[CERT-daily] Tageszusammenfassung - 14.02.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-02-2022 18:00 − Montag 14-02-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Google Project Zero: Vendors are now quicker at fixing zero-days ∗∗∗
---------------------------------------------
Googles Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-project-zero-vendors-are-now-quicker-at-fixing-zero-days/


∗∗∗ Microsoft is making it harder to steal Windows passwords from memory ∗∗∗
---------------------------------------------
Microsoft is enabling an Attack Surface Reduction security feature rule by default to block hackers attempts to steal Windows credentials from the LSASS process.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-making-it-harder-to-steal-windows-passwords-from-memory/


∗∗∗ Allcome clipbanker is a newcomer in underground forums ∗∗∗
---------------------------------------------
The malware underground market might seem astoundingly professional in marketing and support. Lets take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome.
---------------------------------------------
https://www.gdatasoftware.com/blog/2022/02/37239-allcome-clipbanker-is-a-newcomer-in-malware-underground-forums


∗∗∗ DHL Spear Phishing to Capture Username/Password, (Sun, Feb 13th) ∗∗∗
---------------------------------------------
This week I got this run-of-the-mill DHL phishing in my ISC inbox.
---------------------------------------------
https://isc.sans.edu/diary/rss/28332


∗∗∗ Reminder: Decoding TLS Client Hellos to non TLS servers, (Mon, Feb 14th) ∗∗∗
---------------------------------------------
If you still run a non-TLS web server, you may occasionally find requests like the following in your weblogs.
---------------------------------------------
https://isc.sans.edu/diary/rss/28338


∗∗∗ Vulnerabilities that aren’t. Unquoted Spaces ∗∗∗
---------------------------------------------
I’ve covered a couple of web vulnerabilities that (mostly) aren’t, and now it’s time for a Windows specific one.
---------------------------------------------
https://www.pentestpartners.com/security-blog/vulnerabilities-that-arent-unquoted-spaces/


∗∗∗ E-Mail vom Bundeskriminalamt mit Betreff „BUNDESKRIMINALAMT VORLADUNG“ ist Fake ∗∗∗
---------------------------------------------
„Hallo, wir teilen Ihnen mit, dass Sie eine Straftat begangen haben“ lautet der Text in einem E-Mail – angeblich vom Bundeskriminalamt. In einem angehängten PDF-Dokument teilen Ihnen das Bundeskriminalamt, die Polizei sowie Europol mit, dass gegen Sie ein Verfahren wegen einer sexuellen Straftat eingeleitet wurde. Achtung: Dieses E-Mail ist Fake.
---------------------------------------------
https://www.watchlist-internet.at/news/e-mail-vom-bundeskriminalamt-mit-betreff-bundeskriminalamt-vorladung-ist-fake/


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/02/11/cisa-adds-one-known-exploited-vulnerability-catalog



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa ∗∗∗
---------------------------------------------
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
---------------------------------------------
https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/


∗∗∗ Jetzt aktualisieren! Angriffe auf Shop-Systeme Adobe Commerce und Magento ∗∗∗
---------------------------------------------
Adobe meldet Angriffe auf die Shop-Systeme Commerce und Magento. Updates stehen bereit, die die ausgenutzte kritische Sicherheitslücke schließen sollen.
---------------------------------------------
https://heise.de/-6455225


∗∗∗ ZDI-22-318: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-318/


∗∗∗ Security Bulletin: IBM Cognos Analytics Mobile is affected by security vulnerabilties ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-mobile-is-affected-by-security-vulnerabilties/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-8/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/


∗∗∗ Security Bulletin: IBM Data Management Platform for EDB Postgres (Standard and Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-standard-and-enterprise-for-ibm-cloud-pak-for-data-are-vulnerable-to-sql-injection-from-man-in-the-middle-attack/


∗∗∗ Security Bulletin: DS8000 Hardware Management Console is vulnerable to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ds8000-hardware-management-console-is-vulnerable-to-apache-log4j-cve-2021-45105-and-cve-2021-45046-2/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-7/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-6/


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to arbitrary code execution in Log4j CVE-2021-44832 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-arbitrary-code-execution-in-log4j-cve-2021-44832/


∗∗∗ Security Bulletin: DS8000 Hardware Management Console uses Apache Log4j which is subject to a vulnerability alert CVE-2021-44228. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ds8000-hardware-management-console-uses-apache-log4j-which-is-subject-to-a-vulnerability-alert-cve-2021-44228-2/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-5/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-4/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily