Tageszusammenfassung - 14.02.2022

End-of-Day report

Timeframe: Freitag 11-02-2022 18:00 - Montag 14-02-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Google Project Zero: Vendors are now quicker at fixing zero-days

Googles Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.

https://www.bleepingcomputer.com/news/security/google-project-zero-vendors-are-now-quicker-at-fixing-zero-days/


Microsoft is making it harder to steal Windows passwords from memory

Microsoft is enabling an Attack Surface Reduction security feature rule by default to block hackers attempts to steal Windows credentials from the LSASS process.

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-making-it-harder-to-steal-windows-passwords-from-memory/


Allcome clipbanker is a newcomer in underground forums

The malware underground market might seem astoundingly professional in marketing and support. Lets take a look under the covers of one particular malware-as-a-service-the clipboard banker Allcome.

https://www.gdatasoftware.com/blog/2022/02/37239-allcome-clipbanker-is-a-newcomer-in-malware-underground-forums


DHL Spear Phishing to Capture Username/Password, (Sun, Feb 13th)

This week I got this run-of-the-mill DHL phishing in my ISC inbox.

https://isc.sans.edu/diary/rss/28332


Reminder: Decoding TLS Client Hellos to non TLS servers, (Mon, Feb 14th)

If you still run a non-TLS web server, you may occasionally find requests like the following in your weblogs.

https://isc.sans.edu/diary/rss/28338


Vulnerabilities that aren-t. Unquoted Spaces

I-ve covered a couple of web vulnerabilities that (mostly) aren-t, and now it-s time for a Windows specific one.

https://www.pentestpartners.com/security-blog/vulnerabilities-that-arent-unquoted-spaces/


E-Mail vom Bundeskriminalamt mit Betreff -BUNDESKRIMINALAMT VORLADUNG- ist Fake

-Hallo, wir teilen Ihnen mit, dass Sie eine Straftat begangen haben- lautet der Text in einem E-Mail - angeblich vom Bundeskriminalamt. In einem angehängten PDF-Dokument teilen Ihnen das Bundeskriminalamt, die Polizei sowie Europol mit, dass gegen Sie ein Verfahren wegen einer sexuellen Straftat eingeleitet wurde. Achtung: Dieses E-Mail ist Fake.

https://www.watchlist-internet.at/news/e-mail-vom-bundeskriminalamt-mit-betreff-bundeskriminalamt-vorladung-ist-fake/


CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below.

https://us-cert.cisa.gov/ncas/current-activity/2022/02/11/cisa-adds-one-known-exploited-vulnerability-catalog

Vulnerabilities

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.

https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/


Jetzt aktualisieren! Angriffe auf Shop-Systeme Adobe Commerce und Magento

Adobe meldet Angriffe auf die Shop-Systeme Commerce und Magento. Updates stehen bereit, die die ausgenutzte kritische Sicherheitslücke schließen sollen.

https://heise.de/-6455225


ZDI-22-318: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-318/


Security Bulletin: IBM Cognos Analytics Mobile is affected by security vulnerabilties

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-mobile-is-affected-by-security-vulnerabilties/


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-8/


Security Bulletin: IBM Sterling Connect:Direct for UNIX may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/


Security Bulletin: IBM Data Management Platform for EDB Postgres (Standard and Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-standard-and-enterprise-for-ibm-cloud-pak-for-data-are-vulnerable-to-sql-injection-from-man-in-the-middle-attack/


Security Bulletin: DS8000 Hardware Management Console is vulnerable to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

https://www.ibm.com/blogs/psirt/security-bulletin-ds8000-hardware-management-console-is-vulnerable-to-apache-log4j-cve-2021-45105-and-cve-2021-45046-2/


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-7/


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-6/


Security Bulletin: Operations Dashboard is vulnerable to arbitrary code execution in Log4j CVE-2021-44832

https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-arbitrary-code-execution-in-log4j-cve-2021-44832/


Security Bulletin: DS8000 Hardware Management Console uses Apache Log4j which is subject to a vulnerability alert CVE-2021-44228.

https://www.ibm.com/blogs/psirt/security-bulletin-ds8000-hardware-management-console-uses-apache-log4j-which-is-subject-to-a-vulnerability-alert-cve-2021-44228-2/


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-5/


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-4/