CrowdStrike Launches Free Targeted Log4j Search Tool.

https://www.crowdstrike.com/blog/free-targeted-log4j-search-tool/

https://github.com/CrowdStrike/CAST

Apple fixes macOS security flaw behind Gatekeeper bypass.

https://www.bleepingcomputer.com/news/apple/apple-fixes-macos-security-flaw-behind-gatekeeper-bypass/

Apache addressed a couple of severe vulnerabilities in Apache HTTP Server

The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution.

https://securityaffairs.co/wordpress/126077/security/apache-http-server-flaws.html

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832.

Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved.

https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/

LastPass users warned their master passwords are compromised

[...]
LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum told BleepingComputer that "LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services."
[...]

https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/

Experts found backdoors in a popular Auerswald VoIP appliance.

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald.

https://securityaffairs.co/wordpress/126069/hacking/auerswald-voip-backdoors.html

Fintech firm hit by log4j hack refuses to pay $5 million ransom.

https://www.bleepingcomputer.com/news/security/fintech-firm-hit-by-log4j-hack-refuses-to-pay-5-million-ransom/

Threat actor uses HP iLO rootkit to wipe servers.

An Iranian cyber-security firm said it discovered a first-of-its-kind rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations.

Named iLOBleed, the rootkit was discovered by Tehran-based security firm Amnpardaz and detailed in a report released on Tuesday.

https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions.

https://securityaffairs.co/wordpress/126170/hacking/ssds-flex-capacity-feature-attacks.html

Telegram está añadiendo publicidad en su aplicación.

SysAdmin24x7 no es responsable del contenido ni puede oponerse a la aparición de dicha publicidad ni seleccionar su contenido.

Podéis reconocer la publicidad observando los mensajes, tienen un tag común, "patrocinado" o "sponsored".

Múltiples vulnerabilidades en router Netgear Nighthawk RAX43

Fecha de publicación: 03/01/2022
Importancia: 5 - Crítica

Recursos afectados:
Nighthawk RAX43, versión de firmware 1.0.3.96 y anteriores.

Descripción:
Los investigadores, Evan Grant y Jimi Sebree han detectado varias vulnerabilidades en el router Nighthawk RAX43 de Netgear, que en su conjunto aportan un valor de severidad crítico.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-router-netgear-nighthawk-rax43

Múltiples vulnerabilidades en Trendnet AC2600 TEW-827DRU

Fecha de publicación: 03/01/2022
Importancia: 5 - Crítica

Recursos afectados:
Firmware de Trendnet AC2600 TEW-827DRU.

Descripción:
Jimi Sebree, investigador de Zero Day Research de Tenable, ha reportado 17 vulnerabilidades, por las que un atacante podría realizar una omisión de autenticación, reutilizar tokens antiguos, realizar una ejecución remota de código, acceder a información sin cifrar, cambiar la configuración del dispositivo, instalar firmware modificado, realizar una denegación de servicio, cambiar la contraseña de administrador, realizar una inyección de comandos, controlar el dispositivo y acceder a nombres de usuario y contraseñas en texto plano.

Solución:
Aplicar los parches suministrados por el proveedor, una vez que estén disponibles. Tenable no tiene conocimiento de los parches disponibles a fecha de publicación de su aviso.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-trendnet-ac2600-tew-827dru

VMSA-2022-0001

CVSSv3 Range:7.7
Issue Date:2022-01-04
CVE(s):CVE-2021-22045

Synopsis:
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

Impacted Products
VMware ESXi
VMware Workstation
VMware Fusion
VMware Cloud Foundation

https://www.vmware.com/security/advisories/VMSA-2022-0001.html

An Apple HomeKit bug can send iOS devices into a death spiral.

https://www.theverge.com/2022/1/3/22865145/apple-ios-vulnerability-homekit-devices-bug-crash

Log4j flaw attack levels remain high, Microsoft warns.

Organizations might not realize their environments are already compromised.

Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.

Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services.

Microsoft warns that customers might not be aware of how widespread the Log4j issue is in their environment.

https://www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/

Experts warn against storing passwords in Chrome after hackers target remote workers.

https://nypost.com/2022/01/02/experts-warn-against-storing-passwords-in-chrome/

Implant.ARM.iLOBleed.a.

HP servers provide a management module called iLO (a.k.a. Integrated Lights-Out), which turns on as soon as the power cable is connected, loading a full-blown proprietary operating system. This module has full access to all the firmware, hardware, software, and operating system installed on the server. In addition to managing the server hardware, it allows the admin to remotely turn the server on and off, gain access to the server’s console, and even install an operating system on it.

There are numerous aspects of iLO that make it an ideal utopia for malware and APT groups: Extremely high privileges (above any level of access in the operating system), very low-level access to the hardware, being totally out of the sight of the admins, and security tools, the general lack of knowledge and tools for inspecting iLO and/or protecting it

https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/

Boletín de seguridad de Android de enero de 2022

Fecha de publicación: 05/01/2022
Importancia: 4 - Alta

Recursos afectados:
Android Open Source Project (AOSP):
Versiones 9, 10, 11 y 12.

Descripción:
El boletín mensual de Android de enero de 2022 soluciona catorce vulnerabilidades de severidad alta: once afectan al sistema y tres a componentes del kernel, que podrían permitir a un ciberatacante instalar paquetes sin el consentimiento del usuario, divulgación de información o una escalada de privilegios en el sistema.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/boletin-seguridad-android-enero-2022

Emergency Windows Server update fixes Remote Desktop issues.

https://www.bleepingcomputer.com/news/microsoft/emergency-windows-server-update-fixes-remote-desktop-issues/

Careful! Uber flaw allows anyone to send an email from uber.com.

On New Year’s Eve, Seif Elsallamy (@0x21SAFE on Twitter), a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with “@uber.com“

https://blog.malwarebytes.com/social-engineering/2022/01/careful-uber-flaw-allows-anyone-to-send-an-email-from-uber-com/

Actualización de seguridad 5.8.3 para WordPress

Fecha de publicación: 07/01/2022
Importancia: 4 - Alta

Recursos afectados:
WordPress, versiones entre la 3.7 y la 5.8.

Descripción:
Se han publicado 4 vulnerabilidades que afectan a WordPress del tipo stored XSS, Object injection y SQL injection.

Solución:
Actualizar a la versión 5.8 desde WordPress.org o desde el panel de control (Updates>Update Now).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-583-wordpress