[CERT-daily] Tageszusammenfassung - 17.01.2022

Daily end-of-shift report team at cert.at
Mon Jan 17 19:08:27 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-01-2022 18:00 − Montag 17-01-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Security baseline for Microsoft Edge v97 ∗∗∗
---------------------------------------------
We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 97! We have reviewed the settings in Microsoft Edge version 97 and updated our guidance with the addition of 1 setting. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the version 97 package from the Security Compliance Toolkit.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v97/ba-p/3062252


∗∗∗ Log4Shell Attacks Getting "Smarter", (Mon, Jan 17th) ∗∗∗
---------------------------------------------
Ever since news of the Log4Shell vulnerability broke, we saw a stream of attacks attempting to exploit this vulnerability in log4j (CVE-2021-44228).
---------------------------------------------
https://isc.sans.edu/diary/rss/28246


∗∗∗ New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking ∗∗∗
---------------------------------------------
A software bug introduced in Apple Safari 15s implementation of the IndexedDB API could be abused by a malicious website to track users online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021.
---------------------------------------------
https://thehackernews.com/2022/01/new-unpatched-apple-safari-browser-bug.html


∗∗∗ Domain Persistence – Machine Account ∗∗∗
---------------------------------------------
Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a machine account could be used for establishing domain persistence. This involves either the addition of an arbitrary machine account to a high privilege group such as the domain admins or the modification of the “userAccountControl” attribute [...]
---------------------------------------------
https://pentestlab.blog/2022/01/17/domain-persistence-machine-account/


∗∗∗ "Smishing"-Masche: Weiter massenhaft Betrugs-SMS auf Handys ∗∗∗
---------------------------------------------
Wer eine SMS von unbekannt mit einem Link bekommt, sollte vorsichtig sein. Es könnte sich um eine Betrugs-SMS handeln. "Smishing" ist noch immer nicht vorbei.
---------------------------------------------
https://heise.de/-6328158


∗∗∗ Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide ∗∗∗
---------------------------------------------
The GoSecure Titan Labs team saw an opportunity to further explore the topic of hash capturing (which is a must in the arsenal of any offensive team). This blog will examine RDP security modes, how they work and how to put that into action to capture NetNTLMv2 hashes via the RDP protocol using PyRDP—a library created by GoSecure.
---------------------------------------------
https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Serious Security: Linux full-disk encryption bug fixed – patch now! ∗∗∗
---------------------------------------------
Imagine if someone who didnt have your password could sneakily modify data that was encrypted with it.
---------------------------------------------
https://nakedsecurity.sophos.com/2022/01/14/serious-security-linux-full-disk-encryption-bug-fixed-patch-now/


∗∗∗ Über drei Millionen PCs in Deutschland mit unsicherem Windows-System ∗∗∗
---------------------------------------------
Vor zwei Jahren stellte Microsoft den Support für Windows 7 ein. Trotzdem schaffen es viele Anwender nicht, sich von dem unsicheren System zu trennen.
---------------------------------------------
https://heise.de/-6328189


∗∗∗ Virenschutz: Microsoft Defender erleichtert Einnisten von Schädlingen ∗∗∗
---------------------------------------------
Eine kleine Schwachstelle bei Zugriffsrechten des Microsoft Defender unter Windows 10 ermöglicht Angreifern, Malware vor Scans zu verstecken.
---------------------------------------------
https://heise.de/-6329300


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, firefox-esr, ghostscript, libreswan, prosody, sphinxsearch, thunderbird, and uriparser), Fedora (cryptsetup, flatpak, kernel, mingw-uriparser, python-celery, python-kombu, and uriparser), Mageia (htmldoc, mbedtls, openexr, perl-CPAN, systemd, thunderbird, and vim), openSUSE (chromium and prosody), Red Hat (httpd, kernel, and samba), Scientific Linux (kernel), Slackware (expat), SUSE (ghostscript), and Ubuntu (pillow).
---------------------------------------------
https://lwn.net/Articles/881545/


∗∗∗ Oracle to Release Nearly 500 New Security Patches ∗∗∗
---------------------------------------------
Oracle is preparing the release of nearly 500 new security patches with its Critical Patch Update (CPU) for January 2022.
---------------------------------------------
https://www.securityweek.com/oracle-release-nearly-500-new-security-patches


∗∗∗ Microsoft Januar 2022 Patchday-Revisionen (14.1.2022) ∗∗∗
---------------------------------------------
Zum 11. Januar 2022 hat Microsoft eine Reihe Sicherheitsupdates für Windows und Office freigegeben, die Schwachstellen beseitigen sollen. Einige dieser Updates führten aber zu Problemen, so dass Funktionen in Windows gestört wurden. Am 14. Januar 2022 hat Microsoft eine Liste [...]
---------------------------------------------
https://www.borncity.com/blog/2022/01/17/microsoft-januar-2022-patchday-revisionen-14-1-2022/


∗∗∗ ZDI-22-081: TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-081/


∗∗∗ ZDI-22-080: TP-Link Archer C90 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-080/


∗∗∗ OpenBMCS 2.4 Secrets Disclosure ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php


∗∗∗ OpenBMCS 2.4 Unauthenticated SSRF / RFI ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php


∗∗∗ OpenBMCS 2.4 Create Admin / Remote Privilege Escalation ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5693.php


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability (UPDATE A) ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-041/


∗∗∗ GNU libc: Mehrere Schwachstellen ermöglichen Codeausführung und Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0054


∗∗∗ Stored Cross-Site Scripting Schwachstelle in Typo3 Extension "femanager" ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/stored-cross-site-scripting-schwachstelle-in-typo3-extension-femanager/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list