[CERT-daily] Tageszusammenfassung - 22.12.2021

Daily end-of-shift report team at cert.at
Wed Dec 22 18:12:16 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 21-12-2021 18:00 − Mittwoch 22-12-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ CISA releases Apache Log4j scanner to find vulnerable apps ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/


∗∗∗ The Biggest Cyber Security Developments in 2021 ∗∗∗
---------------------------------------------
As we charge towards another new year, we decided to pulse our threat intelligence team (@teamcymru_s2) for their views on what they perceive to be the biggest developments in cyber security over the past twelve months.
---------------------------------------------
https://team-cymru.com/blog/2021/12/21/the-biggest-cyber-security-developments-in-2021/


∗∗∗ Vorsicht vor betrügerischer BAWAG-SMS ∗∗∗
---------------------------------------------
Eine SMS-Falle kursiert, die dazu aufruft eine angebliche Sicherheits-App von der BAWAG-Bank zu installieren.
---------------------------------------------
https://futurezone.at/digital-life/betrug-bawag-sms-phishing/401851228


∗∗∗ Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look ∗∗∗
---------------------------------------------
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
---------------------------------------------
https://threatpost.com/java-supply-chain-log4j-bug/177211/


∗∗∗ December 2021 Forensic Contest: Answers and Analysis, (Wed, Dec 22nd) ∗∗∗
---------------------------------------------
Thanks to everyone who participated in our December 2021 forensic challenge! You can still find the pcap for our December 2021 forensic contest here.
---------------------------------------------
https://isc.sans.edu/diary/rss/28160


∗∗∗ Vorsicht beim Autokauf: Privatkäufe nicht über easycarpay.net abwickeln ∗∗∗
---------------------------------------------
Wer auf der Suche nach günstigen Gebrauchtautos ist, wird oft auf Kleinanzeigenplattformen fündig. Doch seien Sie vorsichtig, wenn Ihr Gegenüber sich plötzlich im Ausland befindet oder andere Ausreden erfindet, wieso eine Besichtigung des Fahrzeugs nicht möglich sei. Spätestens wenn die Verkäuferin oder der Verkäufer vorschlägt, den Kauf über die Webseite easycarpay.net abzuwickeln, sollten Sie den Kontakt abbrechen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-beim-autokauf-privatkaeufe-nicht-ueber-easycarpaynet-abwickeln/


∗∗∗ Ubisoft erneut Opfer eines Cyberangriffs ∗∗∗
---------------------------------------------
Der Spielegigant Ubisoft hat einen Cyberangriff auf seine IT-Infrastruktur bestätigt, der auf das beliebte Spiel Just Dance abzielte. Laut Ubisoft gab es einen Einbruch in die IT-Infrastruktur des Unternehmens.
---------------------------------------------
https://www.zdnet.de/88398543/ubisoft-erneut-opfer-eines-cyberangriffs/


∗∗∗ Mitigating Log4Shell and Other Log4j-Related Vulnerabilities ∗∗∗
---------------------------------------------
CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NVIDIA discloses applications impacted by Log4j vulnerability ∗∗∗
---------------------------------------------
NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nvidia-discloses-applications-impacted-by-log4j-vulnerability/


∗∗∗ VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass ∗∗∗
---------------------------------------------
Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured for authentication.
---------------------------------------------
https://kb.cert.org/vuls/id/692873


∗∗∗ Active Directory: Microsoft warnt vor einfacher Domain-Übernahme ∗∗∗
---------------------------------------------
Zwei bekannte und bereits behobene Fehler in Active Directory ließen sich leicht ausnutzen, warnt Microsoft und empfiehlt dringend Updates.
---------------------------------------------
https://www.golem.de/news/active-directory-microsoft-warnt-vor-einfacher-domain-uebernahme-2112-161979-rss.html


∗∗∗ Four Bugs in Microsoft Teams Left Platform Vulnerable Since March ∗∗∗
---------------------------------------------
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.
---------------------------------------------
https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 68 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ WordPress-Plug-in: Kritische Lücke in All In One SEO bedroht Millionen Websites ∗∗∗
---------------------------------------------
Angreifer könnten WordPress-Websites mit All in One SEO mit Schadcode attackieren. Eine abgesicherte Version schafft Abhilfe.
---------------------------------------------
https://heise.de/-6304412


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, ipa, log4j, and samba), Debian (sogo, spip, and xorg-server), Fedora (jansi and log4j), Mageia (apache, apache-mod_security, kernel, kernel-linus, and x11-server), openSUSE (log4j and xorg-x11-server), Oracle (kernel, log4j, and openssl), and SUSE (libqt4 and xorg-x11-server).
---------------------------------------------
https://lwn.net/Articles/879492/


∗∗∗ Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 (UPDATE) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd


∗∗∗ SSA-479842: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-479842.txt

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list