SysAdmin 24x7

Experts found backdoors in a popular Auerswald VoIP appliance. Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. https://securityaffairs.co/wordpress/126069/hacking/auerswald-voip-backdoors.html

LastPass users warned their master passwords are compromised [...] LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum told BleepingComputer that "LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services." [...] https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/

Log4j 2.17.1 out now, fixes new remote code execution bug Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/

Apache addressed a couple of severe vulnerabilities in Apache HTTP Server The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. https://securityaffairs.co/wordpress/126077/security/apache-http-server-flaws.html

Apple fixes macOS security flaw behind Gatekeeper bypass. https://www.bleepingcomputer.com/news/apple/apple-fixes-macos-security-flaw-behind-gatekeeper-bypass/

CrowdStrike Launches Free Targeted Log4j Search Tool. https://www.crowdstrike.com/blog/free-targeted-log4j-search-tool/ https://github.com/CrowdStrike/CAST

NVIDIA informs customers of its products affected by Log4j flaws. NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. https://securityaffairs.co/wordpress/125952/security/nvidia-log4shell-impacted-products.html

VMSA-2021-0028.7 CVSSv3 Range: 9.0-10.0 Issue Date: 2021-12-10 Updated On: 2021-12-22 CVE(s):CVE-2021-44228, CVE-2021-45046 Synopsis: VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046) Introduction Critical vulnerabilities in Apache Log4j identified by CVE-2021-44228 and CVE-2021-45046 have been publicly disclosed which impact VMware products. This is an ongoing event, please check this advisory for frequent updates as they develop. https://www.vmware.com/security/advisories/VMSA-2021-0028.html

CISA releases Apache Log4j scanner to find vulnerable apps https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/amp/

800K WordPress sites still impacted by critical SEO plugin flaw. Two critical and high severity security vulnerabilities in the highly popular "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. https://www.bleepingcomputer.com/news/security/800k-wordpress-sites-still-impacted-by-critical-seo-plugin-flaw/

Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution. Cisco Talos recently discovered two vulnerabilities in the DaVinci Resolve video editing software that could allow an adversary to execute code in the context of the application. https://blog.talosintelligence.com/2021/12/vuln-spotlight-davinci-resolve.html

Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass Vulnerability Note VU#692873 Original Release Date: 2021-12-22 Last Revised: 2021-12-22 https://kb.cert.org/vuls/id/692873

Múltiples vulnerabilidades en productos de Netgear Fecha de publicación: 22/12/2021 Importancia: 5 - Crítica https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-17

Vulnerabilidad de compromiso de dominio de Windows Fecha de publicación: 22/12/2021 Importancia: 4 - Alta Descripción: Microsoft ha publicado un aviso fuera de ciclo de dos vulnerabilidades publicadas en noviembre y que, combinadas, podrían permitir a un atacante la escalada de privilegios de dominio. Las pruebas de concepto se han dado a conocer públicamente en diciembre. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-compromiso-dominio-windows

Inyección de código en múltiples productos NETGEAR Fecha de publicación: 21/12/2021 Importancia: 5 - Crítica Descripción: Netgear ha publicado una vulnerabilidad de inyección de comandos previa a la autenticación que afecta a múltiples de sus productos. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/inyeccion-codigo-multiples-productos-netgear

A new attack vector exploits the Log4Shell vulnerability on servers locally Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. https://securityaffairs.co/wordpress/125800/hacking/log4shell-vulnerability-attack-vector.html

Vulnerabilidad SSRF en consola VMware Workspace ONE UEM Fecha de publicación: 20/12/2021 Importancia: 5 - Crítica Recursos afectados: Consola Workspace ONE UEM de VMware, versiones: 2105, 2102, 2011, 2008 https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ssrf-consola-vmware-workspace-one-uem

[Actualización 20/12/2021] Log4Shell: vulnerabilidad 0day de ejecución remota de código en Apache Log4j Fecha de publicación: 13/12/2021 Importancia: 5 - Crítica Recursos afectados: Están afectados todos los productos que utilizan la librería Log4j2 mantenida por Apache Software Foundation, desde la versión 2.0-beta9 hasta la versión 2.14.1. Esta librería es utilizada en muchos productos, tanto comerciales como en desarrollos propios basados en Java. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/log4shell-vulnerabilidad-0day-ejecucion-remota-codigo-apache-log4j

Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement. https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS. All set for the weekend? Not so fast. Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga started last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes a seemingly-minor, but 'High' severity Denial of Service (DoS) vulnerability that affects log4j 2.16. And, yes, this DoS bug comes with yet another identifier: CVE-2021-45105. https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/