[CERT-daily] Tageszusammenfassung - 11.02.2022

Fri Feb 11 18:15:28 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 10-02-2022 18:00 − Freitag 11-02-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft starts killing off WMIC in Windows, will thwart attacks ∗∗∗
---------------------------------------------
Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-killing-off-wmic-in-windows-will-thwart-attacks/


∗∗∗ Zyxel Network Storage Devices Hunted By Mirai Variant, (Thu, Feb 10th) ∗∗∗
---------------------------------------------
I have been talking a lot about various network storage devices and how you never ever want to expose them to the Internet. The brands that usually come up are Synology and QNAP, which have a significant market share. But they are not alone.
---------------------------------------------
https://isc.sans.edu/diary/rss/28324


∗∗∗ CinaRAT Delivered Through HTML ID Attributes, (Fri, Feb 11th) ∗∗∗
---------------------------------------------
I found another sample that again drops a malicious ISO file but this time, it is much more obfuscated and the VT score is 0! Yes, not detected by any antivirus solution!
---------------------------------------------
https://isc.sans.edu/diary/rss/28330


∗∗∗ Use Zoom on a Mac? You might want to check your microphone settings ∗∗∗
---------------------------------------------
Big Brother Zoomer is listening to us, complain users Apple Mac users running the Zoom meetings app are reporting that its keeping their computers microphone on when they arent using it.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/02/10/zoom_mac_microphone/


∗∗∗ Schwachstelle im Virenschutz Microsoft-Defender stillschweigend abgedichtet ∗∗∗
---------------------------------------------
Durch zu laxe Rechtevergabe hätten Angreifer auf die Microsoft-Defender-Ausnahmen zugreifen können. Die Lücke hat das Unternehmen ohne Ankündigung behoben.
---------------------------------------------
https://heise.de/-6444399


∗∗∗ Luftnummer: Warnung vor Geisterberührungen auf Touchscreens ∗∗∗
---------------------------------------------
Die TU Darmstadt warnt, dass gezielte Angriffe auf Touchscreens möglich seien. Praxistauglich ist der beschriebene "GhostTouch"-Angriff jedoch nicht.
---------------------------------------------
https://heise.de/-6445488


∗∗∗ CISA Adds 15 Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/02/10/cisa-adds-15-known-exploited-vulnerabilities-catalog


∗∗∗ Malicious Chrome Browser Extension Exposed: ChromeBack Leverages Silent Extension Loading ∗∗∗
---------------------------------------------
GoSecure Titan Labs received a malicious Chrome extension sample that we are calling ChromeBack from GoSecures Titan Managed Detection and Response (MDR) team.
---------------------------------------------
https://www.gosecure.net/blog/2022/02/10/malicious-chrome-browser-extension-exposed-chromeback-leverages-silent-extension-loading/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft: SMB-Lücke in Windows wird aktiv ausgenutzt ∗∗∗
---------------------------------------------
Eine fast zwei Jahre alte kritische Lücke in Windows wird derzeit aktiv ausgenutzt. Exploits gibt es auch für eine sieben Jahre alte Windows-Lücke.
---------------------------------------------
https://www.golem.de/news/microsoft-smb-luecke-in-windows-wird-aktiv-ausgenutzt-2202-163114-rss.html


∗∗∗ Notfall-Patch für iPhones, iPads und Macs: iOS 15.3.1 und macOS 12.2.1 verfügbar ∗∗∗
---------------------------------------------
Apple schließt eine Lücke, die offenbar aktiv für Angriffe ausgenutzt wird. Außerdem beseitigt der Hersteller Bugs, darunter Bluetooth-Probleme bei Intel-Macs.
---------------------------------------------
https://heise.de/-6440372


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cryptsetup), Fedora (firefox, java-1.8.0-openjdk, microcode_ctl, python-django, rlwrap, and vim), openSUSE (kernel), and SUSE (kernel and ldb, samba).
---------------------------------------------
https://lwn.net/Articles/884516/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-cics-tx-on-cloud-5/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Feb 2022 V1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-feb-2022-v1-2/


∗∗∗ Security Bulletin: Xpat vulnerability affect IBM Cloud Object Storage Systems (Feb 2022 V1-a) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xpat-vulnerability-affect-ibm-cloud-object-storage-systems-feb-2022-v1-a/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-24750) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2020-24750/


∗∗∗ Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-edb-postgres-advanced-server-with-ibm-and-ibm-data-management-platform-for-edb-postgres-standard-or-enterprise-for-ibm-cloud-pak-for-data-are-vulnerable-to-sql-injection-from-quo/


∗∗∗ Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-build-forge-is-affected-by-apache-http-server-version-used-in-it-cve-2021-44790/


∗∗∗ QNAP NAS: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0178

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily