End-of-Day report
Timeframe: Mittwoch 02-02-2022 18:00 - Donnerstag 03-02-2022 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Spam-Anrufe von Wiener Nummer: -This is the police-
Bei solchen Anrufen gilt es generell, sofort aufzulegen. Ist man sich unsicher, ob der Anruf echt war (im Falle eines englischsprachigen Tonbands ist er das jedenfalls nicht), kann man eigenständig die Polizei (133) anrufen. Die Polizei warnt, dass man nie eine "Polizei"-Telefonnummern zurückrufen soll, wenn das in solchen Anrufen gefordert wird.
Hat man bereits mit der Person gesprochen und Daten herausgegeben, soll man umgehend Anzeige bei der Polizei erstatten.
https://futurezone.at/digital-life/spam-anrufe-wiener-nummer-federal-police-polizei-betrug-fake/401893871
WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details
Today-s investigation starts out much like many others, with our client reporting an antivirus warning appearing only on their checkout page, of course at the worst possible time right around the end of December. What first seemed to be a routine case of credit card theft turned out to be a much more interesting infection that leveraged both font, favicon and other less-commonly used files to pilfer credit card details.
https://blog.sucuri.net/2022/02/woocommerce-skimmer-uses-fake-fonts-and-favicon-to-steal-cc-details.html
A comprehensive guide on [NTLM] relaying anno 2022
For years now, Internal Penetration Testing teams have been successful in obtaining a foothold or even compromising entire domains through a technique called NTLM relaying. [..] This blog post aims to be a comprehensive resource that will walk through the attack primitives that continue to work today. While most will be well known techniques, some techniques involving Active Directory Certificate Services might be lesser known.
https://www.trustedsec.com/blog/a-comprehensive-guide-on-relaying-anno-2022/
Tattoo-Giveaways auf Instagram führen in eine Abo-Falle
Kriminelle versenden Nachrichten von Fake-Accounts und behaupten, dass Instagram-User bei einem Gewinnspiel gewonnen hätten. Doch der angebliche Gewinn führt nicht zu einem neuen Tattoo, sondern in eine gut getarnte Abo-Falle.
https://www.watchlist-internet.at/news/tattoo-giveaways-auf-instagram-fuehren-in-eine-abo-falle/
Vulnerabilities
Multiple Vulnerabilities in Sante DICOM Viewer Pro
* J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
* DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
* DCM File ParsingOut-Of-Bounds Read Information Disclosure Vulnerability
* DCM File Parsing Use-After-Free Information Disclosure Vulnerability
* JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability
* JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability
* J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/
Security updates for Thursday
Security updates have been issued by Debian (librecad), Fedora (flatpak, flatpak-builder, and glibc), Mageia (chromium-browser-stable, connman, libtiff, and rust), openSUSE (lighttpd), Oracle (cryptsetup, nodejs:14, and rpm), Red Hat (varnish:6), SUSE (kernel and unbound), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-aws-5.13, linux-gcp, linux-gcp-5.11, linux-hwe-5.13, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-gke, linux-gke-5.4, mysql-5.7, mysql-8.0, python-django, samba).
https://lwn.net/Articles/883676/
Sensormatic PowerManage
This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.
https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01
Airspan Networks Mimosa
This advisory contains mitigations for Improper Authorization, Incorrect Authorization, Server-side Request Forgery, SQL Injection, Deserialization of Untrusted Data, OS Command Injection, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Airspan Networks Mimosa network management software.
https://us-cert.cisa.gov/ics/advisories/icsa-22-034-02
Zwei Schwachstellen in AudioCodes Session Border Controller (SYSS-2021-068/-075)
In AudioCodes Session Border Controller (SBC) kann Telefonbetrug begangen werden. Auch wurde eine Rechteeskalation in der Web Management-Konsole gefunden.
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053-1
InsydeH2O UEFI System Management Mode (SMM) Vulnerabilities
Mitigation Strategy for Customers (what you should do to protect yourself): Update system firmware to the version (or newer) indicated for your model in the Product Impact section.
http://support.lenovo.com/product_security/PS500463-INSYDEH2O-UEFI-SYSTEM-MANAGEMENT-MODE-SMM-VULNERABILITIES
Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP
Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-3/
Security Bulletin: IBM Security Guardium Insights is affected by JWT-Go vulnerability (CVE-2020-26160)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-jwt-go-vulnerability-cve-2020-26160/
Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-standard-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
Security Bulletin: This Power System update is being released to address CVE 2021-38960
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-38960/
Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-enterprise-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
K67416037: Linux kernel vulnerability CVE-2021-23133
https://support.f5.com/csp/article/K67416037?utm_source=f5support&utm_medium=RSS
Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities
https://cert.vde.com/de/advisories/VDE-2021-042/