[CERT-daily] Tageszusammenfassung - 27.01.2022

Thu Jan 27 18:18:37 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 26-01-2022 18:00 − Donnerstag 27-01-2022 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability ∗∗∗
---------------------------------------------
How are the email security systems bypassed with vulnerability on ''Microsoft Outlook for Mac''? Improper hyperlink translation in ''Microsoft Outlook for Mac'' leads to the complete bypassing of email security systems and sending the malicious link to the victim as clickable. [..] The below investigation was performed with trial accounts provided by multiple vendors and reported responsibly to Microsoft, which has taken action to remedy the problem.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2020-0696-microsoft-outlook-security-feature-bypass-vulnerability/


∗∗∗ Update-Reigen: macOS 12.2, watchOS 8.4 und tvOS 15.3 beheben Fehler ∗∗∗
---------------------------------------------
Apple hat neben iOS und iPadOS 15.3 auch alle anderen Betriebssysteme aktualisiert. Zudem gibts ein HomePod-OS-Update.
---------------------------------------------
https://heise.de/-6340079


∗∗∗ Hackers Using New Evasive Technique to Deliver AsyncRAT Malware ∗∗∗
---------------------------------------------
[..] Opening the decoy file redirects the message recipient to a web page prompting the user to save an ISO file. But unlike other attacks that route the victim to a phishing domain set up explicitly for downloading the next-stage malware, the latest RAT campaign cleverly uses JavaScript to locally create the ISO file from a Base64-encoded string and mimic the download process.
---------------------------------------------
https://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html


∗∗∗ Configuring Linux auditd for Threat Detection ∗∗∗
---------------------------------------------
The topics I look to cover in this article are
- Quick intro to the Linux Audit System
- Tips when writing audit rules
- Designing a configuration for security monitoring
- What to record with auditd
- Tips on managing noise
---------------------------------------------
https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505


∗∗∗ Financially Motivated Mobile Scamware Exceeds 100M Installations ∗∗∗
---------------------------------------------
In the pursuit of identifying and taking down similar financially motivated scams, zLabs researchers have discovered another premium service abuse campaign with upwards of 105 million victims globally, which we have named Dark Herring. [..] At the time of publishing, the scam services and phishing sites are no longer active, and Google has removed all the malicious applications from Google Play.
---------------------------------------------
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/


∗∗∗ Jetzt handeln! Erpressungstrojaner DeadBolt hat es auf Qnap NAS abgesehen ∗∗∗
---------------------------------------------
Der Hersteller von Netzwerkspeichern (NAS) Qnap warnt abermals vor Ransomware-Attacken und gibt wichtige Tipps zur Absicherung.
---------------------------------------------
https://heise.de/-6340174


∗∗∗ Betrug mit nachgebautem Käuferschutz auf ebay-kleinanzeigen.de ∗∗∗
---------------------------------------------
eBay-kleinanzeigen.de stellt eine beliebte Kleinanzeigen-Plattform dar. Wie bei einigen anderen bekannten Marktplätzen wird auch hier eine sichere Bezahlmethode direkt auf der Plattform angeboten. Kriminelle nützen dies aus, indem sie die Kommunikation von offizieller Website und App beispielsweise auf WhatsApp verlagern. Später verweisen sie auf nachgebaute Websites und zweigen Zahlungen direkt in die eigenen Taschen ab!
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-mit-nachgebautem-kaeuferschutz-auf-ebay-kleinanzeigende/


∗∗∗ The January 2022 Security Update Review ∗∗∗
---------------------------------------------
The first patch Tuesday of the year is here, and with it comes the latest security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.
---------------------------------------------
https://www.thezdi.com/blog/2022/1/11/the-january-2022-security-update-review


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Private Taxonomy Terms - Critical - Access bypass, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2022-014 ∗∗∗
---------------------------------------------
Project: Private Taxonomy Terms
Security risk: Critical
Description: This module enables users to create private vocabularies.The module doesnt sufficiently check user access permissions when attempting to view, edit, or add terms to vocabularies, including vocabularies not managed by the module.
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-014


∗∗∗ Navbar - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-011 ∗∗∗
---------------------------------------------
Project: Navbar
Security risk: Moderately critical
Description: This module provides a very simple, mobile-friendly navigation toolbar.The module doesnt sufficiently check for user-provided input.
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-011


∗∗∗ Xerox Versalink Denial Of Service ∗∗∗
---------------------------------------------
A specifically crafted TIFF payload may be submitted to the printers job queue (in person or over the network) by unauthenticated/unprivileged users or network or internet attackers by means of a JavaScript payload. The device will panic upon attempting to read the submitted file and a physical reboot will be required. Upon reboot, the device will attempt to resume the last-printed job, triggering the panic once more. The process repeats ad-infinitum.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2022010119


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (polkit), Debian (uriparser), Fedora (cryptsetup, flatpak, flatpak-builder, and polkit), Gentoo (polkit), Mageia (virtualbox), Red Hat (httpd24-httpd, httpd:2.4, and parfait:0.5), SUSE (clamav, log4j, python-numpy, and strongswan), and Ubuntu (vim).
---------------------------------------------
https://lwn.net/Articles/882882/


∗∗∗ Synology-SA-22:02 Samba ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_22_02


*** Drupal: Bugs in unsupporteten Sub-Projekten ***
---------------------------------------------
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. [..] If you use this project, you should uninstall it.
- Printer, email and PDF versions - Critical - Unsupported - SA-CONTRIB-2022-022 https://www.drupal.org/sa-contrib-2022-022
- Image Media Export Import - Critical - Unsupported - SA-CONTRIB-2022-021 https://www.drupal.org/sa-contrib-2022-021
- Remote Stream Wrapper - Critical - Unsupported - SA-CONTRIB-2022-020 https://www.drupal.org/sa-contrib-2022-020
- Vendor Stream Wrapper - Critical - Unsupported - SA-CONTRIB-2022-019 https://www.drupal.org/sa-contrib-2022-019
- Cog - Critical - Unsupported - SA-CONTRIB-2022-018 https://www.drupal.org/sa-contrib-2022-018
- Media Entity Flickr - Critical - Unsupported - SA-CONTRIB-2022-017 https://www.drupal.org/sa-contrib-2022-017
-  Vocabulary Permissions Per Role - Critical - Unsupported - SA-CONTRIB-2022-016 https://www.drupal.org/sa-contrib-2022-016
-  Exif - Critical - Unsupported - SA-CONTRIB-2022-015 https://www.drupal.org/sa-contrib-2022-015
-  Business Responsive Theme - Critical - Unsupported - SA-CONTRIB-2022-013 https://www.drupal.org/sa-contrib-2022-013
- Swiftype integration - Critical - Unsupported - SA-CONTRIB-2022-012 https://www.drupal.org/sa-contrib-2022-012
- Rate - Critical - Unsupported - SA-CONTRIB-2022-010 https://www.drupal.org/sa-contrib-2022-010
- Expire reset password link - Critical - Unsupported - SA-CONTRIB-2022-009 https://www.drupal.org/sa-contrib-2022-009
- Admin Toolbar Search - Critical - Unsupported - SA-CONTRIB-2022-008 https://www.drupal.org/sa-contrib-2022-008
- Colorbox - Critical - Unsupported - SA-CONTRIB-2022-007 https://www.drupal.org/sa-contrib-2022-007
- Prevent anonymous users to access Drupal pages - Critical - Unsupported - SA-CONTRIB-2022-005 https://www.drupal.org/sa-contrib-2022-005
- Taxonomy Access Control Lite - Critical - Unsupported - SA-CONTRIB-2022-006 https://www.drupal.org/sa-contrib-2022-006
---------------------------------------------
https://www.drupal.org/security/contrib


∗∗∗ Security Bulletin:IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletinibm-db2-on-openshift-and-ibm-db2-and-db2-warehouse-on-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-archive-enterprise-edition-cve-2021-4104/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2021-4104/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-22960, CVE-2021-22959 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-22960-cve-2021-22959/


∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-4504/


∗∗∗ Security Bulletin: IBM MegaRAID Storage Manager is affected by a vulnerability in Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-megaraid-storage-manager-is-affected-by-a-vulnerability-in-log4j-cve-2021-4104/


∗∗∗ Security Bulletin: IBM QRadar hardware appliances are vulnerable to Intel privilege escalation (CVE-2021-0144) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-hardware-appliances-are-vulnerable-to-intel-privilege-escalation-cve-2021-0144-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily