End-of-Day report
Timeframe: Montag 13-12-2021 18:00 - Dienstag 14-12-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
News zu Log4j
Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/
Log4J-Lücke: BSI gibt vorschnell Entwarnung für Verbraucher
https://www.golem.de/news/log4j-luecke-bsi-gibt-vorschnell-entwarnung-fuer-verbraucher-2112-161797-rss.html
Log4Shell Is Spawning Even Nastier Mutations
https://threatpost.com/apache-log4j-log4shell-mutations/176962/
Log4j: Getting ready for the long haul (CVE-2021-44228), (Tue, Dec 14th)
https://isc.sans.edu/diary/rss/28130
Log4j 2.16.0 verbessert Schutz vor Log4Shell-Lücke
https://heise.de/-6294053
Kommentar zu Log4j: Es funktioniert wie spezifiziert
https://heise.de/-6294476
GitHubs Antwort auf die kritische Log4j-Lücke
https://heise.de/-6294120
Security company offers Log4j vaccine for systems that cant be updated immediately
https://www.zdnet.com/article/security-company-offers-log4j-vaccine-for-systems-that-cant-be-updated-immediately/
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
https://us-cert.cisa.gov/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228
The numbers behind a cyber pandemic - detailed dive
https://blog.checkpoint.com/2021/12/13/the-numbers-behind-a-cyber-pandemic-detailed-dive/
Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation
https://www.intezer.com/blog/cloud-security/log4shell-mitigation/
Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/
Anubis Android malware returns to target 394 financial apps
The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign.
https://www.bleepingcomputer.com/news/security/anubis-android-malware-returns-to-target-394-financial-apps/
Malware und Security: Microsoft bietet Analyse potenziell gefährlicher Treiber an
Mit Hilfe eines Formulars können Kunden Treiber zu Microsoft schicken. Die werden erst automatisiert und bei Bedarf von Menschen geprüft.
https://www.golem.de/news/malware-und-security-microsoft-bietet-analyse-potenziell-gefaehrlicher-treiber-an-2112-161780-rss.html
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA.
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
How Malware Gets On Your Website
Almost since the Internet-s inception malware infections have kept pace to be the biggest nuisance a site owner experiences. With an ever growing amount of sites making up the World Wide Web, malware infections only become more common. In this article we-ll discuss what malware is, the various types we-ve come across, the methods used to inject malware into a site, and how you can harden/protect your site from these methods.
https://blog.sucuri.net/2021/12/how-malware-gets-on-your-website.html
Gefährliche Lücken in Server-Backupsoftware IBM Spectrum Protect geschlossen
Angreifer könnten Systeme mit IBM Spectrum Protect angreifen und im schlimmsten Fall Schadcode ausführen. Sicherheitsupdates sind verfügbar.
https://heise.de/-6294287
Patchday: Kritische Sicherheitslücken in SAP-Geschäftssoftware
15 Sicherheitslücken melden die Walldorfer zum Dezember-Patchday in ihrer Business-Software. Viel schätzt SAP als hohes oder gar kritisches Risiko ein.
https://heise.de/-6294773
Vorsicht, wenn Ihre Internetbekanntschaft um Geld bittet
Sie haben auf einer Dating-Plattform einen Mann kennengelernt? Er ist zuvorkommend, gutaussehend und noch dazu gebildet? Es gibt nur einen Haken: Er befindet sich gerade im Ausland. Mit Ihrer finanziellen Unterstützung steht einem baldigen Treffen aber nichts im Weg. Achtung: Sie sind an einen Love-Scammer geraten!
https://www.watchlist-internet.at/news/vorsicht-wenn-ihre-internetbekanntschaft-um-geld-bittet/
Apple releases Android app to find rogue AirTags
Apple has released an Android app on Monday to help Android users detect malicious nearby AirTag devices that might be used to track them.
https://therecord.media/apple-releases-android-app-to-find-malicious-airtags/
Vulnerabilities
Advisories zur Log4j-Schwachstelle
SSA-661247: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products
https://cert-portal.siemens.com/productcert/txt/ssa-661247.txt
JSA11259
https://kb.juniper.net/InfoCenter/index/content&id=JSA11259
Vulnerability in Apache Log4j Library
https://www.qnap.com/en-us/security-advisory/QSA-21-58
Apache Log4j Vulnerability
https://support.lenovo.com/product_security/PS500457-APACHE-LOG4J-VULNERABILITY
Security Notice - Statement About Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)
https://www.huawei.com/en/psirt/security-notices/2021/huawei-sn-20211210-01-log4j2-en
https://www.huawei.com/en/psirt/security-notices/2021/huawei-sn-20211210-01-log4j2-en
Dell driver fix still allows Windows Kernel-level attacks
Dells driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution.
https://www.bleepingcomputer.com/news/security/dell-driver-fix-still-allows-windows-kernel-level-attacks/
IBM Security Bulletins
Info about Log4Shell in IBM Products, Novalink, WebSphere Application Server, WebSphere MQ for HP NonStop Server, MQ for HP NonStop Server, Tivoli Netcool, Netezza Analytics, Netezza Host Management
https://www.ibm.com/blogs/psirt/
Schwere Sicherheitslücken in iOS und macOS: Apple-Updates bald einspielen
iOS 15.2 und macOS 12.1 beseitigen Schwachstellen, die unter anderem den Remote-Jailbreak erlaubten. Für ältere Systemversionen fehlen Patches teilweise.
https://heise.de/-6294390
Security updates for Tuesday
Security updates have been issued by Debian (libsamplerate and raptor2), Fedora (pam-u2f and python-markdown2), openSUSE (chromium, fetchmail, ImageMagick, and postgresql10), Oracle (samba), SUSE (fetchmail, postgresql10, python-pip, python3, and sles12sp2-docker-image), and Ubuntu (apache-log4j2, flatpak, glib, and samba).
https://lwn.net/Articles/878629/
Advantech R-SeeNet
This advisory contains mitigations for SQL Injection, and Improper Privilege Management vulnerabilities in the Advantech R-SeeNet monitoring application.
https://us-cert.cisa.gov/ics/advisories/icsa-21-348-01
Schneider Electric Rack PDU
This advisory contains mitigations for a Cross-site Scripting vulnerability in Schneider Electric Rack Power Distribution Unit (PDU).
https://us-cert.cisa.gov/ics/advisories/icsa-21-348-02
K73710094: XSS vulnerability in undisclosed page of the NGINX Swagger UI
https://support.f5.com/csp/article/K73710094
ZDI-21-1536: Trend Micro Maximum Security Link Following Denial-of-Service Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-21-1536/
ZDI-21-1535: McAfee Database Security Improper Access Control Denial-of-Service Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-21-1535/
Siemens Security Advisories
SSA-496292: Remote Code Execution Vulnerability in POWER METER SICAM Q100
https://cert-portal.siemens.com/productcert/txt/ssa-496292.txt
SSA-463116: Multiple Access Control Vulnerabilities in Siveillance Identity before
https://cert-portal.siemens.com/productcert/txt/ssa-463116.txt
SSA-400332: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim
https://cert-portal.siemens.com/productcert/txt/ssa-400332.txt
SSA-396621: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
https://cert-portal.siemens.com/productcert/txt/ssa-396621.txt
SSA-390195: LibVNC Vulnerabilities in SIMATIC ITC Products
https://cert-portal.siemens.com/productcert/txt/ssa-390195.txt
SSA-352143: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
https://cert-portal.siemens.com/productcert/txt/ssa-352143.txt
SSA-199605: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
https://cert-portal.siemens.com/productcert/txt/ssa-199605.txt
SSA-161331: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
https://cert-portal.siemens.com/productcert/txt/ssa-161331.txt
SSA-160202: Multiple Access Control Vulnerabilities in SiPass Integrated
https://cert-portal.siemens.com/productcert/txt/ssa-160202.txt
SSA-133772: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
https://cert-portal.siemens.com/productcert/txt/ssa-133772.txt
SSA-523250: Improper Certificate Validation Vulnerability in SINUMERIK Edge
https://cert-portal.siemens.com/productcert/txt/ssa-523250.txt
SSA-595101: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5
https://cert-portal.siemens.com/productcert/txt/ssa-595101.txt
SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR
https://cert-portal.siemens.com/productcert/txt/ssa-620288.txt
SSA-802578: Multiple File Parsing Vulnerabilities in JTTK before V11.1.1.0 and JT Utilities before V13.1.1.0
https://cert-portal.siemens.com/productcert/txt/ssa-802578.txt
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications