[CERT-daily] Tageszusammenfassung - 21.02.2022

Daily end-of-shift report team at cert.at
Mon Feb 21 18:37:54 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 18-02-2022 18:00 − Montag 21-02-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Versuchter Finanzbetrug nach Exchange-Einbruch ∗∗∗
---------------------------------------------
Nachdem die Exchange-Sicherheitslücken abgedichtet wurden, gingen Angriffe weiter. Mittels Spear-Phishing sollten die Opfer zu Überweisungen gedrängt werden.
---------------------------------------------
https://heise.de/-6509718


∗∗∗ Ungewöhnlicher Krypto-Raubzug erbeutet Millionen ∗∗∗
---------------------------------------------
Der Klayswap-Angriff hingegen attackierte Infrastruktur, auf die sich im Prinzip alle Internet-Dienste verlassen: das Routing, Zertifikate und Open-Source-Bibliotheken. Letztlich tauschten die Angreifer eine nachgeladene JavaScript-Datei durch eine trojanisierte Version aus, die Transaktionen auf ihr eigenes Konto umleitete. Spannend ist jedoch, wie sie das bewerkstelligten.
---------------------------------------------
https://heise.de/-6496145


∗∗∗ European Cybersecurity Agencies Issue Resilience Guidance for Decision Makers ∗∗∗
---------------------------------------------
The European Union Agency for Cybersecurity (ENISA) and the European Union’s Computer Emergency Response Team (CERT-EU) last week published a set of best practices to help organizations boost their cyber resilience.
The joint guidance is meant for public and private organizations in the EU, specifically CISOs and other decision makers. The document is also recommended for entities that support organizational risk management.
---------------------------------------------
https://www.securityweek.com/european-cybersecurity-agencies-issue-resilience-guidance-decision-makers


∗∗∗ Schicken Sie Ihrer Internet-Bekanntschaft keine Steam-Guthaben-Codes ∗∗∗
---------------------------------------------
Soziale Netzwerke wie Facebook und Instagram sind beliebte Kanäle, um neue Bekanntschaften zu machen. Beim Austausch mit Fremden über das Internet besteht aber immer die Gefahr, dass sich die Person als jemand anderes ausgibt. Bittet Sie diese Person um Geld oder Guthabenkarten, sollten Sie den Kontakt abbrechen!
---------------------------------------------
https://www.watchlist-internet.at/news/schicken-sie-ihrer-internet-bekanntschaft-keine-steam-guthaben-codes/


∗∗∗ Ransomware trifft Europas industrielle Steuersysteme und Betriebstechnik so häufig wie IT-Systeme ∗∗∗
---------------------------------------------
Interessante Erkenntnisse aus einer Befragung von 1.100 Security-Spezialisten im Rahmen einer Studie im Hinblick auf die Sicherheit industrieller Anlagen und der kritischen Infrastruktur in Europa. Die Aussage der Studie war, dass industrielle Steuersysteme und Betriebstechnik in Europa fast ebenso häufig wie die IT-Systeme von Ransomware befallen wurde.
---------------------------------------------
https://www.borncity.com/blog/2022/02/19/ransomware-trifft-europas-industrielle-steuersysteme-und-betriebstechnik-so-hufig-wie-it-systeme/


∗∗∗ Sicherheitslücke in diversen zebNet-Produkten entdeckt (Feb. 2022) ∗∗∗
---------------------------------------------
In Folge dieser Entdeckung hat zebNet für sämtliche betroffene Produkte, welche sich in der Unterstützung befinden, am 19.02.2022 (d.h. binnen 24-Stunden) fehlerbereinigte Versionen bereitgestellt. Der Hersteller weist darauf hin, dass diese Updates umgehend von allen Kunden, die ein betroffenes Produkt einsetzen, installiert werden sollten.
---------------------------------------------
https://www.borncity.com/blog/2022/02/20/sicherheitslcke-in-diversen-zebnet-produkten-entdeckt-feb-2022/


∗∗∗ Chasing the Silver Petit Potam to Domain Admin ∗∗∗
---------------------------------------------
Exploiting Petit Potam in a different way to force some downgrade and protocol attacks.
---------------------------------------------
https://blog.zsec.uk/chasing-the-silver-petit-potam/


∗∗∗ Mobile malware evolution 2021 ∗∗∗
---------------------------------------------
In 2021, we observed a downward trend in the number of attacks on mobile users. But it is too early to celebrate: attacks are becoming more sophisticated in terms of both malware functionality and vectors.
---------------------------------------------
https://securelist.com/mobile-malware-evolution-2021/105876/


∗∗∗ New Android Banking Trojan Spreading via Google Play Store Targets Europeans ∗∗∗
---------------------------------------------
"Despite being a work-in-progress, Xenomorph is already sporting effective overlays and being actively distributed on official app stores," ThreatFabric's founder and CEO, Han Sahin, said. "In addition, it features a very detailed and modular engine to abuse accessibility services, which in the future could power very advanced capabilities, like ATS."
---------------------------------------------
https://thehackernews.com/2022/02/xenomorph-android-banking.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Irony alert! PHP fixes security flaw in input validation code ∗∗∗
---------------------------------------------
If you’re using PHP in your network, check that you’re using the latest version, currently 8.1.3.
Released yesterday [2022-02-17], this version fixes various memory mismanagement bugs, including CVE-2021-21708, which is a use-after-free blunder in a function called php_filter_float().
(Versions 8.0 and 7.4 are still supported, and are vulnerable too; if you aren’t using the latest 8.1 flavour of PHP then you need 8.0.16 and 7.4.28 respectively.)
---------------------------------------------
https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/


∗∗∗ Security Bulletin: Apache Log4j vulnerability may affect IBM Sterling B2B Integrator (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-may-affect-ibm-sterling-b2b-integrator-cve-2021-44228-7/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to Apache Log4j (CVE-2022-23302) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-code-execution-due-to-apache-log4j-cve-2022-23302/


∗∗∗ Security Bulletin: Cloud Pak for Security vulnerable to information exposure (CVE-2021-35567) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-vulnerable-to-information-exposure-cve-2021-35567/


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/


∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-45105-cve-2021-45046-9/


∗∗∗ Security Bulletin: Multiple security vulnerabilities with IBM FileNet Content Manager component in IBM Business Automation Workflow -CVE-2021-31811, CVE-2021-31812, CVE-2021-23926, CVE-2021-38965 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-ibm-filenet-content-manager-component-in-ibm-business-automation-workflow-cve-2021-31811-cve-2021-31812-cve-2021-23926-cve-2021-38965/


∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-44228-8/


∗∗∗ Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-polkit-as-used-by-ibm-qradar-siem-is-vulnerable-to-privilege-escalation-cve-2021-4034/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-sql-injection-due-to-apache-log4j-cve-2022-23305-2/


∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-3712) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2021-3712/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to Apache Log4j (CVE-2022-23307) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-code-execution-due-to-apache-log4j-cve-2022-23307-2/


∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2341 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-affected-by-cve-2021-2341/


∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-45105-cve-2021-45046-9/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-15/


∗∗∗ Security Bulletin: IBM Cloud Pak for Network Automation is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-network-automation-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-untrusted-data-deserialization-due-to-apache-log4j-cve-2021-4104-2/


∗∗∗ Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-and-ibm-planning-analytics-workspace-are-affected-by-security-vulnerabilities-3/


∗∗∗ Security Bulletin: A vulnerability in Kubernetes affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-kubernetes-affects-ibm-infosphere-information-server/


∗∗∗ K28409053: Apache Tomcat vulnerability CVE-2022-23181 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28409053?utm_source=f5support&utm_medium=RSS

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list