[CERT-daily] Tageszusammenfassung - 03.02.2022

Daily end-of-shift report team at cert.at
Thu Feb 3 18:12:44 CET 2022 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 02-02-2022 18:00 − Donnerstag 03-02-2022 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Spam-Anrufe von Wiener Nummer: “This is the police” ∗∗∗
---------------------------------------------
Bei solchen Anrufen gilt es generell, sofort aufzulegen. Ist man sich unsicher, ob der Anruf echt war (im Falle eines englischsprachigen Tonbands ist er das jedenfalls nicht), kann man eigenständig die Polizei (133) anrufen. Die Polizei warnt, dass man nie eine "Polizei"-Telefonnummern zurückrufen soll, wenn das in solchen Anrufen gefordert wird.
Hat man bereits mit der Person gesprochen und Daten herausgegeben, soll man umgehend Anzeige bei der Polizei erstatten.
---------------------------------------------
https://futurezone.at/digital-life/spam-anrufe-wiener-nummer-federal-police-polizei-betrug-fake/401893871


∗∗∗ WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details ∗∗∗
---------------------------------------------
Today’s investigation starts out much like many others, with our client reporting an antivirus warning appearing only on their checkout page, of course at the worst possible time right around the end of December.  What first seemed to be a routine case of credit card theft turned out to be a much more interesting infection that leveraged both font, favicon and other less-commonly used files to pilfer credit card details.
---------------------------------------------
https://blog.sucuri.net/2022/02/woocommerce-skimmer-uses-fake-fonts-and-favicon-to-steal-cc-details.html


∗∗∗ A comprehensive guide on [NTLM] relaying anno 2022 ∗∗∗
---------------------------------------------
For years now, Internal Penetration Testing teams have been successful in obtaining a foothold or even compromising entire domains through a technique called NTLM relaying. [..] This blog post aims to be a comprehensive resource that will walk through the attack primitives that continue to work today. While most will be well known techniques, some techniques involving Active Directory Certificate Services might be lesser known.
---------------------------------------------
https://www.trustedsec.com/blog/a-comprehensive-guide-on-relaying-anno-2022/


∗∗∗ Tattoo-Giveaways auf Instagram führen in eine Abo-Falle ∗∗∗
---------------------------------------------
Kriminelle versenden Nachrichten von Fake-Accounts und behaupten, dass Instagram-User bei einem Gewinnspiel gewonnen hätten. Doch der angebliche Gewinn führt nicht zu einem neuen Tattoo, sondern in eine gut getarnte Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/tattoo-giveaways-auf-instagram-fuehren-in-eine-abo-falle/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Multiple Vulnerabilities in Sante DICOM Viewer Pro ∗∗∗
---------------------------------------------
* J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
* DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
* DCM File ParsingOut-Of-Bounds Read Information Disclosure Vulnerability
* DCM File Parsing Use-After-Free Information Disclosure Vulnerability
* JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability
* JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability
* J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
---------------------------------------------
https://www.zerodayinitiative.com/advisories/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (librecad), Fedora (flatpak, flatpak-builder, and glibc), Mageia (chromium-browser-stable, connman, libtiff, and rust), openSUSE (lighttpd), Oracle (cryptsetup, nodejs:14, and rpm), Red Hat (varnish:6), SUSE (kernel and unbound), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-aws-5.13, linux-gcp, linux-gcp-5.11, linux-hwe-5.13, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-gke, linux-gke-5.4, mysql-5.7, mysql-8.0, python-django, samba).
---------------------------------------------
https://lwn.net/Articles/883676/


∗∗∗ Sensormatic PowerManage ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01


∗∗∗ Airspan Networks Mimosa ∗∗∗
---------------------------------------------
This advisory contains mitigations for Improper Authorization, Incorrect Authorization, Server-side Request Forgery, SQL Injection, Deserialization of Untrusted Data, OS Command Injection, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Airspan Networks Mimosa network management software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-034-02


∗∗∗ Zwei Schwachstellen in AudioCodes Session Border Controller (SYSS-2021-068/-075) ∗∗∗
---------------------------------------------
In AudioCodes Session Border Controller (SBC) kann Telefonbetrug begangen werden. Auch wurde eine Rechteeskalation in der Web Management-Konsole gefunden.
---------------------------------------------
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053-1


∗∗∗ InsydeH2O UEFI System Management Mode (SMM) Vulnerabilities ∗∗∗
---------------------------------------------
Mitigation Strategy for Customers (what you should do to protect yourself): Update system firmware to the version (or newer) indicated for your model in the Product Impact section.
---------------------------------------------
http://support.lenovo.com/product_security/PS500463-INSYDEH2O-UEFI-SYSTEM-MANAGEMENT-MODE-SMM-VULNERABILITIES


∗∗∗ Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP


∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-3/


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by JWT-Go vulnerability (CVE-2020-26160) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-jwt-go-vulnerability-cve-2020-26160/


∗∗∗ Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-standard-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/


∗∗∗ Security Bulletin: This Power System update is being released to address CVE 2021-38960 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-38960/


∗∗∗ Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-enterprise-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/


∗∗∗ K67416037: Linux kernel vulnerability CVE-2021-23133 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K67416037?utm_source=f5support&utm_medium=RSS


∗∗∗ Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-042/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list