End-of-Day report
Timeframe: Dienstag 21-12-2021 18:00 - Mittwoch 22-12-2021 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
CISA releases Apache Log4j scanner to find vulnerable apps
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.
https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/
The Biggest Cyber Security Developments in 2021
As we charge towards another new year, we decided to pulse our threat intelligence team (@teamcymru_s2) for their views on what they perceive to be the biggest developments in cyber security over the past twelve months.
https://team-cymru.com/blog/2021/12/21/the-biggest-cyber-security-developments-in-2021/
Vorsicht vor betrügerischer BAWAG-SMS
Eine SMS-Falle kursiert, die dazu aufruft eine angebliche Sicherheits-App von der BAWAG-Bank zu installieren.
https://futurezone.at/digital-life/betrug-bawag-sms-phishing/401851228
Java Code Repository Riddled with Hidden Log4j Bugs; Here-s Where to Look
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
https://threatpost.com/java-supply-chain-log4j-bug/177211/
December 2021 Forensic Contest: Answers and Analysis, (Wed, Dec 22nd)
Thanks to everyone who participated in our December 2021 forensic challenge! You can still find the pcap for our December 2021 forensic contest here.
https://isc.sans.edu/diary/rss/28160
Vorsicht beim Autokauf: Privatkäufe nicht über easycarpay.net abwickeln
Wer auf der Suche nach günstigen Gebrauchtautos ist, wird oft auf Kleinanzeigenplattformen fündig. Doch seien Sie vorsichtig, wenn Ihr Gegenüber sich plötzlich im Ausland befindet oder andere Ausreden erfindet, wieso eine Besichtigung des Fahrzeugs nicht möglich sei. Spätestens wenn die Verkäuferin oder der Verkäufer vorschlägt, den Kauf über die Webseite easycarpay.net abzuwickeln, sollten Sie den Kontakt abbrechen.
https://www.watchlist-internet.at/news/vorsicht-beim-autokauf-privatkaeufe-nicht-ueber-easycarpaynet-abwickeln/
Ubisoft erneut Opfer eines Cyberangriffs
Der Spielegigant Ubisoft hat einen Cyberangriff auf seine IT-Infrastruktur bestätigt, der auf das beliebte Spiel Just Dance abzielte. Laut Ubisoft gab es einen Einbruch in die IT-Infrastruktur des Unternehmens.
https://www.zdnet.de/88398543/ubisoft-erneut-opfer-eines-cyberangriffs/
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache-s Log4j software library.
https://us-cert.cisa.gov/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities
Vulnerabilities
NVIDIA discloses applications impacted by Log4j vulnerability
NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide.
https://www.bleepingcomputer.com/news/security/nvidia-discloses-applications-impacted-by-log4j-vulnerability/
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass
Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured for authentication.
https://kb.cert.org/vuls/id/692873
Active Directory: Microsoft warnt vor einfacher Domain-Übernahme
Zwei bekannte und bereits behobene Fehler in Active Directory ließen sich leicht ausnutzen, warnt Microsoft und empfiehlt dringend Updates.
https://www.golem.de/news/active-directory-microsoft-warnt-vor-einfacher-domain-uebernahme-2112-161979-rss.html
Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Attackers exploiting bugs in the -link preview- feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user-s IP address and launch a DoS attack.
https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/
IBM Security Bulletins
IBM hat 68 Security Bulletins veröffentlicht.
https://www.ibm.com/blogs/psirt/
WordPress-Plug-in: Kritische Lücke in All In One SEO bedroht Millionen Websites
Angreifer könnten WordPress-Websites mit All in One SEO mit Schadcode attackieren. Eine abgesicherte Version schafft Abhilfe.
https://heise.de/-6304412
Security updates for Wednesday
Security updates have been issued by CentOS (firefox, ipa, log4j, and samba), Debian (sogo, spip, and xorg-server), Fedora (jansi and log4j), Mageia (apache, apache-mod_security, kernel, kernel-linus, and x11-server), openSUSE (log4j and xorg-x11-server), Oracle (kernel, log4j, and openssl), and SUSE (libqt4 and xorg-x11-server).
https://lwn.net/Articles/879492/
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 (UPDATE)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
SSA-479842: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)
https://cert-portal.siemens.com/productcert/txt/ssa-479842.txt