End-of-Day report
Timeframe: Donnerstag 20-01-2022 18:00 - Freitag 21-01-2022 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
iOS 15.3 & Co: Wichtige Bugfixes für iPhones, Macs und Watches in Vorbereitung
Apples anstehende Betriebssystem-Updates schließen ein schweres Datenschutzleck im Browser Safari und sollen Ladeprobleme bei der Apple Watch ausräumen.
https://heise.de/-6334675
Netzwerkausrüster F5 sichert BIG-IP & Co. gegen mögliche Attacken ab
Über Schwachstellen in verschiedenen BIG-IP Appliances könnte Schadcode auf Systeme gelangen.
https://heise.de/-6334437
Vorsicht: Gefälschte Europol-Vorladungen im Umlauf!
Kriminelle geben sich derzeit als Europol aus und versenden eine -Einberufung-, die für viele EmpfängerInnen sehr bedrohlich wirkt: So behaupten die Kriminellen, dass mehrere Gerichtsverfahren gegen die Betroffenen laufen würden. Konkret ginge es um Kinderpornografie, Pädophile und Ähnliches. Auch wenn die Mail sehr beängstigend klingt, besteht kein Grund zur Sorge!
https://www.watchlist-internet.at/news/vorsicht-gefaelschte-europol-vorladungen-im-umlauf/
SonicWall Gen7 Firewall Inaccessible/ Reboot Loop (20. Jan. 2022)
Aktuell sieht es so aus, als ob die SonicWall Gen7 Firewalls seit dem 20. Januar 2022 ein Problem verursachen. Es gibt Berichte, dass kein Zugriff mehr möglich ist oder die Gen7 Firewall in eine Neustart-Schleife fallen. Von SonicWall gibt es dazu bereits einen Supportbeitrag mit einem Workaround.
https://www.borncity.com/blog/2022/01/21/sonicwall-gen7-firewall-inaccessible-reboot-loop-20-jan-2022/
Over 90 WordPress themes, plugins backdoored in supply chain attack
A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.
https://www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/
Doctor Web-s overview of virus activity on mobile devices in 2021
In 2021, making illegal profit remained one of the top cybercriminals- priorities. That-s why adware trojans, malware that downloaded and installed other software, and trojans capable of downloading and executing arbitrary code, were among the most common threats on Android. Banking trojans also posed a significant threat whilst their activity increased. Moreover, users often encountered various adware apps.
https://news.drweb.com/show/?i=14395&lng=en&c=9
Doctor Web-s annual virus activity review for 2021
Among the most popular threats in 2021 were numerous malware. Among them were trojan droppers destined to distribute malicious malware, and trojan downloader modifications-they download and run executable files with various payloads on the victims computer. Besides that, cybercriminals were actively distributing backdoors. Among the email threats, the most popular were stealers and various backdoor modifications written in VB.NET.
https://news.drweb.com/show/?i=14393&lng=en&c=9
Spyware Blitzes Compromise, Cannibalize ICS Networks
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
https://threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/
AccessPress Themes Hit With Targeted Supply Chain Attack
Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The compromise appears to have taken place in September of last year and was only recently made public. Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites.
https://blog.sucuri.net/2022/01/accesspress-themes-hit-with-targeted-supply-chain-attack.html
A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations
Microsoft reported evidence of destructive malware targeting organizations in Ukraine starting from January 13 [1]. The LIFARS threat intelligence team have analyzed the malicious samples and provided a detailed analysis of the execution flow. The main objective of this technical brief is to reveal the sophisticated TTPs demonstrated by threat actors.
https://lifars.com/2022/01/a-detailed-analysis-of-whispergate-targeting-ukrainian-organizations/
Vulnerabilities
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
https://kb.cert.org/vuls/id/287178
Plugin "Email Template Designer" reißt Sicherheitslücke in WordPress
Durch eine Schwachstelle im WordPress-Plugin "WordPress Email Template Designer - WP HTML Mail" könnten Angreifer dem Administrator Schadcode unterschieben.
https://heise.de/-6334308
Security updates for Friday
Security updates have been issued by Debian (aide, flatpak, kernel, libspf2, and usbview), Fedora (kernel, libreswan, nodejs, texlive-base, and wireshark), openSUSE (aide, cryptsetup, grafana, permissions, rust1.56, and stb), SUSE (aide, apache2, cryptsetup, grafana, permissions, rust1.56, and webkit2gtk3), and Ubuntu (aide, thunderbird, and usbview).
https://lwn.net/Articles/882119/
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
https://webkitgtk.org/security/WSA-2022-0001.html
Lexmark Laser Printers: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K22-0087
Security Bulletin: Vulnerability in Apache Log4j affects IBM Operational Decision Manager (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-operational-decision-manager-cve-2021-44228-2/
Security Bulletin: IBM Security Guardium is vulnerable to a denial of service vulnerability in Apache log4j2 component (CVE-2021-45105 & CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-vulnerable-to-a-denial-of-service-vulnerability-in-apache-log4j2-component-cve-2021-45105-cve-2021-45046-2/
Security Bulletin: Vulnerability in Java Batch affects WebSphere Application Server Liberty (CVE-2021-20492)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-java-batch-affects-websphere-application-server-liberty-cve-2021-20492/
Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-predictive-insights-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-has-addressed-multiple-vulnerabilities/
Security Bulletin: IBM MaaS360 Cloud Extender and Modules have various vulnerabilities (CVE-2021-22924, CVE-2021-3712)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-cloud-extender-and-modules-have-various-vulnerabilities-cve-2021-22924-cve-2021-3712/