[CERT-daily] Tageszusammenfassung - 03.03.2022
Daily end-of-shift report
team at cert.at
Thu Mar 3 18:06:20 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 02-03-2022 18:00 − Donnerstag 03-03-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Free decryptor released for HermeticRansom victims in Ukraine ∗∗∗
---------------------------------------------
Avast Threat Labs has released a decryptor for the HermeticRansom ransomware strain used predominately in targeted attacks against Ukrainian systems in the past ten days.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-hermeticransom-victims-in-ukraine/
∗∗∗ Researchers Devise Attack for Stealing Data During Homomorphic Encryption ∗∗∗
---------------------------------------------
A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.
---------------------------------------------
https://www.darkreading.com/application-security/researchers-devise-attack-for-stealing-data-during-homomorphic-encryption
∗∗∗ Threat landscape for industrial automation systems, H2 2021 ∗∗∗
---------------------------------------------
By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2.
---------------------------------------------
https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2021/106001/
∗∗∗ The Truth About USB Device Serial Numbers – (and the lies your tools tell) ∗∗∗
---------------------------------------------
Evidence surrounding the use of USB devices is an often sought-after forensic treasure trove, due to its verbosity in the operating system, as well as the Windows Registry. The difficulty comes in attempting to make sense of all this data. When the many, disparate breadcrumbs of usage are pulled together in a coherent assemblage of user activity, the results can be shocking in their clarity.
---------------------------------------------
https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers?msc=rss
∗∗∗ Vorsicht vor diesen betrügerischen Handwerksdiensten! ∗∗∗
---------------------------------------------
Ihnen ist die Tür zugefallen, der Schlüssel abgebrochen, oder ein Abflussrohr ist verstopft? Solche Notsituationen werden zunehmend von Kriminellen ausgenutzt: Sie bieten schnelle und einfache Hilfe an, doch Vorsicht! Diese unseriösen Anbieter verlangen Wucherpreise in bar und beheben oft nicht einmal das Problem!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-diesen-betruegerischen-handwerksdiensten/
∗∗∗ Update: Ukraine-Krise - Aktuelle Informationen ∗∗∗
---------------------------------------------
Version 1.3 03.03.2022 15:45
* Weitere Empfehlungen, "Weitere Lektüre" Sektion
* Aufgrund der Ukraine-Krise herrscht momentan eine sehr hohe allgemeine Gefährdungslage im Cyberraum. Eine spezifische Gefährdung für Österreich ist aktuell noch nicht auszumachen.
---------------------------------------------
https://cert.at/de/aktuelles/2022/3/ukraine-krise-aktuelle-informationen
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (cyrus-sasl), Fedora (kicad), Mageia (php), openSUSE (envoy-proxy, ldns, libdxfrw, librecad, php7, and shapelib), Red Hat (cyrus-sasl), SUSE (firefox, gnutls, ldns, and php7), and Ubuntu (haproxy and php7.2, php7.4).
---------------------------------------------
https://lwn.net/Articles/886683/
∗∗∗ Zoho ManageEngine Desktop Central: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Zoho ManageEngine Desktop Central ausnutzen, um Informationen offenzulegen.
CVE Liste: CVE-2022-23779
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0253
∗∗∗ Autodesk AutoCAD: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um beliebigen Programmcode auszuführen.
CVE Liste: CVE-2022-25789, CVE-2022-25790, CVE-2022-25791, CVE-2022-25792, CVE-2022-25795
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0252
∗∗∗ Security Bulletin: IBM i is vulnerable to bypass security restrictions due to Samba SMB1 (CVE-2021-43566 and CVE-2021-44141) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i-is-vulnerable-to-bypass-security-restrictions-due-to-samba-smb1-cve-2021-43566-and-cve-2021-44141/
∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-robotic-process-automation/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities-3/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities-2/
∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-apache-log4j-vulnerability-cve-2021-44832/
∗∗∗ Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i-components-are-affected-by-cve-2021-4104-log4j-version-1-x-2/
∗∗∗ Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-affected-by-vulnerabilities-in-node-js/
∗∗∗ Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-build-forge-is-affected-by-apache-http-server-version-used-in-it-cve-2021-44790-2/
∗∗∗ K73200428: Linux kernel vulnerability CVE-2022-0185 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73200428?utm_source=f5support&utm_medium=RSS
∗∗∗ BD Pyxis ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-062-01
∗∗∗ BD Viper LT ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-062-02
∗∗∗ IPCOMM ipDIO ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-062-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list