UEFI firmware vulnerabilities affect at least 25 computer vendors
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.
UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.
https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/
If you would like to scan your system for the existence of the above flaws, Binarly has published these FwHunt rules on GitHub to assist with detection.
https://github.com/binarly-io/FwHunt/tree/main/rules
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.
UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.
https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/
If you would like to scan your system for the existence of the above flaws, Binarly has published these FwHunt rules on GitHub to assist with detection.
https://github.com/binarly-io/FwHunt/tree/main/rules
BleepingComputer
UEFI firmware vulnerabilities affect at least 25 computer vendors
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.
Cisco Small Business RV Series Routers Vulnerabilities
Advisory ID: cisco-sa-smb-mult-vuln-KA9PK6D
First Published: 2022 February 2 16:00 GMT
Version 1.0: Final
CVSS Score: Base 10.0 ⚠️
Summary:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following:
Execute arbitrary code
Elevate privileges
Execute arbitrary commands
Bypass authentication and authorization protections
Fetch and run unsigned software
Cause denial of service (DoS)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
Advisory ID: cisco-sa-smb-mult-vuln-KA9PK6D
First Published: 2022 February 2 16:00 GMT
Version 1.0: Final
CVSS Score: Base 10.0 ⚠️
Summary:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following:
Execute arbitrary code
Elevate privileges
Execute arbitrary commands
Bypass authentication and authorization protections
Fetch and run unsigned software
Cause denial of service (DoS)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
Cisco
Cisco Security Advisory: Cisco Small Business RV Series Routers Vulnerabilities
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following:
Execute arbitrary code
Elevate privileges
Execute arbitrary commands
Bypass authentication and authorization…
Execute arbitrary code
Elevate privileges
Execute arbitrary commands
Bypass authentication and authorization…
Vulnerabilidad de ataques basados en XXE en productos HP
Fecha de publicación: 02/02/2022
Importancia: 5 - Crítica
Recursos afectados:
HP Web JetAdmin, versiones anteriores a 10.5 SR1;
HP Security Manager, versiones anteriores a 3.7.
Descripción:
HP ha publicado una vulnerabilidad de severidad crítica, por la que un atacante podría realizar ataques basados en XXE (XML External Entity).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ataques-basados-xxe-productos-hp
Fecha de publicación: 02/02/2022
Importancia: 5 - Crítica
Recursos afectados:
HP Web JetAdmin, versiones anteriores a 10.5 SR1;
HP Security Manager, versiones anteriores a 3.7.
Descripción:
HP ha publicado una vulnerabilidad de severidad crítica, por la que un atacante podría realizar ataques basados en XXE (XML External Entity).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ataques-basados-xxe-productos-hp
INCIBE-CERT
Vulnerabilidad de ataques basados en XXE en productos HP
HP ha publicado una vulnerabilidad de severidad crítica, por la que un atacante podría realizar ataques basados en XXE (XML External Entity).
Vulnerabilidad crítica en dispositivos NAS de QNAP
Fecha de publicación: 03/02/2022
Importancia: 5 - Crítica
Recursos afectados:
Dispositivos NAS de QNAP con versiones anteriores a:
QTS 5.0.0.1891, compilación 20211221;
QTS 4.5.4.1892, compilación 20211223;
QuTS hero h5.0.0.1892, compilación 20211222;
QuTS hero h4.5.4.1892, compilación 20211223;
QuTScloud c5.0.0.1919, compilación 20220119.
Descripción:
QNAP ha solucionado una vulnerabilidad de severidad crítica que está siendo explotada actualmente de manera activa por el ransomware DeadBolt.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-critica-dispositivos-nas-qnap
Fecha de publicación: 03/02/2022
Importancia: 5 - Crítica
Recursos afectados:
Dispositivos NAS de QNAP con versiones anteriores a:
QTS 5.0.0.1891, compilación 20211221;
QTS 4.5.4.1892, compilación 20211223;
QuTS hero h5.0.0.1892, compilación 20211222;
QuTS hero h4.5.4.1892, compilación 20211223;
QuTScloud c5.0.0.1919, compilación 20220119.
Descripción:
QNAP ha solucionado una vulnerabilidad de severidad crítica que está siendo explotada actualmente de manera activa por el ransomware DeadBolt.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-critica-dispositivos-nas-qnap
INCIBE
Vulnerabilidad crítica en dispositivos NAS de QNAP
Múltiples vulnerabilidades en IBM Planning Analytics
Fecha de publicación: 04/02/2022
Importancia: 5 - Crítica
Recursos afectados:
IBM Planning Analytics 2.0;
IBM Planning Analytics Workspace 2.0.
Descripción:
IBM ha reportado 11 vulnerabilidades: 2 críticas, 2 altas, 3 medias y 4 bajas, por las que un atacante podría causar un impacto en la confidencialidad, en la integridad y en la disponibilidad, una denegación de servicio, obtener información sensible, desbordar un búfer, ejecutar código arbitrario, acceder a directorios restringidos, realizar una ejecución remota de código o tomar el control del sistema.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-planning-analytics
Fecha de publicación: 04/02/2022
Importancia: 5 - Crítica
Recursos afectados:
IBM Planning Analytics 2.0;
IBM Planning Analytics Workspace 2.0.
Descripción:
IBM ha reportado 11 vulnerabilidades: 2 críticas, 2 altas, 3 medias y 4 bajas, por las que un atacante podría causar un impacto en la confidencialidad, en la integridad y en la disponibilidad, una denegación de servicio, obtener información sensible, desbordar un búfer, ejecutar código arbitrario, acceder a directorios restringidos, realizar una ejecución remota de código o tomar el control del sistema.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-planning-analytics
Cobalt Strike, a Defender’s Guide
Part I: https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide
Part II: https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2
Part I: https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide
Part II: https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2
The DFIR Report
Cobalt Strike, a Defender's Guide
As you have noticed from our reporting so far, Cobalt Strike is used as a post-exploitation tool with various malware droppers responsible for the initial infection stage. Some of the most common droppers we see are IcedID (a.k.a. BokBot), ZLoader, Qbot (a.k.a.…
FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/07/fbi-releases-indicators-compromise-associated-lockbit-20
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/07/fbi-releases-indicators-compromise-associated-lockbit-20
www.cisa.gov
FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware | CISA
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating…
VMSA-2021-0028.11
CVSSv3 Range: 9.0-10.0
Issue Date: 2021-12-10
Updated On: 2022-02-08
CVE(s): CVE-2021-44228, CVE-2021-45046
Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
CVSSv3 Range: 9.0-10.0
Issue Date: 2021-12-10
Updated On: 2022-02-08
CVE(s): CVE-2021-44228, CVE-2021-45046
Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing
www.cisa.gov
Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM) | CISA
On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). SAP applications help organizations manage…
Citrix Releases Security Updates for Hypervisor
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/citrix-releases-security-updates-hypervisor
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/citrix-releases-security-updates-hypervisor
www.cisa.gov
Citrix Releases Security Updates for Hypervisor | CISA
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX337526 and…
Vodafone Portugal hit by a massive cyberattack
Portugal causing severe outages in the country of its communication and television services.
https://securityaffairs.co/wordpress/127799/cyber-crime/vodafone-portugal-massive-cyberattack.html
Portugal causing severe outages in the country of its communication and television services.
https://securityaffairs.co/wordpress/127799/cyber-crime/vodafone-portugal-massive-cyberattack.html
Security Affairs
Vodafone Portugal hit by a massive cyberattack
A cyberattack hit Vodafone Portugal causing severe outages in the country of its communication and television services.
Vulnerabilidad de ejecución remota de código en Tapo C200 de TP-LINK
Fecha de publicación: 11/02/2022
Importancia: 5 - Crítica
Recursos afectados:
Tapo C200 versión 1.15 y anteriores.
Descripción:
INCIBE ha coordinado la publicación de una vulnerabilidad en TP-Link Tapo C200, con el código interno INCIBE-2021-0601, que ha sido descubierta por Víctor Fresco Perales.
A esta vulnerabilidad se le ha asignado el código CVE-2021-4045. Se ha calculado una puntuación base CVSS v3.1 de 9,8, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-tapo-c200-tp-link
Fecha de publicación: 11/02/2022
Importancia: 5 - Crítica
Recursos afectados:
Tapo C200 versión 1.15 y anteriores.
Descripción:
INCIBE ha coordinado la publicación de una vulnerabilidad en TP-Link Tapo C200, con el código interno INCIBE-2021-0601, que ha sido descubierta por Víctor Fresco Perales.
A esta vulnerabilidad se le ha asignado el código CVE-2021-4045. Se ha calculado una puntuación base CVSS v3.1 de 9,8, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-tapo-c200-tp-link
VMSA-2021-0028.12
CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-02-10
2021/12/10: Exploitation attempts in the wild of CVE-2021-44228 have been confirmed by VMware.
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-02-10
2021/12/10: Exploitation attempts in the wild of CVE-2021-44228 have been confirmed by VMware.
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.
CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.
Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8)
macOS Monterey 12.2.1
iOS 15.3.1 and iPadOS 15.3.1
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/11/apple-releases-security-updates-multiple-products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.
CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.
Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8)
macOS Monterey 12.2.1
iOS 15.3.1 and iPadOS 15.3.1
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/11/apple-releases-security-updates-multiple-products
www.cisa.gov
Apple Releases Security Updates for Multiple Products | CISA
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild. CISA…
pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available
https://www.netgate.com/blog/pfsense-plus-software-version-22.01-and-ce-2.6.0-are-now-available
https://www.netgate.com/blog/pfsense-plus-software-version-22.01-and-ce-2.6.0-are-now-available
Netgate
pfSense Plus Version 22.01 and CE Version 2.6.0 Software Now Available
This is a regularly scheduled release of pfSense Plus software and pfSense CE software including new features, additional hardware support, and bug fixes.
VMSA-2022-0001.2
CVSSv3 Range: 7.7
Issue Date: 2022-01-04
Updated On: 2022-02-14
CVE(s): CVE-2021-22045
Synopsis:
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
CVSSv3 Range: 7.7
Issue Date: 2022-01-04
Updated On: 2022-02-14
CVE(s): CVE-2021-22045
Synopsis:
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
VMSA-2022-0004
CVSSv3 Range: 5.3-8.4
Issue Date: 2022-02-15
CVE(s):CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050
Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
CVSSv3 Range: 5.3-8.4
Issue Date: 2022-02-15
CVE(s):CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050
Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)
Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
VMSA-2022-0005
CVSSv3 Range: 8.8
Issue Date: 2022-02-15
CVE(s): CVE-2022-22945
Synopsis:
VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability (CVE-2022-22945)
Impacted Products
VMware NSX Data Center for vSphere (NSX-V)
https://www.vmware.com/security/advisories/VMSA-2022-0005.html
CVSSv3 Range: 8.8
Issue Date: 2022-02-15
CVE(s): CVE-2022-22945
Synopsis:
VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability (CVE-2022-22945)
Impacted Products
VMware NSX Data Center for vSphere (NSX-V)
https://www.vmware.com/security/advisories/VMSA-2022-0005.html
VMware
VMSA-2022-0005
VMware NSX Edge update addresses CLI shell injection vulnerability (CVE-2022-22945)
Múltiples vulnerabilidades en productos VMware
Fecha de publicación: 16/02/2022
Importancia: 5 - Crítica
Recursos afectados:
ESXi, versiones:
7.0 U3;
7.0 U2;
7.0 U1;
7.0;
6.7;
6.5.
Fusion, versiones 12.x.
Workstation, versiones 16.x.
Cloud Foundation (ESXi), versiones:
4.x;
3.x.
NSX Data Center para vSphere, todas las versiones.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-24
Fecha de publicación: 16/02/2022
Importancia: 5 - Crítica
Recursos afectados:
ESXi, versiones:
7.0 U3;
7.0 U2;
7.0 U1;
7.0;
6.7;
6.5.
Fusion, versiones 12.x.
Workstation, versiones 16.x.
Cloud Foundation (ESXi), versiones:
4.x;
3.x.
NSX Data Center para vSphere, todas las versiones.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-24
INCIBE-CERT
Múltiples vulnerabilidades en productos VMware
Los investigadores Wei de Kunlun Lab, junto con Dimitri Di Cristofaro y Przemek Reszke de SECFORCE LTD, han reportado 6 vulnerabilidades, 5 de severidad alta y 1 media, aunque la combinación de
Múltiples vulnerabilidades en productos de TIBCO
Fecha de publicación: 16/02/2022
Importancia: 5 - Crítica
Recursos afectados:
TIBCO BusinessConnect Container Edition versión 1.1.0 y anteriores;
TIBCO AuditSafe versión 1.1.0 y anteriores.
Componentes Database, Auth Server y Web Server.
Descripción:
TIBCO ha reportado 3 vulnerabilidades: 2 de severidad crítica y 1 de severidad alta por las que un atacante no autenticado con acceso a la red podría ejecutar métodos de la API en el sistema afectado y obtener nombres y contraseñas de los usuarios.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-4
Fecha de publicación: 16/02/2022
Importancia: 5 - Crítica
Recursos afectados:
TIBCO BusinessConnect Container Edition versión 1.1.0 y anteriores;
TIBCO AuditSafe versión 1.1.0 y anteriores.
Componentes Database, Auth Server y Web Server.
Descripción:
TIBCO ha reportado 3 vulnerabilidades: 2 de severidad crítica y 1 de severidad alta por las que un atacante no autenticado con acceso a la red podría ejecutar métodos de la API en el sistema afectado y obtener nombres y contraseñas de los usuarios.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-4