[CERT-daily] Tageszusammenfassung - 29.12.2021
Daily end-of-shift report
team at cert.at
Wed Dec 29 18:27:52 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-12-2021 18:00 − Mittwoch 29-12-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ RedLine malware shows why passwords shouldnt be saved in browsers ∗∗∗
---------------------------------------------
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/redline-malware-shows-why-passwords-shouldnt-be-saved-in-browsers/
∗∗∗ Microsoft Defender Log4j scanner triggers false positive alerts ∗∗∗
---------------------------------------------
Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the companys newly deployed Microsoft 365 Defender scanner for Log4j processes.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/
∗∗∗ Wieder Sicherheitslücken in Herzschrittmachern gefunden ∗∗∗
---------------------------------------------
Auf der Online-Konferenz RC3 zeigten zwei Sicherheitsforscher, wie sie Cardio-Geräte unter die Lupe genommen haben.
---------------------------------------------
https://futurezone.at/digital-life/herzschrittmacher-sicherheitsluecken-rc3/401856956
∗∗∗ Responsible Disclosure: Deine Software, die Sicherheitslücken und ich ∗∗∗
---------------------------------------------
Wie meldet man Sicherheitslücken eigentlich richtig? Und wie sollten Unternehmen damit umgehen? Zerforschung und CCC klären auf. Ein Bericht von Moritz Tremmel (rC3, API)
---------------------------------------------
https://www.golem.de/news/responsible-disclosure-deine-software-die-sicherheitsluecken-und-ich-2112-162067-rss.html
∗∗∗ LotL Classifier tests for shells, exfil, and miners, (Tue, Dec 28th) ∗∗∗
---------------------------------------------
A supervised learning approach to Living off the Land attack classification from Adobe SI
---------------------------------------------
https://isc.sans.edu/diary/rss/28184
∗∗∗ Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics ∗∗∗
---------------------------------------------
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. [...] Initial attacks involved executing a malicious command upon running a vanilla image named "alpine:latest" that resulted in the download of a shell script named "autom.sh." "Adversaries commonly use vanilla images along with malicious commands to perform their attacks, because most organizations trust the official images and allow their use,"
---------------------------------------------
https://thehackernews.com/2021/12/ongoing-autom-cryptomining-malware.html
∗∗∗ Turning bad SSRF to good SSRF: Websphere Portal ∗∗∗
---------------------------------------------
In this blog post, we will explain how we discovered a multitude of SSRF vulnerabilities in HCL Websphere, as well as how we turned a restrictive, bad SSRF to a good SSRF.
---------------------------------------------
https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
∗∗∗ Storage Devices of Major Vendors Impacted by Encryption Software Flaws ∗∗∗
---------------------------------------------
Earlier this month, SecurityWeek reported that Western Digital had updated its SanDisk SecureAccess product to address vulnerabilities that can be exploited to gain access to user data through brute force and dictionary attacks.
SanDisk SecureAccess, recently rebranded SanDisk PrivateAccess, is a piece of software that allows users to encrypt files and folders stored in a protected vault on SanDisk USB flash drives.[...] Pelissier detailed his findings this week at the Chaos Computer Club’s Remote Chaos Experience (rC3) virtual conference, where he revealed that the vulnerabilities were actually discovered in the DataVault encryption software made by ENC Security.
---------------------------------------------
https://www.securityweek.com/storage-devices-major-vendors-impacted-encryption-software-flaws
∗∗∗ Sicher kaufen auf Willhaben, Shpock & Co. ∗∗∗
---------------------------------------------
Sie sind auf der Suche nach gebrauchten Schnäppchen? Mit Kleinanzeigenplattformen wie willhaben, Shpock oder den Facebook Marketplace gibt es zahlreiche Möglichkeiten, um zu stöbern und das perfekte Schnäppchen zu finden. Allerdings sollten Sie beim Shoppen auf solchen Plattformen einige Punkte beachten.
---------------------------------------------
https://www.watchlist-internet.at/news/sicher-kaufen-auf-willhaben-shpock-co/
∗∗∗ Threat actor uses HP iLO rootkit to wipe servers ∗∗∗
---------------------------------------------
An Iranian cyber-security firm said it discovered a first-of-its-kind rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations.
---------------------------------------------
https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/
=====================
= Vulnerabilities =
=====================
∗∗∗ Log4Shell vulnerability Number Four: “Much ado about something” ∗∗∗
---------------------------------------------
CVE-2021-44832; Its a Log4j bug, and you ought to patch it. But we dont think its a critical crisis like the last one.
---------------------------------------------
https://nakedsecurity.sophos.com/2021/12/29/log4shell-vulnerability-number-four-much-ado-about-something/
∗∗∗ SSA-784507: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products ∗∗∗
---------------------------------------------
This advisory informs about the impact of CVE-2021-44832 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from other JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-784507.txt
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, python-gnupg, resiprocate, and ruby-haml), Fedora (mod_auth_mellon), openSUSE (thunderbird), Slackware (wpa_supplicant), and SUSE (gegl).
---------------------------------------------
https://lwn.net/Articles/879995/
∗∗∗ D-LINK Router (DIR-2640 <= 1.11B02): Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und beliebigen Code als root auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1313
∗∗∗ Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. ∗∗∗
---------------------------------------------
Citrix continues to investigate the potential impact on customer-managed (on-premises) products. Please find below the present status of these products for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105.
- Citrix Endpoint Management (Citrix XenMobile Server): Impacted – Customers are advised to apply the latest CEM rolling patch updates
- Citrix Virtual Apps and Desktops (XenApp & XenDesktop): Impacted - Linux VDA (non-LTSR versions only)
---------------------------------------------
https://support.citrix.com/article/CTX335705
∗∗∗ Exposure of Sensitive Information in QTS, QuTS hero, and QuTScloud ∗∗∗
---------------------------------------------
CVE identifier: CVE-2021-34347
Affected products: All QNAP NAS
A vulnerability involving exposure of sensitive information has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. If exploited, this vulnerability allows attackers to compromise the security of the system.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-53
∗∗∗ Security Advisory - Cross-Site Scripting(XSS) Vulnerability in Huawei WS318n Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211229-01-xss-en
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-spectrum-protect-snapshot-for-vmware-cve-2021-44228-4/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM SANnav software used by IBM b-type SAN directors and switches (CVE-2021-45105 and CV-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sannav-software-used-by-ibm-b-type-san-directors-and-switches-cve-2021-45105-and-cv-2021-45046/
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-4104-5/
∗∗∗ Security Bulletin: Apache Log4j vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches-2/
∗∗∗ Security Bulletin: Apache Log4j vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list