End-of-Day report
Timeframe: Dienstag 14-12-2021 18:00 - Mittwoch 15-12-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
New ransomware now being deployed in Log4Shell attacks
The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.
https://www.bleepingcomputer.com/news/security/new-ransomware-now-being-deployed-in-log4shell-attacks/
Simple but Undetected PowerShell Backdoor, (Wed, Dec 15th)
For a while, most security people agree on the fact that antivirus products are not enough for effective protection against malicious code. If they can block many threats, some of them remain undetected by classic technologies. Here is another example with a simple but effective PowerShell backdoor that I spotted yesterday.
https://isc.sans.edu/diary/rss/28138
GitHubs Antwort auf die kritische Log4j-Lücke
Zu der kritischen Sicherheitslücke im Log4j-Logging-Framework hat der Code-Hoster Sicherheitshinweise veröffentlicht. Ein Update auf Log4j 2.16 schafft Abhilfe.
https://heise.de/-6294120
Patchday: Kritische Sicherheitslücken in SAP-Geschäftssoftware
15 Sicherheitslücken melden die Walldorfer zum Dezember-Patchday in ihrer Business-Software. Viele schätzt SAP als hohes oder gar kritisches Risiko ein.
https://heise.de/-6294773
Patchday: Adobe schließt kritische Lücken in Experience Manager & Co.
Es gibt wichtige Sicherheitsupdates für verschiedene Anwendungen von Adobe. In einigen Fällen könnten Angreifer Schadcode auf Computern ausführen.
https://heise.de/-6295316
Patchday: Sechs Windows-Lücken öffentlich bekannt, durch eine schlüpft Emotet
Microsoft schließt zahlreiche Sicherheitslücken in beispielsweise Azure, Office und Windows. Darunter sind auch als kritisch eingestufte Lücken.
https://heise.de/-6295264
Neue Probleme - Log4j-Patch genügt nicht
Version 2.15.0 von Log4j sollte die Log4Shell-Sicherheitslücke schließen. Das reichte jedoch nicht. Log4j 2.16.0 behebt nun noch eine weitere Schwachstelle.
https://heise.de/-6295343
Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks
CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization-s operational resiliency against sophisticated threat
https://us-cert.cisa.gov/ncas/current-activity/2021/12/15/immediate-steps-strengthen-critical-infrastructure-against
No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages
NPM modules are a valuable target for threat actors due to their popularity amongst developers. They also have a high prevalence of complex dependencies, where one package installs another as a dependency often without the knowledge of the developer.
https://www.mandiant.com/resources/supply-chain-node-js
Vulnerabilities
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046)
After the log4j maintainers released version 2.15.0 to address the Log4Shell vulnerability, an additional attack vector was identified and reported in CVE-2021-45046.
https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
IBM Security Bulletins
Apache Log4J information, WebSphere Application Server, i2 Analyze, i2 Connect, Analyst-s Notebook Premium, Security Access Manager, Security Verify Access, App Connect, Integration Bus, QRadar SIEM Application Framework, Sterling File Gateway, Cloud Transformation Advisor, MQ Blockchain bridge, WebSphere Cast Iron, Power System, Rational Asset Analyzer, Disconnected Log Collector, SPSS Statistics, Power HMC
https://www.ibm.com/blogs/psirt/
Intel Product Advisory for Apache Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046)
Security vulnerabilities in Apache Log4j2 for some Intel® products may allow escalation of privilege or denial of service.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
Apache log4j vulnerabilities (Log4Shell) - impact on ABB products
ABB is still investigating the potentially affected products and to date ABB has identified the following products which are likely affected by the vulnerabilities in log4j (ABB products not listed are initially evaluated as not impacted).
https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch
Security updates for Wednesday
Security updates have been issued by Fedora (libopenmpt), openSUSE (icu.691, log4j, nim, postgresql10, and xorg-x11-server), Red Hat (idm:DL1), SUSE (gettext-runtime, icu.691, runc, storm, storm-kit, and xorg-x11-server), and Ubuntu (xorg-server, xorg-server-hwe-18.04, xwayland).
https://lwn.net/Articles/878749/
Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20190712-01-mds-en
Security Advisory - Apache log4j2 remote code execution vulnerability in some Huawei products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211215-01-log4j-en
Zoom Video Communications Zoom Client: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-1277
OpenSSL: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K21-1282
Authentication Bypass Vulnerabilities in FPC2 and SMM Firmware
http://support.lenovo.com/product_security/PS500458-AUTHENTICATION-BYPASS-VULNERABILITIES-IN-FPC2-AND-SMM-FIRMWARE
Lenovo Vantage Component Vulnerabilities
http://support.lenovo.com/product_security/PS500461-LENOVO-VANTAGE-COMPONENT-VULNERABILITIES
TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)
http://support.lenovo.com/product_security/PS500459-TLB-POISONING-ATTACKS-ON-AMD-SECURE-ENCRYPTED-VIRTUALIZATION-SEV