SysAdmin 24x7

Robo de token JWT en VMWare Workspace ONE Access https://unaaldia.hispasec.com/2022/01/robo-de-token-jwt-en-vmware-workspace-one-access.html

SonicWall shares temp fix for firewalls stuck in reboot loop. Following a stream of customer reports that started yesterday evening, security hardware manufacturer SonicWall has provided a temporary workaround for reviving next-gen firewalls running SonicOS 7.0 stuck in a reboot loop. https://www.bleepingcomputer.com/news/technology/sonicwall-shares-temp-fix-for-firewalls-stuck-in-reboot-loop/

MoonBounce: the dark side of UEFI firmware. At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain. https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware. https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html

BitLocker encryption: Clear text key storage prompts security debate online. Many are questioning why keys are saved in the clear ahead of sign-in Microsoft’s design choices when it comes to the management of BitLocker encryption keys have been questioned online. This month, a Twitter and StackOverflow debate has been taking place over how BitLocker encryption keys are stored before users sign in with a Microsoft account. In a Twitter thread started by user @atomicthumbs, the question was why, when an installation of Microsoft Windows 11 with a local account takes place, the drive will still be encrypted with BitLocker – “but it keeps the key on the drive... in clear text... until you sign in with a Microsoft account”. https://portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online

McAfee Releases Security Update for McAfee Agent for Windows McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system. https://www.cisa.gov/uscert/ncas/current-activity/2022/01/21/mcafee-releases-security-update-mcafee-agent-windows

F5 Releases January 2022 Quarterly Security Notification https://www.cisa.gov/uscert/ncas/current-activity/2022/01/20/f5-releases-january-2022-quarterly-security-notification

Múltiples vulnerabilidades en el core de Drupal Fecha de publicación: 20/01/2022 Importancia: 3 - Media Recursos afectados: Drupal, versión 9.3, 9.2 y 7. Las versiones de Drupal 8 y de Drupal 9, anteriores a la 9.2.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad. Descripción: Se han publicado cinco vulnerabilidades de severidad media que podrían afectar al core de Drupal. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-2

Omisión de autentificación en ManageEngine Desktop Central Fecha de publicación: 20/01/2022 Importancia: 5 - Crítica Recursos afectados: Desktop Central, Desktop Central MSP. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autentificacion-manageengine-desktop-central

Múltiples vulnerabilidades en Cisco Redundancy Configuration Manager Fecha de publicación: 20/01/2022 Importancia: 5 - Crítica Recursos afectados: Cisco RCM para Cisco StarOS Software. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cisco-redundancy-configuration-manager

Vulnerabilidad crítica en plugins WordPress https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-plugins-wordpress.html

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

VMSA-2021-0028.9 CVSSv3 Range:9.0-10.0 Issue Date:2021-12-10 Updated On:2022-01-19 CVE(s): CVE-2021-44228, CVE-2021-45046 Synopsis: VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046) https://www.vmware.com/security/advisories/VMSA-2021-0028.html

EU wants to build its own DNS infrastructure with built-in filtering capabilities https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-built-in-filtering-capabilities/

Emotet often uses information from emails and address books stolen from infected Windows hosts. Malicious spam (malspam) from Emotet spoofs legitimate senders to trick potential victims into running malicious files. Additionally, Emotet uses IP address 0.0.0.0 in spambot traffic, possibly attempting to hide the actual IP address of an Emotet-infected host. https://isc.sans.edu/diary/0.0.0.0+in+Emotet+Spambot+Traffic/28254

Oracle Releases January 2022 Critical Patch Update https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/oracle-releases-january-2022-critical-patch-update

VMSA-2022-0002 CVSSv3 Range: 4.0 Issue Date: 2022-01-18 Updated On: 2022-01-18 (Initial Advisory) CVE(s): CVE-2022-22938 Synopsis: VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938) Impacted Products VMware Workstation Pro / Player (Workstation) VMware Horizon Client for Windows https://www.vmware.com/security/advisories/VMSA-2022-0002.html

Windows Update An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing. https://twitter.com/WindowsUpdate/status/1483212333560172545?t=qdgWjT1hdxGZ332GaZQ7fw&s=19

Vulnerabilidad crítica en Cisco Unified CCMP y CCDM https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-cisco-unified-ccmp-y-ccdm.html

Security problem of zabbix-agent2 CVE-2022-22704 CVSS Score : 10.0 The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. Publish Date : 2022-01-06 Last Update Date : 2022-01-13 https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368