingestufte Lücken.
---------------------------------------------
https://heise.de/-6295264


∗∗∗ Neue Probleme - Log4j-Patch genügt nicht ∗∗∗
---------------------------------------------
Version 2.15.0 von Log4j sollte die Log4Shell-Sicherheitslücke schließen. Das reichte jedoch nicht. Log4j 2.16.0 behebt nun noch eine weitere Schwachstelle.
---------------------------------------------
https://heise.de/-6295343


∗∗∗ Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks ∗∗∗
---------------------------------------------
CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/12/15/immediate-steps-strengthen-critical-infrastructure-against


∗∗∗ No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages ∗∗∗
---------------------------------------------
NPM modules are a valuable target for threat actors due to their popularity amongst developers. They also have a high prevalence of complex dependencies, where one package installs another as a dependency often without the knowledge of the developer.
---------------------------------------------
https://www.mandiant.com/resources/supply-chain-node-js


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) ∗∗∗
---------------------------------------------
After the log4j maintainers released version 2.15.0 to address the Log4Shell vulnerability, an additional attack vector was identified and reported in CVE-2021-45046.
---------------------------------------------
https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
Apache Log4J information, WebSphere Application Server, i2 Analyze, i2 Connect, Analyst’s Notebook Premium, Security Access Manager, Security Verify Access, App Connect, Integration Bus, QRadar SIEM Application Framework, Sterling File Gateway, Cloud Transformation Advisor, MQ Blockchain bridge, WebSphere Cast Iron, Power System, Rational Asset Analyzer, Disconnected Log Collector, SPSS Statistics, Power HMC
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Intel Product Advisory for Apache Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046) ∗∗∗
---------------------------------------------
Security vulnerabilities in Apache Log4j2 for some Intel® products may allow escalation of privilege or denial of service.
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html


∗∗∗ Apache log4j vulnerabilities (Log4Shell) – impact on ABB products ∗∗∗
---------------------------------------------
ABB is still investigating the potentially affected products and to date ABB has identified the following products which are likely affected by the vulnerabilities in log4j (ABB products not listed are initially evaluated as not impacted).
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (libopenmpt), openSUSE (icu.691, log4j, nim, postgresql10, and xorg-x11-server), Red Hat (idm:DL1), SUSE (gettext-runtime, icu.691, runc, storm, storm-kit, and xorg-x11-server), and Ubuntu (xorg-server, xorg-server-hwe-18.04, xwayland).
---------------------------------------------
https://lwn.net/Articles/878749/


∗∗∗ Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20190712-01-mds-en


∗∗∗ Security Advisory - Apache log4j2 remote code execution vulnerability in some Huawei products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211215-01-log4j-en


∗∗∗ Zoom Video Communications Zoom Client: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1277


∗∗∗ OpenSSL: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1282


∗∗∗ Authentication Bypass Vulnerabilities in FPC2 and SMM Firmware ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500458-AUTHENTICATION-BYPASS-VULNERABILITIES-IN-FPC2-AND-SMM-FIRMWARE


∗∗∗ Lenovo Vantage Component Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500461-LENOVO-VANTAGE-COMPONENT-VULNERABILITIES


∗∗∗ TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV) ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500459-TLB-POISONING-ATTACKS-ON-AMD-SECURE-ENCRYPTED-VIRTUALIZATION-SEV

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily