End-of-Day report
Timeframe: Mittwoch 02-03-2022 18:00 - Donnerstag 03-03-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Free decryptor released for HermeticRansom victims in Ukraine
Avast Threat Labs has released a decryptor for the HermeticRansom ransomware strain used predominately in targeted attacks against Ukrainian systems in the past ten days.
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-hermeticransom-victims-in-ukraine/
Researchers Devise Attack for Stealing Data During Homomorphic Encryption
A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.
https://www.darkreading.com/application-security/researchers-devise-attack-for-stealing-data-during-homomorphic-encryption
Threat landscape for industrial automation systems, H2 2021
By 2021 everyone got used to pandemic limitations - industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2.
https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2021/106001/
The Truth About USB Device Serial Numbers - (and the lies your tools tell)
Evidence surrounding the use of USB devices is an often sought-after forensic treasure trove, due to its verbosity in the operating system, as well as the Windows Registry. The difficulty comes in attempting to make sense of all this data. When the many, disparate breadcrumbs of usage are pulled together in a coherent assemblage of user activity, the results can be shocking in their clarity.
https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers?msc=rss
Vorsicht vor diesen betrügerischen Handwerksdiensten!
Ihnen ist die Tür zugefallen, der Schlüssel abgebrochen, oder ein Abflussrohr ist verstopft? Solche Notsituationen werden zunehmend von Kriminellen ausgenutzt: Sie bieten schnelle und einfache Hilfe an, doch Vorsicht! Diese unseriösen Anbieter verlangen Wucherpreise in bar und beheben oft nicht einmal das Problem!
https://www.watchlist-internet.at/news/vorsicht-vor-diesen-betruegerischen-handwerksdiensten/
Update: Ukraine-Krise - Aktuelle Informationen
Version 1.3 03.03.2022 15:45
* Weitere Empfehlungen, "Weitere Lektüre" Sektion
* Aufgrund der Ukraine-Krise herrscht momentan eine sehr hohe allgemeine Gefährdungslage im Cyberraum. Eine spezifische Gefährdung für Österreich ist aktuell noch nicht auszumachen.
https://cert.at/de/aktuelles/2022/3/ukraine-krise-aktuelle-informationen
Vulnerabilities
Security updates for Thursday
Security updates have been issued by CentOS (cyrus-sasl), Fedora (kicad), Mageia (php), openSUSE (envoy-proxy, ldns, libdxfrw, librecad, php7, and shapelib), Red Hat (cyrus-sasl), SUSE (firefox, gnutls, ldns, and php7), and Ubuntu (haproxy and php7.2, php7.4).
https://lwn.net/Articles/886683/
Zoho ManageEngine Desktop Central: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Zoho ManageEngine Desktop Central ausnutzen, um Informationen offenzulegen.
CVE Liste: CVE-2022-23779
http://www.cert-bund.de/advisoryshort/CB-K22-0253
Autodesk AutoCAD: Mehrere Schwachstellen ermöglichen Codeausführung
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um beliebigen Programmcode auszuführen.
CVE Liste: CVE-2022-25789, CVE-2022-25790, CVE-2022-25791, CVE-2022-25792, CVE-2022-25795
http://www.cert-bund.de/advisoryshort/CB-K22-0252
Security Bulletin: IBM i is vulnerable to bypass security restrictions due to Samba SMB1 (CVE-2021-43566 and CVE-2021-44141)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i-is-vulnerable-to-bypass-security-restrictions-due-to-samba-smb1-cve-2021-43566-and-cve-2021-44141/
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-robotic-process-automation/
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities-3/
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities-2/
Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-44832)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-apache-log4j-vulnerability-cve-2021-44832/
Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i-components-are-affected-by-cve-2021-4104-log4j-version-1-x-2/
Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-affected-by-vulnerabilities-in-node-js/
Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-build-forge-is-affected-by-apache-http-server-version-used-in-it-cve-2021-44790-2/
K73200428: Linux kernel vulnerability CVE-2022-0185
https://support.f5.com/csp/article/K73200428?utm_source=f5support&utm_medium=RSS
BD Pyxis
https://us-cert.cisa.gov/ics/advisories/icsma-22-062-01
BD Viper LT
https://us-cert.cisa.gov/ics/advisories/icsma-22-062-02
IPCOMM ipDIO
https://us-cert.cisa.gov/ics/advisories/icsa-22-062-01