End-of-Day report
Timeframe: Donnerstag 10-02-2022 18:00 - Freitag 11-02-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Microsoft starts killing off WMIC in Windows, will thwart attacks
Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel.
https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-killing-off-wmic-in-windows-will-thwart-attacks/
Zyxel Network Storage Devices Hunted By Mirai Variant, (Thu, Feb 10th)
I have been talking a lot about various network storage devices and how you never ever want to expose them to the Internet. The brands that usually come up are Synology and QNAP, which have a significant market share. But they are not alone.
https://isc.sans.edu/diary/rss/28324
CinaRAT Delivered Through HTML ID Attributes, (Fri, Feb 11th)
I found another sample that again drops a malicious ISO file but this time, it is much more obfuscated and the VT score is 0! Yes, not detected by any antivirus solution!
https://isc.sans.edu/diary/rss/28330
Use Zoom on a Mac? You might want to check your microphone settings
Big Brother Zoomer is listening to us, complain users Apple Mac users running the Zoom meetings app are reporting that its keeping their computers microphone on when they arent using it.
https://go.theregister.com/feed/www.theregister.com/2022/02/10/zoom_mac_microphone/
Schwachstelle im Virenschutz Microsoft-Defender stillschweigend abgedichtet
Durch zu laxe Rechtevergabe hätten Angreifer auf die Microsoft-Defender-Ausnahmen zugreifen können. Die Lücke hat das Unternehmen ohne Ankündigung behoben.
https://heise.de/-6444399
Luftnummer: Warnung vor Geisterberührungen auf Touchscreens
Die TU Darmstadt warnt, dass gezielte Angriffe auf Touchscreens möglich seien. Praxistauglich ist der beschriebene "GhostTouch"-Angriff jedoch nicht.
https://heise.de/-6445488
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.
https://us-cert.cisa.gov/ncas/current-activity/2022/02/10/cisa-adds-15-known-exploited-vulnerabilities-catalog
Malicious Chrome Browser Extension Exposed: ChromeBack Leverages Silent Extension Loading
GoSecure Titan Labs received a malicious Chrome extension sample that we are calling ChromeBack from GoSecures Titan Managed Detection and Response (MDR) team.
https://www.gosecure.net/blog/2022/02/10/malicious-chrome-browser-extension-exposed-chromeback-leverages-silent-extension-loading/
Vulnerabilities
Microsoft: SMB-Lücke in Windows wird aktiv ausgenutzt
Eine fast zwei Jahre alte kritische Lücke in Windows wird derzeit aktiv ausgenutzt. Exploits gibt es auch für eine sieben Jahre alte Windows-Lücke.
https://www.golem.de/news/microsoft-smb-luecke-in-windows-wird-aktiv-ausgenutzt-2202-163114-rss.html
Notfall-Patch für iPhones, iPads und Macs: iOS 15.3.1 und macOS 12.2.1 verfügbar
Apple schließt eine Lücke, die offenbar aktiv für Angriffe ausgenutzt wird. Außerdem beseitigt der Hersteller Bugs, darunter Bluetooth-Probleme bei Intel-Macs.
https://heise.de/-6440372
Security updates for Friday
Security updates have been issued by Debian (cryptsetup), Fedora (firefox, java-1.8.0-openjdk, microcode_ctl, python-django, rlwrap, and vim), openSUSE (kernel), and SUSE (kernel and ldb, samba).
https://lwn.net/Articles/884516/
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-cics-tx-on-cloud-5/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Feb 2022 V1)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-feb-2022-v1-2/
Security Bulletin: Xpat vulnerability affect IBM Cloud Object Storage Systems (Feb 2022 V1-a)
https://www.ibm.com/blogs/psirt/security-bulletin-xpat-vulnerability-affect-ibm-cloud-object-storage-systems-feb-2022-v1-a/
Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-24750)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2020-24750/
Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.
https://www.ibm.com/blogs/psirt/security-bulletin-edb-postgres-advanced-server-with-ibm-and-ibm-data-management-platform-for-edb-postgres-standard-or-enterprise-for-ibm-cloud-pak-for-data-are-vulnerable-to-sql-injection-from-quo/
Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-build-forge-is-affected-by-apache-http-server-version-used-in-it-cve-2021-44790/
QNAP NAS: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K22-0178