End-of-Day report
Timeframe: Donnerstag 30-12-2021 18:00 - Montag 03-01-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Dont copy-paste commands from webpages - you can get hacked
Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizers Gabriel Friedlander demonstrates an obvious, simple yet stunning trick that'll make you think twice before copying-pasting text from web pages.
https://www.bleepingcomputer.com/news/security/dont-copy-paste-commands-from-webpages-you-can-get-hacked/
Do you want your Agent Tesla in the 300 MB or 8 kB package?, (Fri, Dec 31st)
Since today is the last day of 2021, I decided to take a closer look at malware that got caught by my malspam trap over the course of the year.
https://isc.sans.edu/diary/rss/28202
McAfee Phishing Campaign with a Nice Fake Scan, (Mon, Jan 3rd)
I spotted this interesting phishing campaign that (ab)uses the McAfee antivirus to make people scared.
https://isc.sans.edu/diary/rss/28208
Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations
Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis.
https://thehackernews.com/2022/01/detecting-evasive-malware-on-iot.html
Nach Ransomware-Angriff: Webseiten mehrerer Medien aus Portugal offline
Eine neue Ransomware-Gruppe hat den portugiesischen Medienkonzern Impresa angegriffen. Mehrere Medien können aktuell nur über Social Media Meldungen verbreiten.
https://heise.de/-6316020
Y2K22-Bug stoppt Exchange-Mailzustellung: Antimalware-Engine stolpert über 2022
Zum Jahreswechsel streiken weltweit zahlreiche Exchange-Server, weil die FIP-FS-Scan-Engine sich an der Jahreszahl verhebt. Immerhin gibt es temporäre Abhilfe.
https://heise.de/-6315605
On the malicious use of large language models like GPT-3
Or, -Can large language models generate exploits?-
https://research.nccgroup.com/2021/12/31/on-the-malicious-use-of-large-language-models-like-gpt-3/
Detecting anomalous Vectored Exception Handlers on Windows
We have documented a method of enumerating which processes are using Vectored Exception Handling on Windows and which if any of the handlers are anomalous.
https://research.nccgroup.com/2022/01/03/detecting-anomalous-vectored-exception-handlers-on-windows/
Shodan Verified Vulns 2022-01-01
Auch dieses Monat sehen wir wieder einen deutlichen Rückgang der verwundbaren Exchange-Server. Neu hinzugekommen ist die Grafana Path Traversal Schwachstelle CVE-2021-43798, welche am 7. Dezember veröffentlicht wurde.
https://cert.at/de/aktuelles/2022/1/shodan-verified-vulns-2022-01-01
Log4j Scanners
There are 19 tools, and each has certain stipulations with it. I would suggest take a look.
https://securitythreatnews.com/2022/01/03/log4j-scanners/
Vulnerabilities
Apple: Sicherheitslücke kann iPhones und iPads unbenutzbar machen
Über eine Sicherheitslücke in Apples Homekit lassen sich iPhones erst nach einem Reset wieder nutzen. Ein Update hat Apple verschoben.
https://www.golem.de/news/apple-sicherheitsluecke-kann-iphones-und-ipads-unbenutzbar-machen-2201-162134-rss.html
Rootkit schlüpft durch Lücke in HPEs Fernwartung iLO
Eine Iranische Security-Firma hat ein Rootkit entdeckt, das sich in Hewlett Packards Fernwartungstechnik "Integrated Lights-Out" (iLO) eingenistet hat.
https://heise.de/-6315714
Jetzt patchen: Netgear-Router Nighthawk R6700v3 könnte Passwörter leaken
Angreifer könnten Nighthawk-Router von Netgear attackieren. Es könnten noch weitere Modelle betroffen sein. Aktuelle Firmware-Versionen sollen Abhilfe schaffen.
https://heise.de/-6316037
Trend Micro Apex One und Worry-Free Business Security gefährden Windows-PCs
Es sind wichtige Sicherheitsupdates für die Schutzlösungen Apex One und Worry-Free Business Security von Trend Micro erschienen.
https://heise.de/-6316263
Security updates for Friday
Security updates have been issued by Debian (agg, aria2, fort-validator, and lxml), Fedora (libgda, pgbouncer, and xorg-x11-server-Xwayland), Mageia (calibre, e2guardian, eclipse, libtpms/swtpm, nodejs, python-lxml, and toxcore), openSUSE (c-toxcore, gegl, getdata, kernel-firmware, log4j, postrsd, and privoxy), and SUSE (gegl).
https://lwn.net/Articles/880100/
Security updates for Monday
Security updates have been issued by Debian (thunderbird), Fedora (kernel, libopenmpt, and xorg-x11-server), Mageia (gegl, libgda5.0, log4j, ntfs-3g, and wireshark), openSUSE (log4j), and Red Hat (grafana).
https://lwn.net/Articles/880232/
Security Bulletin: IBM Insurance Information Warehouse is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-insurance-information-warehouse-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/
Security Bulletin: Vulnerability in Apache Log4j affects IBM Banking and Financial Markets Data Warehouse (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-banking-and-financial-markets-data-warehouse-cve-2021-44228/
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-45105-cve-2021-45046/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-10/
Security Bulletin: IBM Unified Data Model for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-unified-data-model-for-healthcare-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-45105-cve-2021-45046/
Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-model-for-energy-and-utilities-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/
Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-apache-log4j-vulnerability-cve-2021-44228/
Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Global Mailbox (CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-impacts-ibm-sterling-global-mailbox-cve-2021-45046/
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-45105-cve-2021-45046-2/
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-4104-7/
Security Bulletin: IBM i2 Analyze and IBM i2 Analyst's Notebook Premium are affected by Apache Log4j Vulnerabilities (CVE-2021-45105 and CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-and-ibm-i2-analysts-notebook-premium-are-affected-by-apache-log4j-vulnerabilities-cve-2021-45105-and-cve-2021-45046/
Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale for IBM Elastic Storage Server (CVE-2021-45105,CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-impact-ibm-spectrum-scale-for-ibm-elastic-storage-server-cve-2021-45105cve-2021-45046/
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-45105-cve-2021-45046-2/
Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-impact-ibm-spectrum-scale-cve-2021-45105-cve-2021-45046/
Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-impact-ibm-elastic-storage-system-cve-2021-45105-cve-2021-45046/
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 (CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-app-connect-enterprise-v11-v12-cve-2021-45046-2/
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-17571)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-app-connect-enterprise-v11-v12-and-ibm-integration-bus-cve-2021-17571/