Daily

daily@lists.cert.at

3157 discussions

Tageszusammenfassung - 04.01.2022
by Daily end-of-shift report 04 Jan '22

04 Jan '22

===================== = End-of-Day report = ===================== Timeframe: Montag 03-01-2022 18:00 − Dienstag 04-01-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Simple Batch File That Blocks People, (Tue, Jan 4th) ∗∗∗ --------------------------------------------- I found another script that performs malicious actions. Its a simple batch file (.bat) that is not obfuscated but it has a very low VT score (1/53). --------------------------------------------- https://isc.sans.edu/diary/rss/28212 ∗∗∗ Purple Fox rootkit now bundled with Telegram installer ∗∗∗ --------------------------------------------- The Purple Fox malware family has been found to combine its payload with trusted apps in an interesting way. --------------------------------------------- https://blog.malwarebytes.com/trojans/2022/01/purple-fox-rootkit-now-bundle… ∗∗∗ Mails zu Hacks von einer Telefonnummer? Nicht zurückrufen! ∗∗∗ --------------------------------------------- Kriminelle versenden aktuell E-Mails, bei denen als Absender eine Telefonnummer angezeigt wird. Angeblich wurden die Systeme der EmpfängerInnen gehackt und mit Viren infiziert. Deshalb müsse dringend die Nummer zurückgerufen werden. Achtung: Hier lauert eine Falle und die E-Mail kann ignoriert werden. --------------------------------------------- https://www.watchlist-internet.at/news/mails-zu-hacks-von-einer-telefonnumm… ∗∗∗ A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain ∗∗∗ --------------------------------------------- A supply chain attack leveraging a cloud video platform to distribute web skimmer campaigns compromised more than 100 real estate sites. --------------------------------------------- https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ ∗∗∗ Log4j flaw attack levels remain high, Microsoft warns ∗∗∗ --------------------------------------------- Organizations mights not realize their environments are already compromised. --------------------------------------------- https://www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-proble… ∗∗∗ State-of-the-art EDRs are not perfect, fail to detect common attacks ∗∗∗ --------------------------------------------- A team of Greek academics has tested endpoint detection & response (EDR) software from 11 of todays top cybersecurity firms and found that many fail to detect some of the most common attack techniques used by advanced persistent threat actors, such as state-sponsored espionage groups and ransomware gangs. --------------------------------------------- https://therecord.media/state-of-the-art-edrs-are-not-perfect-fail-to-detec… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (salt and thunderbird), Red Hat (xorg-x11-server), and Scientific Linux (xorg-x11-server). --------------------------------------------- https://lwn.net/Articles/880327/ ∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Copy Data Management (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for UNIX (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-mana… ∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-mana… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Spectrum Protect Plus (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ VMSA-2022-0001 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0001.html ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0002 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2022
by Daily end-of-shift report 03 Jan '22

03 Jan '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-12-2021 18:00 − Montag 03-01-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Dont copy-paste commands from webpages — you can get hacked ∗∗∗ --------------------------------------------- Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizers Gabriel Friedlander demonstrates an obvious, simple yet stunning trick that'll make you think twice before copying-pasting text from web pages. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dont-copy-paste-commands-fro… ∗∗∗ Do you want your Agent Tesla in the 300 MB or 8 kB package?, (Fri, Dec 31st) ∗∗∗ --------------------------------------------- Since today is the last day of 2021, I decided to take a closer look at malware that got caught by my malspam trap over the course of the year. --------------------------------------------- https://isc.sans.edu/diary/rss/28202 ∗∗∗ McAfee Phishing Campaign with a Nice Fake Scan, (Mon, Jan 3rd) ∗∗∗ --------------------------------------------- I spotted this interesting phishing campaign that (ab)uses the McAfee antivirus to make people scared. --------------------------------------------- https://isc.sans.edu/diary/rss/28208 ∗∗∗ Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations ∗∗∗ --------------------------------------------- Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. --------------------------------------------- https://thehackernews.com/2022/01/detecting-evasive-malware-on-iot.html ∗∗∗ Nach Ransomware-Angriff: Webseiten mehrerer Medien aus Portugal offline ∗∗∗ --------------------------------------------- Eine neue Ransomware-Gruppe hat den portugiesischen Medienkonzern Impresa angegriffen. Mehrere Medien können aktuell nur über Social Media Meldungen verbreiten. --------------------------------------------- https://heise.de/-6316020 ∗∗∗ Y2K22-Bug stoppt Exchange-Mailzustellung: Antimalware-Engine stolpert über 2022 ∗∗∗ --------------------------------------------- Zum Jahreswechsel streiken weltweit zahlreiche Exchange-Server, weil die FIP-FS-Scan-Engine sich an der Jahreszahl verhebt. Immerhin gibt es temporäre Abhilfe. --------------------------------------------- https://heise.de/-6315605 ∗∗∗ On the malicious use of large language models like GPT-3 ∗∗∗ --------------------------------------------- Or, “Can large language models generate exploits?” --------------------------------------------- https://research.nccgroup.com/2021/12/31/on-the-malicious-use-of-large-lang… ∗∗∗ Detecting anomalous Vectored Exception Handlers on Windows ∗∗∗ --------------------------------------------- We have documented a method of enumerating which processes are using Vectored Exception Handling on Windows and which if any of the handlers are anomalous. --------------------------------------------- https://research.nccgroup.com/2022/01/03/detecting-anomalous-vectored-excep… ∗∗∗ Shodan Verified Vulns 2022-01-01 ∗∗∗ --------------------------------------------- Auch dieses Monat sehen wir wieder einen deutlichen Rückgang der verwundbaren Exchange-Server. Neu hinzugekommen ist die Grafana Path Traversal Schwachstelle CVE-2021-43798, welche am 7. Dezember veröffentlicht wurde. --------------------------------------------- https://cert.at/de/aktuelles/2022/1/shodan-verified-vulns-2022-01-01 ∗∗∗ Log4j Scanners ∗∗∗ --------------------------------------------- There are 19 tools, and each has certain stipulations with it. I would suggest take a look. --------------------------------------------- https://securitythreatnews.com/2022/01/03/log4j-scanners/ ===================== = Vulnerabilities = ===================== ∗∗∗ Apple: Sicherheitslücke kann iPhones und iPads unbenutzbar machen ∗∗∗ --------------------------------------------- Über eine Sicherheitslücke in Apples Homekit lassen sich iPhones erst nach einem Reset wieder nutzen. Ein Update hat Apple verschoben. --------------------------------------------- https://www.golem.de/news/apple-sicherheitsluecke-kann-iphones-und-ipads-un… ∗∗∗ Rootkit schlüpft durch Lücke in HPEs Fernwartung iLO ∗∗∗ --------------------------------------------- Eine Iranische Security-Firma hat ein Rootkit entdeckt, das sich in Hewlett Packards Fernwartungstechnik "Integrated Lights-Out" (iLO) eingenistet hat. --------------------------------------------- https://heise.de/-6315714 ∗∗∗ Jetzt patchen: Netgear-Router Nighthawk R6700v3 könnte Passwörter leaken ∗∗∗ --------------------------------------------- Angreifer könnten Nighthawk-Router von Netgear attackieren. Es könnten noch weitere Modelle betroffen sein. Aktuelle Firmware-Versionen sollen Abhilfe schaffen. --------------------------------------------- https://heise.de/-6316037 ∗∗∗ Trend Micro Apex One und Worry-Free Business Security gefährden Windows-PCs ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für die Schutzlösungen Apex One und Worry-Free Business Security von Trend Micro erschienen. --------------------------------------------- https://heise.de/-6316263 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (agg, aria2, fort-validator, and lxml), Fedora (libgda, pgbouncer, and xorg-x11-server-Xwayland), Mageia (calibre, e2guardian, eclipse, libtpms/swtpm, nodejs, python-lxml, and toxcore), openSUSE (c-toxcore, gegl, getdata, kernel-firmware, log4j, postrsd, and privoxy), and SUSE (gegl). --------------------------------------------- https://lwn.net/Articles/880100/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird), Fedora (kernel, libopenmpt, and xorg-x11-server), Mageia (gegl, libgda5.0, log4j, ntfs-3g, and wireshark), openSUSE (log4j), and Red Hat (grafana). --------------------------------------------- https://lwn.net/Articles/880232/ ∗∗∗ Security Bulletin: IBM Insurance Information Warehouse is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-insurance-information… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects IBM Banking and Financial Markets Data Warehouse (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Unified Data Model for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-unified-data-model-fo… ∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-model-for-energy… ∗∗∗ Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-apac… ∗∗∗ Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Global Mailbox (CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: IBM i2 Analyze and IBM i2 Analyst's Notebook Premium are affected by Apache Log4j Vulnerabilities (CVE-2021-45105 and CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-and-ibm-i2… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale for IBM Elastic Storage Server (CVE-2021-45105,CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 (CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-17571) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.12.2021
by Daily end-of-shift report 30 Dec '21

30 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-12-2021 18:00 − Donnerstag 30-12-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Hiding malware inside the flex capacity space on modern SSDs ∗∗∗ --------------------------------------------- Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location thats beyond the reach of the user and security solutions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hiding-malware-inside-the-fl… ∗∗∗ Agent Tesla Updates SMTP Data Exfiltration Technique, (Thu, Dec 30th) ∗∗∗ --------------------------------------------- Agent Tesla is a Windows-based keylogger and RAT that commonly uses SMTP or FTP to exfiltrate stolen data. This malware has been around since 2014, and SMTP is its most common method for data exfiltration. --------------------------------------------- https://isc.sans.edu/diary/rss/28190 ∗∗∗ LastPass Automated Warnings Linked to ‘Credential Stuffing’ Attack ∗∗∗ --------------------------------------------- Users of the popular LastPass password manager are being targeted in so-called “credential stuffing” attacks that use email addresses and passwords obtained from third-party breaches. --------------------------------------------- https://www.securityweek.com/lastpass-automated-warnings-linked-%E2%80%98cr… ∗∗∗ Android 12: Samsung überrascht zum Jahresende mit regelrechter Update-Flut ∗∗∗ --------------------------------------------- Updates für praktisch alle High-End-Smartphones der vergangenen drei Jahre veröffentlicht. Selbst erste Tablets werden schon bedient. --------------------------------------------- https://www.derstandard.at/story/2000132240383/android-12-samsung-ueberrasc… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (advancecomp, apache-log4j2, postgis, spip, uw-imap, and xorg-server), Mageia (kernel and kernel-linus), Scientific Linux (log4j), and SUSE (kernel-firmware and mariadb). --------------------------------------------- https://lwn.net/Articles/880039/ ∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects IBM Db2 Web Query for i (CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Trend Micro Apex One und Trend Micro Worry-Free Business Security: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1320 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.12.2021
by Daily end-of-shift report 29 Dec '21

29 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-12-2021 18:00 − Mittwoch 29-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ RedLine malware shows why passwords shouldnt be saved in browsers ∗∗∗ --------------------------------------------- The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. --------------------------------------------- https://www.bleepingcomputer.com/news/security/redline-malware-shows-why-pa… ∗∗∗ Microsoft Defender Log4j scanner triggers false positive alerts ∗∗∗ --------------------------------------------- Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the companys newly deployed Microsoft 365 Defender scanner for Log4j processes. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-sc… ∗∗∗ Wieder Sicherheitslücken in Herzschrittmachern gefunden ∗∗∗ --------------------------------------------- Auf der Online-Konferenz RC3 zeigten zwei Sicherheitsforscher, wie sie Cardio-Geräte unter die Lupe genommen haben. --------------------------------------------- https://futurezone.at/digital-life/herzschrittmacher-sicherheitsluecken-rc3… ∗∗∗ Responsible Disclosure: Deine Software, die Sicherheitslücken und ich ∗∗∗ --------------------------------------------- Wie meldet man Sicherheitslücken eigentlich richtig? Und wie sollten Unternehmen damit umgehen? Zerforschung und CCC klären auf. Ein Bericht von Moritz Tremmel (rC3, API) --------------------------------------------- https://www.golem.de/news/responsible-disclosure-deine-software-die-sicherh… ∗∗∗ LotL Classifier tests for shells, exfil, and miners, (Tue, Dec 28th) ∗∗∗ --------------------------------------------- A supervised learning approach to Living off the Land attack classification from Adobe SI --------------------------------------------- https://isc.sans.edu/diary/rss/28184 ∗∗∗ Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics ∗∗∗ --------------------------------------------- An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. [...] Initial attacks involved executing a malicious command upon running a vanilla image named "alpine:latest" that resulted in the download of a shell script named "autom.sh." "Adversaries commonly use vanilla images along with malicious commands to perform their attacks, because most organizations trust the official images and allow their use," --------------------------------------------- https://thehackernews.com/2021/12/ongoing-autom-cryptomining-malware.html ∗∗∗ Turning bad SSRF to good SSRF: Websphere Portal ∗∗∗ --------------------------------------------- In this blog post, we will explain how we discovered a multitude of SSRF vulnerabilities in HCL Websphere, as well as how we turned a restrictive, bad SSRF to a good SSRF. --------------------------------------------- https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/ ∗∗∗ Storage Devices of Major Vendors Impacted by Encryption Software Flaws ∗∗∗ --------------------------------------------- Earlier this month, SecurityWeek reported that Western Digital had updated its SanDisk SecureAccess product to address vulnerabilities that can be exploited to gain access to user data through brute force and dictionary attacks. SanDisk SecureAccess, recently rebranded SanDisk PrivateAccess, is a piece of software that allows users to encrypt files and folders stored in a protected vault on SanDisk USB flash drives.[...] Pelissier detailed his findings this week at the Chaos Computer Club’s Remote Chaos Experience (rC3) virtual conference, where he revealed that the vulnerabilities were actually discovered in the DataVault encryption software made by ENC Security. --------------------------------------------- https://www.securityweek.com/storage-devices-major-vendors-impacted-encrypt… ∗∗∗ Sicher kaufen auf Willhaben, Shpock & Co. ∗∗∗ --------------------------------------------- Sie sind auf der Suche nach gebrauchten Schnäppchen? Mit Kleinanzeigenplattformen wie willhaben, Shpock oder den Facebook Marketplace gibt es zahlreiche Möglichkeiten, um zu stöbern und das perfekte Schnäppchen zu finden. Allerdings sollten Sie beim Shoppen auf solchen Plattformen einige Punkte beachten. --------------------------------------------- https://www.watchlist-internet.at/news/sicher-kaufen-auf-willhaben-shpock-c… ∗∗∗ Threat actor uses HP iLO rootkit to wipe servers ∗∗∗ --------------------------------------------- An Iranian cyber-security firm said it discovered a first-of-its-kind rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations. --------------------------------------------- https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/ ===================== = Vulnerabilities = ===================== ∗∗∗ Log4Shell vulnerability Number Four: “Much ado about something” ∗∗∗ --------------------------------------------- CVE-2021-44832; Its a Log4j bug, and you ought to patch it. But we dont think its a critical crisis like the last one. --------------------------------------------- https://nakedsecurity.sophos.com/2021/12/29/log4shell-vulnerability-number-… ∗∗∗ SSA-784507: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products ∗∗∗ --------------------------------------------- This advisory informs about the impact of CVE-2021-44832 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from other JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-784507.txt ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, python-gnupg, resiprocate, and ruby-haml), Fedora (mod_auth_mellon), openSUSE (thunderbird), Slackware (wpa_supplicant), and SUSE (gegl). --------------------------------------------- https://lwn.net/Articles/879995/ ∗∗∗ D-LINK Router (DIR-2640 <= 1.11B02): Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und beliebigen Code als root auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1313 ∗∗∗ Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. ∗∗∗ --------------------------------------------- Citrix continues to investigate the potential impact on customer-managed (on-premises) products. Please find below the present status of these products for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. - Citrix Endpoint Management (Citrix XenMobile Server): Impacted – Customers are advised to apply the latest CEM rolling patch updates - Citrix Virtual Apps and Desktops (XenApp & XenDesktop): Impacted - Linux VDA (non-LTSR versions only) --------------------------------------------- https://support.citrix.com/article/CTX335705 ∗∗∗ Exposure of Sensitive Information in QTS, QuTS hero, and QuTScloud ∗∗∗ --------------------------------------------- CVE identifier: CVE-2021-34347 Affected products: All QNAP NAS A vulnerability involving exposure of sensitive information has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. If exploited, this vulnerability allows attackers to compromise the security of the system. --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-53 ∗∗∗ Security Advisory - Cross-Site Scripting(XSS) Vulnerability in Huawei WS318n Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211229-… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM SANnav software used by IBM b-type SAN directors and switches (CVE-2021-45105 and CV-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: Apache Log4j vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: Apache Log4j vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2021
by Daily end-of-shift report 28 Dec '21

28 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Montag 27-12-2021 18:00 − Dienstag 28-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers ∗∗∗ --------------------------------------------- Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature thats dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. --------------------------------------------- https://thehackernews.com/2021/12/experts-detail-logging-tool-of.html ∗∗∗ V8 Heap pwn and /dev/memes - WebOS Root LPE ∗∗∗ --------------------------------------------- This is a writeup for my latest WebOS local root exploit chain, which Im calling WAMpage. ... This exploit is mainly of interest to other researchers - if you just want to root your TV, you probably want RootMyTV, which offers a reliable 1-click persistent root. --------------------------------------------- https://www.da.vidbuchanan.co.uk/blog/webos-wampage.html ∗∗∗ Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution ∗∗∗ --------------------------------------------- Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. [...] The threat actors typically gain access to the target environment using a valid remote desktop protocol (RDP) account, leverage remote Windows Services (SCM) for lateral movement, and abuse MSBuild to execute the Cobalt Strike Beacon payload. --------------------------------------------- https://www.securityweek.com/threat-actors-abuse-msbuild-cobalt-strike-beac… ===================== = Vulnerabilities = ===================== ∗∗∗ An update on the Apache Log4j 2.x vulnerabilities ∗∗∗ --------------------------------------------- Update December 28, 10:01am The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated. --------------------------------------------- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-4422… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions). --------------------------------------------- https://lwn.net/Articles/879952/ ∗∗∗ Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinibm-spss-modeler-is-vulner… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: IBM Navigator for i is affected by security vulnerability (CVE-2021-38876) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-af… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2021
by Daily end-of-shift report 27 Dec '21

27 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-12-2021 18:00 − Montag 27-12-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Rook ransomware is yet another spawn of the leaked Babuk code ∗∗∗ --------------------------------------------- A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/rook-ransomware-is-yet-anoth… ∗∗∗ QNAP NAS devices hit in surge of ech0raix ransomware attacks ∗∗∗ --------------------------------------------- Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surg… ∗∗∗ Example of how attackers are trying to push crypto miners via Log4Shell, (Fri, Dec 24th) ∗∗∗ --------------------------------------------- While following Log4Shell's exploit attempts hitting our honeypots, I came across another campaign trying to push a crypto miner on the victims machines. --------------------------------------------- https://isc.sans.edu/diary/rss/28172 ∗∗∗ More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild ∗∗∗ --------------------------------------------- A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. --------------------------------------------- https://therecord.media/more-than-1200-phishing-toolkits-capable-of-interce… ∗∗∗ QNAP Firmware-Update Version QTS 5.0.0.1891 build 20211221 und log4j-Schwachstelle ∗∗∗ --------------------------------------------- Der Hersteller QNAP hat kurz vor Weihnachten ein Firmware-Update für sein QTS 5 freigegeben. Das Update schließt einige Schwachstellen. Zudem wurde eine log4j-Schwachstelle in QNAP-Software gemeldet. --------------------------------------------- https://www.borncity.com/blog/2021/12/26/qnap-firmware-update-version-qts-5… ===================== = Vulnerabilities = ===================== ∗∗∗ Garrett Walk-Through Metal Detectors Can Be Hacked Remotely ∗∗∗ --------------------------------------------- A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. --------------------------------------------- https://thehackernews.com/2021/12/garrett-walk-through-metal-detectors.html ∗∗∗ Remote Code Execution Vulnerabilities in Veritas Enterprise Vault ∗∗∗ --------------------------------------------- Veritas has discovered an issue where Veritas Enterprise Vault could allow Remote Code Execution on a vulnerable Enterprise Vault Server. CVSS v3.1 Base Score 9.8 CVEs: CVE-2021-44679, CVE-2021-44680, CVE-2021-44678, CVE-2021-44677, CVE-2021-44682, CVE-2021-44681 --------------------------------------------- https://www.veritas.com/content/support/en_US/security/VTS21-003 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 33 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc). --------------------------------------------- https://lwn.net/Articles/879791/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc). --------------------------------------------- https://lwn.net/Articles/879891/ ∗∗∗ SolarWinds - multiple advisories ∗∗∗ --------------------------------------------- https://www.solarwinds.com/trust-center/security-advisories ∗∗∗ Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211215-… ∗∗∗ K16090693: Apache HTTP server vulnerability CVE-2021-44224 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16090693 ∗∗∗ Moxa MGate Protocol Gateways ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-357-01 ∗∗∗ Johnson Controls exacq Enterprise Manager ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.12.2021
by Daily end-of-shift report 23 Dec '21

23 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-12-2021 18:00 − Donnerstag 23-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Dridex malware trolls employees with fake job termination emails ∗∗∗ --------------------------------------------- A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a seasons greeting message. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dridex-malware-trolls-employ… ∗∗∗ Microsoft Azure App Service flaw exposed customer source code ∗∗∗ --------------------------------------------- A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code for at least four years, since 2017. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-azure-app-service-… ∗∗∗ Honeypot experiment reveals what hackers want from IoT devices ∗∗∗ --------------------------------------------- A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-… ∗∗∗ Attackers, CSIRTs and Individual Rights: Clarified ∗∗∗ --------------------------------------------- A few years ago I wrote a post on how the GDPR copes with situations when there was a conflict between the obligation to prevent, detect and investigate incidents and the obligation to inform all those whose personal data you process. GDPR Article 14(5) provides a general tool for resolving that conflict: you don’t need to inform if doing so “is likely to render impossible or seriously impair the achievement of the objectives of that processing”. --------------------------------------------- https://regulatorydevelopments.jiscinvolve.org/wp/2021/12/22/attackers-csir… ∗∗∗ Microsoft Teams blockiert Notrufe mit Android-Handys – Update einspielen ∗∗∗ --------------------------------------------- Die Android-App für Microsoft Teams kann unter Umständen Notrufe vom Handy verhindern. Die aktuelle Version soll das unterlassen. [...] Wie es überhaupt dazu kommen kann, dass eine App ohne Root-Rechte die wichtigste Funktion des Telefons sabotieren kann, verraten weder Google noch Microsoft. [...] Das zugrundeliegende Sicherheitsproblem in Android möchte Google mit dem ersten Android-Sicherheitsupdate im neuen Jahr beheben. --------------------------------------------- https://heise.de/-6306221 ∗∗∗ Audio bugging with the Fisher Price Chatter Bluetooth Telephone ∗∗∗ --------------------------------------------- The Fisher Price Chatter Bluetooth Telephone is a reincarnation of a familiar kids toy. It acts as a Bluetooth headset, so the user can connect their smartphone to it and take calls using the kids phone handset. Cute! Unfortunately, little to no consideration has been given to privacy and security, resulting in it becoming an audio bug in some circumstances. --------------------------------------------- https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher… ∗∗∗ This new ransomware has simple but very clever tricks to evade PC defenses ∗∗∗ --------------------------------------------- One of the key features of AvosLocker is using the AnyDesk remote IT administration tool and running it Windows Safe Mode. The latter option was used by REvil, Snatch and BlackMatter as a way to disable a target's intended security and IT admin tools. As Sophos points out, many endpoint security products do not run in Safe Mode – a special diagnostic configuration in which Windows disables most third-party drivers and software, and can render otherwise protected machines unsafe. --------------------------------------------- https://www.zdnet.com/article/this-new-ransomware-has-simple-but-very-cleve… ∗∗∗ Log4j Vulnerabilities: Attack Insights ∗∗∗ --------------------------------------------- Symantec [..] has observed numerous variations in attack requests primarily aimed at evading detection. [..] Attackers are predominantly using the LDAP and RMI protocols to download malicious payloads. We have also recorded vulnerability scans using protocols such as IIOP, DNS, HTTP, NIS etc. Payloads: Muhstik Botnet, XMRig miner, Malicious class file backdoor, Reverse Bash shell. Other publicly reported payloads include the Khonsari and Conti ransomware threats, the Orcus remote access Trojan (RAT), and the Dridex malware, among others. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lo… ===================== = Vulnerabilities = ===================== ∗∗∗ Mail Login - Moderately critical - Access bypass - SA-CONTRIB-2021-047 ∗∗∗ --------------------------------------------- Project: Mail Login Security risk: Moderately critical Description: This modules enables users to login via email address.This module does not sufficiently check user status when authenticating.Solution: Install the latest version If you use the mail_login module for Drupal 8 or 9, upgrade to Mail Login 8.x-2.5 --------------------------------------------- https://www.drupal.org/sa-contrib-2021-047 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 46 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ CVE-2021-44790: Apache HTTP Server / mod_lua ∗∗∗ --------------------------------------------- A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. --------------------------------------------- https://www.openwall.com/lists/oss-security/2021/12/20/4 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-11), Fedora (keepalived and tang), openSUSE (openssh, p11-kit, runc, and thunderbird), Oracle (postgresql:12, postgresql:13, and virt:ol and virt-devel:ol), Red Hat (rh-maven36-log4j12), and SUSE (ansible, chrony, logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh, openssh, p11-kit, python-Babel, and thunderbird). --------------------------------------------- https://lwn.net/Articles/879675/ ∗∗∗ QEMU: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1304 ∗∗∗ Security Advisory - Apache log4j2 remote code execution vulnerability in some Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211215-… ∗∗∗ SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.12.2021
by Daily end-of-shift report 22 Dec '21

22 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-12-2021 18:00 − Mittwoch 22-12-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ CISA releases Apache Log4j scanner to find vulnerable apps ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-s… ∗∗∗ The Biggest Cyber Security Developments in 2021 ∗∗∗ --------------------------------------------- As we charge towards another new year, we decided to pulse our threat intelligence team (@teamcymru_s2) for their views on what they perceive to be the biggest developments in cyber security over the past twelve months. --------------------------------------------- https://team-cymru.com/blog/2021/12/21/the-biggest-cyber-security-developme… ∗∗∗ Vorsicht vor betrügerischer BAWAG-SMS ∗∗∗ --------------------------------------------- Eine SMS-Falle kursiert, die dazu aufruft eine angebliche Sicherheits-App von der BAWAG-Bank zu installieren. --------------------------------------------- https://futurezone.at/digital-life/betrug-bawag-sms-phishing/401851228 ∗∗∗ Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look ∗∗∗ --------------------------------------------- There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. --------------------------------------------- https://threatpost.com/java-supply-chain-log4j-bug/177211/ ∗∗∗ December 2021 Forensic Contest: Answers and Analysis, (Wed, Dec 22nd) ∗∗∗ --------------------------------------------- Thanks to everyone who participated in our December 2021 forensic challenge! You can still find the pcap for our December 2021 forensic contest here. --------------------------------------------- https://isc.sans.edu/diary/rss/28160 ∗∗∗ Vorsicht beim Autokauf: Privatkäufe nicht über easycarpay.net abwickeln ∗∗∗ --------------------------------------------- Wer auf der Suche nach günstigen Gebrauchtautos ist, wird oft auf Kleinanzeigenplattformen fündig. Doch seien Sie vorsichtig, wenn Ihr Gegenüber sich plötzlich im Ausland befindet oder andere Ausreden erfindet, wieso eine Besichtigung des Fahrzeugs nicht möglich sei. Spätestens wenn die Verkäuferin oder der Verkäufer vorschlägt, den Kauf über die Webseite easycarpay.net abzuwickeln, sollten Sie den Kontakt abbrechen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-autokauf-privatkaeufe-… ∗∗∗ Ubisoft erneut Opfer eines Cyberangriffs ∗∗∗ --------------------------------------------- Der Spielegigant Ubisoft hat einen Cyberangriff auf seine IT-Infrastruktur bestätigt, der auf das beliebte Spiel Just Dance abzielte. Laut Ubisoft gab es einen Einbruch in die IT-Infrastruktur des Unternehmens. --------------------------------------------- https://www.zdnet.de/88398543/ubisoft-erneut-opfer-eines-cyberangriffs/ ∗∗∗ Mitigating Log4Shell and Other Log4j-Related Vulnerabilities ∗∗∗ --------------------------------------------- CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/12/22/mitigating-log4sh… ===================== = Vulnerabilities = ===================== ∗∗∗ NVIDIA discloses applications impacted by Log4j vulnerability ∗∗∗ --------------------------------------------- NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nvidia-discloses-application… ∗∗∗ VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass ∗∗∗ --------------------------------------------- Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured for authentication. --------------------------------------------- https://kb.cert.org/vuls/id/692873 ∗∗∗ Active Directory: Microsoft warnt vor einfacher Domain-Übernahme ∗∗∗ --------------------------------------------- Zwei bekannte und bereits behobene Fehler in Active Directory ließen sich leicht ausnutzen, warnt Microsoft und empfiehlt dringend Updates. --------------------------------------------- https://www.golem.de/news/active-directory-microsoft-warnt-vor-einfacher-do… ∗∗∗ Four Bugs in Microsoft Teams Left Platform Vulnerable Since March ∗∗∗ --------------------------------------------- Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. --------------------------------------------- https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 68 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ WordPress-Plug-in: Kritische Lücke in All In One SEO bedroht Millionen Websites ∗∗∗ --------------------------------------------- Angreifer könnten WordPress-Websites mit All in One SEO mit Schadcode attackieren. Eine abgesicherte Version schafft Abhilfe. --------------------------------------------- https://heise.de/-6304412 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, ipa, log4j, and samba), Debian (sogo, spip, and xorg-server), Fedora (jansi and log4j), Mageia (apache, apache-mod_security, kernel, kernel-linus, and x11-server), openSUSE (log4j and xorg-x11-server), Oracle (kernel, log4j, and openssl), and SUSE (libqt4 and xorg-x11-server). --------------------------------------------- https://lwn.net/Articles/879492/ ∗∗∗ Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 (UPDATE) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SSA-479842: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-479842.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2021
by Daily end-of-shift report 21 Dec '21

21 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Montag 20-12-2021 18:00 − Dienstag 21-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malware: Wer hat Angst vor Androids Barrierefreiheit? ∗∗∗ --------------------------------------------- Schadsoftware unter Android nutzt häufig die Accessibility Services, um Sicherheitsfunktionen auszuhebeln. Doch Apps können sich schützen. --------------------------------------------- https://www.golem.de/news/malware-wer-hat-angst-vor-androids-barrierefreihe… ∗∗∗ Xcode: Hotfix soll Log4j-Lücke umfahren ∗∗∗ --------------------------------------------- Apples Entwicklungsumgebung enthält eine angreifbare Version der Java-Logging-Bibliothek log4j. Beim Upload von iOS-Apps soll aber ein Fix greifen. --------------------------------------------- https://heise.de/-6301988 ∗∗∗ Have I Been Pwned: 225 Millionen neue Passwörter von britischer Polizeibehörde ∗∗∗ --------------------------------------------- Der Datensatz des Passwort-Prüfdiensts wächst immer weiter. Für Strafverfolgungsbehörden gibt es nun einen Weg, sichergestellte Daten direkt einzuspeisen. --------------------------------------------- https://heise.de/-6301963 ∗∗∗ Google entfernt Malware-infizierte SMS-App aus Play Store ∗∗∗ --------------------------------------------- Auf mehr als 500.000 Installationen kam eine Messages-App in Googles App-Store, die die Malware Joker einschleppte. Inzwischen hat Google die App entfernt. --------------------------------------------- https://heise.de/-6302544 ∗∗∗ Sicher verkaufen auf Willhaben, Shpock & Co ∗∗∗ --------------------------------------------- Sie möchten ungenutzte Gegenstände weiterverkaufen? Mit Plattformen wie willhaben, shpock oder Facebook haben Sie zahlreiche Möglichkeiten, alte Möbel, vernachlässigte Sportausrüstung oder Elektrogeräte an den Mann oder die Frau zu bringen. Dabei gibt es aber einiges zu beachten! Wir zeigen Ihnen, wie Sie sicher über Kleinanzeigenplattformen verkaufen. --------------------------------------------- https://www.watchlist-internet.at/news/sicher-verkaufen-auf-willhaben-shpoc… ∗∗∗ Backdoor CVE-2021-40859 in Auerswald Telefonanlagen (z.B. COMpact 5500R 7.8A & 8.0B) gefixt ∗∗∗ --------------------------------------------- Auerswald ist ein deutscher Hersteller von Telefonanlagen für den Unternehmenseinsatz. Sicherheitsforscher haben in der Firmware von Auerswald Telefonanlagen (z.B. COMpact 5500R) Hintertüren entdeckt, über die man das Administrator-Passwort zurücksetzen konnte. Dies wurde zum 20.12.2021 offen gelegt. Hier einige Informationen dazu. --------------------------------------------- https://www.borncity.com/blog/2021/12/21/backdoor-cve-2021-40859-in-auerswa… ∗∗∗ Two Active Directory Bugs Lead to Easy Windows Domain Takeover ∗∗∗ --------------------------------------------- Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. --------------------------------------------- https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/ ∗∗∗ Day 10: where we are with log4j from honeypot’s perspective ∗∗∗ --------------------------------------------- Our team spent great deal of effort on simulating different protocols, applications and vulnerabilities with our honeypot (Anglerfish and Apacket) system. When big event happens, we are always curious what we see from the honeypot side. Since log4j came to light 10 days ago, we have published two related blogs, --------------------------------------------- https://blog.netlab.360.com/apache-log4j2-vulnerability-attack-trend-from-t… ∗∗∗ [SANS ISC] More Undetected PowerShell Dropper ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“: Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. --------------------------------------------- https://blog.rootshell.be/2021/12/21/sans-isc-more-undetected-powershell-dr… ∗∗∗ Velociraptor & Loki ∗∗∗ --------------------------------------------- Velociraptor is a great DFIR tool that becomes more and more popular amongst Incident Handlers. Velociraptor works with agents that are deployed on endpoints. Once installed, the agent automatically “phones home” and keep s a connection with the server [...] --------------------------------------------- https://blog.rootshell.be/2021/12/21/velociraptor-loki/ ∗∗∗ RCE in Visual Studio Codes Remote WSL for Fun and Negative Profit ∗∗∗ --------------------------------------------- The Visual Studio Code server in Windows Subsystem for Linux uses a local WebSocket WebSocket connection to communicate with the Remote WSL extension. JavaScript in websites can connect to this server and execute arbitrary commands on the target system. --------------------------------------------- https://parsiya.net/blog/2021-12-20-rce-in-visual-studio-codes-remote-wsl-f… ∗∗∗ Log4j vulnerability: what should boards be asking? ∗∗∗ --------------------------------------------- Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability. --------------------------------------------- https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be… ∗∗∗ FBI Sees APTs Exploiting Recent ManageEngine Desktop Central Vulnerability ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation (FBI) has released an alert regarding the exploitation of a recent vulnerability in Zoho’s ManageEngine Desktop Central product. --------------------------------------------- https://www.securityweek.com/fbi-sees-apts-exploiting-recent-manageengine-d… ∗∗∗ After ransomware attack, global logistics firm Hellmann warns of scam calls and mail ∗∗∗ --------------------------------------------- Hellmann said customers need to make sure they are really communicating with an employee through all calls or mail. --------------------------------------------- https://www.zdnet.com/article/after-ransomware-attack-global-logistics-firm… ∗∗∗ Why vulnerabilities are like buses ∗∗∗ --------------------------------------------- How organisations can address the growing trend in which multiple vulnerabilities within a single product are exploited over a short period. --------------------------------------------- https://www.ncsc.gov.uk/blog-post/why-vulnerabilities-are-like-buses ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 30 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (log4j), openSUSE (chromium, log4j, netdata, and nextcloud), Oracle (kernel and kernel-container), Red Hat (kernel, kernel-rt, log4j, openssl, postgresql:12, postgresql:13, and virt:rhel and virt-devel:rhel), Slackware (httpd), SUSE (xorg-x11-server), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/879360/ ∗∗∗ mySCADA myPRO ∗∗∗ --------------------------------------------- This advisory contains mitigations for Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, and OS Command Injection vulnerabilities in the mySCADA myPRO HMI/SCADA system. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01 ∗∗∗ Horner Automation Cscape EnvisionRV ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Improper Input Validation vulnerability in Horner Automation Cscape EnvisionRV industrial remote viewing software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-355-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory contains mitigations for Stack-based Buffer Overflow, and Heap-based Buffer Overflow vulnerabilities in WECON LeviStudioU HMI programming software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-355-03 ∗∗∗ Emerson DeltaV ∗∗∗ --------------------------------------------- This advisory contains mitigations for Missing Authentication for Critical Function, and Uncontrolled Search Path Element vulnerabilities in the Emerson DeltaV control system controllers and workstations. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-355-04 ∗∗∗ Schneider Electric Rack PDU (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-21-348-02 Schneider Electric Rack PDU that was published December 14, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Schneider Electric Rack Power Distribution Unit (PDU). --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-348-02 ∗∗∗ Fresenius Kabi Agilia Connect Infusion System ∗∗∗ --------------------------------------------- This advisory contains mitigations for several vulnerabilities in the Fresenius Kabi Agilia Connect Infusion System. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-21-355-01 ∗∗∗ Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products ∗∗∗ --------------------------------------------- BOSCH-SA-572602: The Apache Software Foundation has published information about a vulnerability in the Java logging framework *log4j*, which allows an attacker to execute arbitrary code loaded from LDAP or JNDI related endpoints which are under control of the attacker. \[1\]Additionally, a further vulnerability might allow an attacker to cause a denial of service by sending a crafted string to the framework. From Bosch Rexroth, only the IoT Gateway software has been identified as affected. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-572602.html ∗∗∗ SSA-397453: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-397453.txt ∗∗∗ Security Bulletin: IBM Cognos Controller 10.4.2 IF16: Apache Log4j vulnerability (CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-10-… ∗∗∗ An update on the Apache Log4j CVE-2021-44228 vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-4422… ∗∗∗ CVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 (Severity: CRITICAL) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2021-44228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2021
by Daily end-of-shift report 20 Dec '21

20 Dec '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-12-2021 18:00 − Montag 20-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== *** News zu Log4j *** --------------------------------------------- Upgraded to log4j 2.16? Surprise, theres a 2.17 fixing DoS: https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surpri… Log4j vulnerability now used to install Dridex banking malware: https://www.bleepingcomputer.com/news/security/log4j-vulnerability-now-used… Log4Shell: Mehrheit der Java-Pakete hat noch kein Log4J-Update: https://www.golem.de/news/log4shell-mehrheit-der-java-pakete-hat-noch-kein-… Answering Log4Shell-related questions: https://securelist.com/answering-log4shell-related-questions/105402/ Third Log4J Bug Can Trigger DoS; Apache Issues Patch: https://threatpost.com/third-log4j-bug-dos-apache-patch/177159/ TellYouThePass ransomware revived in Linux, Windows Log4j attacks: https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-re… New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability: https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.ht… Second Log4j Vulnerability (CVE-2021-45046) Discovered - New Patch Released: https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html Google: OSS-Fuzz soll Log4j-Fehler in Open-Source-Software finden: https://heise.de/-6298560 Erster Wurm "kriecht" durch Log4j-Sicherheitslücke: https://heise.de/-6299080 Was Geschäftsführer jetzt über Log4Shell wissen sollten: https://www.welivesecurity.com/deutsch/2021/12/17/was-geschaeftsfuehrer-ueb… Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability: https://www.zdnet.com/article/apache-releases-new-2-17-0-patch-for-log4j-to… Log4j-Infos, belgisches Verteidigungsministerium betroffen?: https://www.borncity.com/blog/2021/12/20/log4j-infos-belgisches-verteidigun… --------------------------------------------- https://cert.at/de/warnungen/2021/12/kritische-0-day-sicherheitslucke-in-ap… ∗∗∗ Western Digital warns customers to update their My Cloud devices ∗∗∗ --------------------------------------------- Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support. --------------------------------------------- https://www.bleepingcomputer.com/news/security/western-digital-warns-custom… ∗∗∗ Office 2021: VBA Project Version, (Sun, Dec 19th) ∗∗∗ --------------------------------------------- 2 years ago, in diary entry "VBA Office Document: Which Version?", I listed all internal VBA project version numbers for the Office versions I had access to. --------------------------------------------- https://isc.sans.edu/diary/rss/28150 ∗∗∗ Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store ∗∗∗ --------------------------------------------- A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. --------------------------------------------- https://thehackernews.com/2021/12/over-500000-android-users-downloaded.html ∗∗∗ Inside a PBX - Discovering a Firmware Backdoor ∗∗∗ --------------------------------------------- This blog post illustrates how RedTeam Pentesting discovered a real-world backdoor in a widely used Auerswald phone system (see also the advisory and CVE-2021-40859). --------------------------------------------- https://blog.redteam-pentesting.de/2021/inside-a-pbx/ ∗∗∗ Weniger Datenklau am Geldautomaten: "Skimming nicht mehr interessant" ∗∗∗ --------------------------------------------- Kriminelle können mit per Skimming erbeuteten Daten von Bankkunden immer weniger anfangen. Weitaus größere Schäden richten inzwischen andere Methoden an. --------------------------------------------- https://heise.de/-6298777 ∗∗∗ Erpressergruppe Conti nutzt Sicherheitslücke "Log4Shell" für ihre Ransomware ∗∗∗ --------------------------------------------- Der Erpressungstrojaner der bekannten Conti-Gang wird bereits auf die Lücke "Log4Shell" losgelassen. Damit wächst das Bedrohungspotenzial deutlich. --------------------------------------------- https://heise.de/-6298874 ∗∗∗ Sicherheitsrisiko: Support für einige NAS-Systeme von Western Digital läuft aus ∗∗∗ --------------------------------------------- Mehrere NAS-Modelle der My-Cloud-Serie bekommen bald keine Sicherheitsupdates mehr. Diese Geräte sollten nicht mehr am Internet hängen. --------------------------------------------- https://heise.de/-6299386 ∗∗∗ Analyse, wie TeamTNT Docker-Hub-Konten kompromittiert ∗∗∗ --------------------------------------------- Und schon sind wir beim 19. Türchen im Security-Adventskalender meines Blogs und ich schiebe mal ein weiteres Sicherheitsthema hinter dieses Türchen. Der Sicherheitsanbieter Trend Micro hat einen Bericht veröffentlicht, der beleuchtet, wie der Bedrohungsakteur TeamTNT vorgeht, um Konten von Docker-Hubs [...] --------------------------------------------- https://www.borncity.com/blog/2021/12/19/analyse-wie-teamtnt-docker-hub-kon… ∗∗∗ Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.5 ∗∗∗ --------------------------------------------- A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.5 & 4.4. --------------------------------------------- https://blog.zsec.uk/cobalt-strike-profiles/ ∗∗∗ Kernel Karnage – Part 7 (Out of the Lab and Back to Reality) ∗∗∗ --------------------------------------------- This week I emerge from the lab and put on a different hat. 1. Switching hats With Interceptor being successful in blinding $vendor2 sufficiently to run a meterpreter reverse shell, it is time to put on the red team hat and get out of the perfect lab environment. --------------------------------------------- https://blog.nviso.eu/2021/12/20/kernel-karnage-part-7-out-of-the-lab-and-b… ∗∗∗ Case of Ransomware Infection in a Company Using Local Administrator Accounts Set with Same Password ∗∗∗ --------------------------------------------- After analyzing the infected systems of the company that suffered damage from the recent Lockis ransomware infection, the ASEC analysis team discovered that the attacker executed the ransomware after RDP accessing the infected systems with local Administrator accounts. An investigation of local Administrator information of the infected systems showed that their passwords have not been changed for 1-2 years and that they were all set with the same password. --------------------------------------------- https://asec.ahnlab.com/en/29871/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2021-0029 ∗∗∗ --------------------------------------------- VMware Workspace ONE UEM console patches address SSRF vulnerability (CVE-2021-22054) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0029.html ∗∗∗ VMSA-2021-0030 ∗∗∗ --------------------------------------------- VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities (CVE-2021-22056, CVE-2021-22057) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0030.html ∗∗∗ XSA-392 ∗∗∗ --------------------------------------------- Guest can force Linux netback driver to hog large amounts of kernel memory --------------------------------------------- https://xenbits.xen.org/xsa/advisory-392.html ∗∗∗ XSA-391 ∗∗∗ --------------------------------------------- Rogue backends can cause DoS of guests via high frequency events --------------------------------------------- https://xenbits.xen.org/xsa/advisory-391.html ∗∗∗ XSA-376 ∗∗∗ --------------------------------------------- frontends vulnerable to backends --------------------------------------------- https://xenbits.xen.org/xsa/advisory-376.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache-log4j2, firefox-esr, libssh2, modsecurity-apache, and tang), Fedora (lapack, log4j, rust-libsqlite3-sys, rust-rusqlite, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (bind, botan2, chromium-browser-stable, dovecot, hiredis, keepalived, log4j, matio, mediawiki, olm, openssh, pjproject, privoxy, vim, and watchdog), openSUSE (barrier, nim, and python-pip), Oracle (ipa and samba), Scientific Linux (ipa and samba), SUSE (log4j), and Ubuntu [...] --------------------------------------------- https://lwn.net/Articles/879228/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. --------------------------------------------- https://webkitgtk.org/security/WSA-2021-0007.html ∗∗∗ Vulnerability Spotlight: Vulnerabilities in metal detector peripheral could allow attackers to manipulate security devices ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple vulnerabilities in a device from Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, manipulate metal detector [...] --------------------------------------------- http://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-dete… *** Log4j Security Advisories *** --------------------------------------------- Security Advisory - Apache Log4j2 CVE 2021-44228 (Log4Shell): https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-… Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… Log4j Vulnerability CVE-2021-45105: What You Need to Know: https://www.whitesourcesoftware.com/resources/blog/log4j-vulnerability-cve-… An update on the Apache Log4j CVE-2021-44228 vulnerability: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-4422… Citrix Security Advisory for Apache CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105: https://support.citrix.com/article/CTX335705 Log4j Zero-Day Vulnerability: https://exchange.xforce.ibmcloud.com/collection/4daa3df4f73a51590efced7fb90… CVE-2021-45105: Denial of Service via Uncontrolled Recursion in Log4j StrSubstitutor: https://www.thezdi.com/blog/2021/12/17/cve-2021-45105-denial-of-service-via… CVE-2021-44228 Impact of Log4j Vulnerability CVE-2021-44228 and CVE-2021-45046 (Severity: CRITICAL): https://security.paloaltonetworks.com/CVE-2021-44228 SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products: https://cert-portal.siemens.com/productcert/txt/ssa-661247.txt SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products: https://cert-portal.siemens.com/productcert/txt/ssa-501673.txt Apache Log4j Vulnerability: http://security.googleblog.com/2021/12/apache-log4j-vulnerability.html Log4j Update Patches New Vulnerability That Allows DoS Attacks: https://www.securityweek.com/log4j-update-patches-new-vulnerability-allows-… --------------------------------------------- https://cert.at/de/warnungen/2021/12/kritische-0-day-sicherheitslucke-in-ap… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Apache HTTP Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1296 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily