[CERT-daily] Tageszusammenfassung - 16.02.2022
Daily end-of-shift report
team at cert.at
Wed Feb 16 18:10:04 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 15-02-2022 18:00 − Mittwoch 16-02-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Researcher fully recovers text from pixels: how to reverse redaction ∗∗∗
---------------------------------------------
A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researcher-fully-recovers-text-from-pixels-how-to-reverse-redaction/
∗∗∗ Trickbot Malware Targeted Customers of 60 High-Profile Companies Since 2020 ∗∗∗
---------------------------------------------
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features.
---------------------------------------------
https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html
∗∗∗ 25 years on, Microsoft makes another stab at stopping macro malware ∗∗∗
---------------------------------------------
Microsoft has announced that from April 2022 it is changing the default behavior of Office applications so that they block macros in files from the internet. What’s more, it won’t give users a simple one-click way to allow the macros to run, foiling much of the social engineering tricks commonly used by cybercriminals.
---------------------------------------------
https://grahamcluley.com/microsoft-stab-macro-viruses/
∗∗∗ OpSec. Hunting wireless ∗∗∗
---------------------------------------------
Continuing my series on OSINT techniques you can use for reviewing your own corporate OpSec, one of the most common services available in a modern corporate office is of course wireless.
---------------------------------------------
https://www.pentestpartners.com/security-blog/opsec-hunting-wireless/
∗∗∗ Characterising Cybercriminals: A Review. (arXiv:2202.07419v1 [cs.CY]) ∗∗∗
---------------------------------------------
This review provides an overview of current research on the knowncharacteristics and motivations of offenders engaging in cyber-dependentcrimes.
---------------------------------------------
http://arxiv.org/abs/2202.07419
=====================
= Vulnerabilities =
=====================
∗∗∗ High-Severity RCE Security Bug Reported in Apache Cassandra Database Software ∗∗∗
---------------------------------------------
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations.
---------------------------------------------
https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html
∗∗∗ VMware-Sicherheitsupdates: Angreifer könnten Schadcode in Host-Systeme schieben ∗∗∗
---------------------------------------------
Die VMware-Entwickler haben Sicherheitslücken in mehreren Anwendungen geschlossen. Sie stufen das Risiko als "kritisch" ein.
---------------------------------------------
https://heise.de/-6478188
∗∗∗ Atlassian Confluence und Jira für mehrere Attacken anfällig ∗∗∗
---------------------------------------------
Admins sollten ihre Confluence und Jira Server vor möglichen Angriffen absichern. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-6478758
∗∗∗ ZDI-22-368: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-368/
∗∗∗ ZDI-22-367: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-367/
∗∗∗ ZDI-22-366: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-366/
∗∗∗ ZDI-22-365: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-365/
∗∗∗ ZDI-22-364: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-364/
∗∗∗ ZDI-22-363: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-363/
∗∗∗ Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
∗∗∗ Cisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-tcp-dos-2Wh8XjAQ
∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW
∗∗∗ Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-system-1-0-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
∗∗∗ Security Bulletin: IBM Maximo Anywhere applications have no binary obfuscation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-applications-have-no-binary-obfuscation-2/
∗∗∗ Security Bulletin: IBM Integrated Analytics System is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-analytics-system-is-vulnerable-to-arbitrary-code-execution-due-to-samba-cve-2021-44142/
∗∗∗ Security Bulletin: IBM Maximo Anywhere applications have no binary obfuscation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-applications-have-no-binary-obfuscation/
∗∗∗ Security Bulletin: IBM Maximo Anywhere Discloses Sensitive Information in Local Storage ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-discloses-sensitive-information-in-local-storage/
∗∗∗ Security Bulletin: App Connect Professional is affected by polkit's pkexec vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-polkits-pkexec-vulnerability/
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-microsoft-windows-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-5/
∗∗∗ SECURITY BULLETIN: February 2022 Security Bulletin for Trend Micro Apex One ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000290464
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list