[CERT-daily] Tageszusammenfassung - 04.02.2022

Daily end-of-shift report team at cert.at
Fri Feb 4 18:19:40 CET 2022 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 03-02-2022 18:00 − Freitag 04-02-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Schwachstelle in GitOps-Tool: Argo CD über Path Traversal angreifbar ∗∗∗
---------------------------------------------
Angriffe mit manipulierten Helm-Charts ermöglichen Zugriff auf beliebige Verzeichnisse im Repository des Continuous-Delivery-Werkzeugs für Kubernetes.
---------------------------------------------
https://heise.de/-6349810


∗∗∗ Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra ∗∗∗
---------------------------------------------
- Volexity discovers XSS zero-day vulnerability against Zimbra 
- Targeted sectors include European government and media 
- Successful exploitation results in theft of email data from users
---------------------------------------------
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/


∗∗∗ Cybersecurity for Industrial Control Systems: Part 1 ∗∗∗
---------------------------------------------
In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats.
---------------------------------------------
https://www.iiot-world.com/ics-security/cybersecurity/cybersecurity-for-industrial-control-systems-part-1/


∗∗∗ Vulnerabilities that aren’t. ETag headers ∗∗∗
---------------------------------------------
This time we’re looking at the ETag (Entity Tag) header. I take some of the blame for this one as I first added a dissector of the header to Nikto’s headers plugin back in 2008, then other scanners added it.
---------------------------------------------
https://www.pentestpartners.com/security-blog/vulnerabilities-that-arent-etag-headers/


∗∗∗ Target open-sources its web skimmer detector ∗∗∗
---------------------------------------------
Targets cybersecurity team has open-sourced the code of Merry Maker, the companys internal application that it has used since 2018 to detect if any of its own websites have been compromised with malicious code that can steal payment card details from buyers.
---------------------------------------------
https://therecord.media/target-open-sources-its-web-skimmer-detector/


∗∗∗ An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’ ∗∗∗
---------------------------------------------
Late last year, cybersecurity researchers began to notice a ransomware strain called ALPHV that stood out for being particularly sophisticated and coded in the Rust programming language—a first for ransomware used in real-world attacks.
---------------------------------------------
https://therecord.media/an-alphv-blackcat-representative-discusses-the-groups-plans-for-a-ransomware-meta-universe/


∗∗∗ Special Report: Die Tücken von Active Directory Certificate Services (AD CS) ∗∗∗
---------------------------------------------
Active Directory Certificate Services (ADCS) ist anfällig für Fehlkonfigurationen, mit denen eine komplette Kompromittierung des Netzes trivial möglich ist. Publiziert wurde das Problem im Sommer 2021, jetzt wird diese Methode bei APT-Angriffen benutzt. Kontrollieren Sie mit den bereitgestellten Tools ihr Setup. Stellen Sie mit den angeführten Präventiv-Maßnahmen höhere Sichtbarkeit her. Überprüfen Sie mit den vorgestellen Tools, ob eine Fehlkonfiguration bereits ausgenutzt wurde.
---------------------------------------------
https://cert.at/de/spezielles/2022/2/special-report-die-tucken-von-active-directory-certificate-services-ad-cs



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apng2gif, ruby2.5, ruby2.7, and strongswan), Fedora (389-ds-base, glibc, java-latest-openjdk, keylime, mingw-python-pillow, perl-Image-ExifTool, python-pillow, rust-afterburn, rust-askalono-cli, rust-below, rust-cargo-c, rust-cargo-insta, rust-fd-find, rust-lsd, rust-oxipng, rust-python-launcher, rust-ripgrep, rust-skim, rust-thread_local, rust-tokei, strongswan, vim, xen, and zola), Mageia (cryptsetup and expat), openSUSE (containerd, docker, glibc, [...]
---------------------------------------------
https://lwn.net/Articles/883828/


∗∗∗ Mattermost security updates 6.3.3, 6.2.3, 6.1.3, 5.37.8 released ∗∗∗
---------------------------------------------
We’re informing you about a Mattermost security update, which addresses medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 6.3.3 (Extended Support Release), 6.2.3, 6.1.3, 5.37.8 (Extended Support Release) for both Team Edition and Enterprise Edition.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-6-3-3-6-2-3-6-1-3-5-37-8-released/


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/02/04/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ CSV+ vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN67396225/


∗∗∗ K40508224: Perl vulnerability CVE-2020-10878 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K40508224


∗∗∗ K05295469: Expat vulnerability CVE-2019-15903 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K05295469


∗∗∗ Security Bulletin: Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix Dynamic Server in Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerability-cve-2021-44228-in-ibm-informix-dynamic-server-in-cloud-pak-for-data-2/


∗∗∗ Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerablity-in-apache-log4j-may-affect-ibm-tivoli-monitoring-installed-websphere-application-server-cve-2021-44228-3/


∗∗∗ Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-and-ibm-planning-analytics-workspace-are-affected-by-security-vulnerabilities-2/


∗∗∗ Security Bulletin: IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-informix-dynamic-server-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-ibm-tivoli-netcool-impact-cve-2021-45105-cve-2021-45046-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2021) affects IBM InfoSphere Information Server (CVE-2021-35578 CVE-2021-35564) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-october-2021-affects-ibm-infosphere-information-server-cve-2021-35578-cve-2021-35564/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list