End-of-Day report
Timeframe: Montag 07-02-2022 18:00 - Dienstag 08-02-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
Internetsicherheit: So schützen Sie sich vor Account-Hijacking und Co.
Wir erklären Ihnen, worauf Sie achten sollten, damit Sie sicher im Internet unterwegs sind.
https://heise.de/-6355600
Microsoft Office soll VBA-Makros standardmäßig blockieren
Makros sind ein Einfallstor für Malware. VBA-Makros standardmäßig zu deaktivieren, ist längst überfällig.
https://heise.de/-6353429
Patchday: Lücken in SAP-Produkten ermöglichen Codeschmuggel
Am Februar-Patchday schließt SAP mehrere kritische Sicherheitslücken, durch die Angreifer Schadcode in betroffene Systeme einschleusen hätten können.
https://heise.de/-6356776
Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages
Specifically, in this paper, we study [..] security releases over a dataset of 4,377 security advisories across seven package ecosystems (Composer, Go, Maven, npm, NuGet, pip, and RubyGems). [..] Based on our findings, we make four recommendations for the package maintainers and the ecosystem administrators, such as using private fork for security fixes and standardizing the practice for announcing security releases.
https://arxiv.org/pdf/2112.06804.pdf
-We absolutely do not care about you-: Sugar ransomware targets individuals
They call it Sugar ransomware, but its not sweet in any way.
https://blog.malwarebytes.com/ransomware/2022/02/we-absolutely-do-not-care-about-you-sugar-ransomware-targets-individuals/
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022.
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Vulnerabilities
WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting
An authenticated user is able to inject arbitrary Javascript or HTML code to the "Frontend Settings" interface available in settings page of the plugin (Country Blocker), due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the administrators or the other authenticated users. The plugin versions prior to 2.26.7 are affected by this vulnerability.
https://cxsecurity.com/issue/WLB-2022020031
CVE-2021-38130 Voltage SecureMail 7.3 Mail Relay Information Leakage Vuln.
An information leakage vulnerability with a CVSS of 4.1 was discovered in SecureMail Server for versions prior to 7.3.0.1. The vulnerability can be exploited to send sensitive information to an unauthorized user. A resolution of this vulnerability is available in the Voltage SecureMail version 7.3.0.1 patch release.
https://portal.microfocus.com/s/article/KM000003667?language=en_US
Patchday: Kritische System-Lücke lässt Angreifer auf Android-Geräte zugreifen
Es gibt wichtige Sicherheitsupdates für Android 10, 11, 12 und verschiedene Komponenten des Systems.
https://heise.de/-6355256
Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin [...]
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/
Security updates for Tuesday
Security updates have been issued by CentOS (log4j), Debian (chromium, xterm, and zabbix), Fedora (kate, lua, and podman), Oracle (aide and log4j), and SUSE (xen).
https://lwn.net/Articles/884082/
K33484369: Linux kernel vulnerability CVE-2021-20194
https://support.f5.com/csp/article/K33484369?utm_source=f5support&utm_medium=RSS
K01217337: Linux kernel vulnerability CVE-2021-22543
https://support.f5.com/csp/article/K01217337?utm_source=f5support&utm_medium=RSS
Mitsubishi Electric FA Engineering Software Products (Update D)
https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02
Mitsubishi Electric Factory Automation Engineering Products (Update F)
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04
SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
https://cert-portal.siemens.com/productcert/txt/ssa-914168.txt
SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II
https://cert-portal.siemens.com/productcert/txt/ssa-669737.txt
SSA-654775: Open Redirect Vulnerability in SINEMA Remote Connect Server
https://cert-portal.siemens.com/productcert/txt/ssa-654775.txt
SSA-609880: File Parsing Vulnerabilities in Simcenter Femap before V2022.1
https://cert-portal.siemens.com/productcert/txt/ssa-609880.txt
SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
https://cert-portal.siemens.com/productcert/txt/ssa-539476.txt
SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
https://cert-portal.siemens.com/productcert/txt/ssa-301589.txt
SSA-244969: OpenSSL Vulnerability in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-244969.txt
SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-838121.txt
SSA-831168: Cross-Site Scripting Vulnerability in Spectrum Power 4
https://cert-portal.siemens.com/productcert/txt/ssa-831168.txt
Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-35728)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2020-35728/
Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2021-20190)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2021-20190/
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2021-4104/
Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Global Mailbox (CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-impacts-ibm-sterling-global-mailbox-cve-2021-45046-3/
Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities/
Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-log4shell-vulnerability-affects-ibm-spss-statistics-cve-2021-44228-3/