[CERT-daily] Tageszusammenfassung - 08.02.2022

Daily end-of-shift report team at cert.at
Tue Feb 8 18:19:04 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 07-02-2022 18:00 − Dienstag 08-02-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Internetsicherheit: So schützen Sie sich vor Account-Hijacking und Co. ∗∗∗
---------------------------------------------
Wir erklären Ihnen, worauf Sie achten sollten, damit Sie sicher im Internet unterwegs sind.
---------------------------------------------
https://heise.de/-6355600


∗∗∗ Microsoft Office soll VBA-Makros standardmäßig blockieren ∗∗∗
---------------------------------------------
Makros sind ein Einfallstor für Malware. VBA-Makros standardmäßig zu deaktivieren, ist längst überfällig.
---------------------------------------------
https://heise.de/-6353429


∗∗∗ Patchday: Lücken in SAP-Produkten ermöglichen Codeschmuggel ∗∗∗
---------------------------------------------
Am Februar-Patchday schließt SAP mehrere kritische Sicherheitslücken, durch die Angreifer Schadcode in betroffene Systeme einschleusen hätten können.
---------------------------------------------
https://heise.de/-6356776


∗∗∗ Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages ∗∗∗
---------------------------------------------
Specifically, in this paper, we study [..] security releases over a dataset of 4,377 security advisories across seven package ecosystems (Composer, Go, Maven, npm, NuGet, pip, and RubyGems). [..] Based on our findings, we make four recommendations for the package maintainers and the ecosystem administrators, such as using private fork for security fixes and standardizing the practice for announcing security releases.
---------------------------------------------
https://arxiv.org/pdf/2112.06804.pdf


∗∗∗ “We absolutely do not care about you”: Sugar ransomware targets individuals ∗∗∗
---------------------------------------------
They call it Sugar ransomware, but its not sweet in any way.
---------------------------------------------
https://blog.malwarebytes.com/ransomware/2022/02/we-absolutely-do-not-care-about-you-sugar-ransomware-targets-individuals/


∗∗∗ Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra ∗∗∗
---------------------------------------------
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022.
---------------------------------------------
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting ∗∗∗
---------------------------------------------
An authenticated user is able to inject arbitrary Javascript or HTML code to the "Frontend Settings" interface available in settings page of the plugin (Country Blocker), due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the administrators or the other authenticated users. The plugin versions prior to 2.26.7 are affected by this vulnerability.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2022020031


∗∗∗ CVE-2021-38130 Voltage SecureMail 7.3 Mail Relay Information Leakage Vuln. ∗∗∗
---------------------------------------------
An information leakage vulnerability with a CVSS of 4.1 was discovered in SecureMail Server for versions prior to 7.3.0.1. The vulnerability can be exploited to send sensitive information to an unauthorized user. A resolution of this vulnerability is available in the Voltage SecureMail version 7.3.0.1 patch release.
---------------------------------------------
https://portal.microfocus.com/s/article/KM000003667?language=en_US


∗∗∗ Patchday: Kritische System-Lücke lässt Angreifer auf Android-Geräte zugreifen ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Android 10, 11, 12 und verschiedene Komponenten des Systems.
---------------------------------------------
https://heise.de/-6355256


∗∗∗ Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution ∗∗∗
---------------------------------------------
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin [...]
---------------------------------------------
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (log4j), Debian (chromium, xterm, and zabbix), Fedora (kate, lua, and podman), Oracle (aide and log4j), and SUSE (xen).
---------------------------------------------
https://lwn.net/Articles/884082/


∗∗∗ K33484369: Linux kernel vulnerability CVE-2021-20194 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33484369?utm_source=f5support&utm_medium=RSS


∗∗∗ K01217337: Linux kernel vulnerability CVE-2021-22543 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01217337?utm_source=f5support&utm_medium=RSS


∗∗∗ Mitsubishi Electric FA Engineering Software Products (Update D) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02


∗∗∗ Mitsubishi Electric Factory Automation Engineering Products (Update F) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04


∗∗∗ SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-914168.txt


∗∗∗ SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-669737.txt


∗∗∗ SSA-654775: Open Redirect Vulnerability in SINEMA Remote Connect Server ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-654775.txt


∗∗∗ SSA-609880: File Parsing Vulnerabilities in Simcenter Femap before V2022.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-609880.txt


∗∗∗ SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-539476.txt


∗∗∗ SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-301589.txt


∗∗∗ SSA-244969: OpenSSL Vulnerability in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-244969.txt


∗∗∗ SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-838121.txt


∗∗∗ SSA-831168: Cross-Site Scripting Vulnerability in Spectrum Power 4 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-831168.txt


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-35728) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2020-35728/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2021-20190) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2021-20190/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2021-4104/


∗∗∗ Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Global Mailbox (CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-impacts-ibm-sterling-global-mailbox-cve-2021-45046-3/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities/


∗∗∗ Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log4shell-vulnerability-affects-ibm-spss-statistics-cve-2021-44228-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list