Security problem of zabbix-agent2
CVE-2022-22704
CVSS Score : 10.0

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Publish Date : 2022-01-06
Last Update Date : 2022-01-13


https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368

Vulnerabilidad crítica en Cisco Unified CCMP y CCDM

https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-cisco-unified-ccmp-y-ccdm.html

Windows Update

An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing.

https://twitter.com/WindowsUpdate/status/1483212333560172545?t=qdgWjT1hdxGZ332GaZQ7fw&s=19

VMSA-2022-0002
CVSSv3 Range: 4.0
Issue Date: 2022-01-18
Updated On: 2022-01-18 (Initial Advisory)
CVE(s): CVE-2022-22938

Synopsis:
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)

Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Horizon Client for Windows


https://www.vmware.com/security/advisories/VMSA-2022-0002.html

Oracle Releases January 2022 Critical Patch Update

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/oracle-releases-january-2022-critical-patch-update

Emotet often uses information from emails and address books stolen from infected Windows hosts. Malicious spam (malspam) from Emotet spoofs legitimate senders to trick potential victims into running malicious files.

Additionally, Emotet uses IP address 0.0.0.0 in spambot traffic, possibly attempting to hide the actual IP address of an Emotet-infected host.


https://isc.sans.edu/diary/0.0.0.0+in+Emotet+Spambot+Traffic/28254

EU wants to build its own DNS infrastructure with built-in filtering capabilities

https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-built-in-filtering-capabilities/

VMSA-2021-0028.9

CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-01-19

CVE(s): CVE-2021-44228, CVE-2021-45046

Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

Vulnerabilidad crítica en plugins WordPress

https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-plugins-wordpress.html

Múltiples vulnerabilidades en Cisco Redundancy Configuration Manager

Fecha de publicación: 20/01/2022
Importancia: 5 - Crítica

Recursos afectados:
Cisco RCM para Cisco StarOS Software.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cisco-redundancy-configuration-manager

Omisión de autentificación en ManageEngine Desktop Central

Fecha de publicación: 20/01/2022
Importancia: 5 - Crítica

Recursos afectados:
Desktop Central,
Desktop Central MSP.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autentificacion-manageengine-desktop-central

Múltiples vulnerabilidades en el core de Drupal

Fecha de publicación: 20/01/2022
Importancia: 3 - Media

Recursos afectados:
Drupal, versión 9.3, 9.2 y 7.

Las versiones de Drupal 8 y de Drupal 9, anteriores a la 9.2.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad.

Descripción:
Se han publicado cinco vulnerabilidades de severidad media que podrían afectar al core de Drupal.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-2

F5 Releases January 2022 Quarterly Security Notification

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/20/f5-releases-january-2022-quarterly-security-notification

McAfee Releases Security Update for McAfee Agent for Windows

McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system.

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/21/mcafee-releases-security-update-mcafee-agent-windows

BitLocker encryption: Clear text key storage prompts security debate online.

Many are questioning why keys are saved in the clear ahead of sign-in

Microsoft’s design choices when it comes to the management of BitLocker encryption keys have been questioned online.

This month, a Twitter and StackOverflow debate has been taking place over how BitLocker encryption keys are stored before users sign in with a Microsoft account.

In a Twitter thread started by user @atomicthumbs, the question was why, when an installation of Microsoft Windows 11 with a local account takes place, the drive will still be encrypted with BitLocker – “but it keeps the key on the drive... in clear text... until you sign in with a Microsoft account”.

https://portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware.

https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html

MoonBounce: the dark side of UEFI firmware.

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.

https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

SonicWall shares temp fix for firewalls stuck in reboot loop.

Following a stream of customer reports that started yesterday evening, security hardware manufacturer SonicWall has provided a temporary workaround for reviving next-gen firewalls running SonicOS 7.0 stuck in a reboot loop.

https://www.bleepingcomputer.com/news/technology/sonicwall-shares-temp-fix-for-firewalls-stuck-in-reboot-loop/

Robo de token JWT en VMWare Workspace ONE Access

https://unaaldia.hispasec.com/2022/01/robo-de-token-jwt-en-vmware-workspace-one-access.html

Múltiples vulnerabilidades en Moodle

Fecha de publicación: 24/01/2022
Importancia: 5 - Crítica

Recursos afectados:
Versiones:
de la 3.11 a la 3.11.4;
de la 3.10 a la 3.10.8;
de la 3.9 a la 3.9.11;
versiones anteriores no soportadas.

Descripción:
Los investigadores Paul Holden, Ostapbender, oct0pus7 y Deds Castillo han reportado 4 vulnerabilidades: 2 de severidad crítica y 2 medias, por las que un atacante podría realizar una inyección SQL, una vulnerabilidad CSRF y el acceso CRUD a los eventos del calendario y los informes de calificaciones no autorizados.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-18