[CERT-daily] Tageszusammenfassung - 14.04.2021

Wed Apr 14 18:15:01 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-04-2021 18:00 − Mittwoch 14-04-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Microsoft schließt weitere Lücken in Windows und Mail/Groupware-System Exchange ∗∗∗
---------------------------------------------
Microsoft veröffentlicht über 2700 kritische und wichtige Updates für Exchange und Windows 10, aber auch für Windows 7 und 8.1 sowie ältere Serversysteme.
---------------------------------------------
https://heise.de/-6015002


∗∗∗ Patchday: Adobe verteilt Sicherheitsupdates gegen teils kritische Lücken ∗∗∗
---------------------------------------------
Aus Adobe Photoshop, Digital Editions & Bridge (Windows, macOS) wurden kritische Sicherheitslücken entfernt. Auch RoboHelp für Win bekam ein wichtiges Update.
---------------------------------------------
https://heise.de/-6015086


∗∗∗ Microsoft-Patchday: Updates entfernen aktiv genutzten Angriffsweg aus Windows ∗∗∗
---------------------------------------------
Zum Patchday hat Microsoft unter anderem eine Schwachstelle im Desktop Window Manager in Win 10 & Server-Pendants behoben, die derzeit aktiv ausgenutzt wird.
---------------------------------------------
https://heise.de/-6015082


∗∗∗ Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere ∗∗∗
---------------------------------------------
Cisco Talos researchers recently discovered multiple vulnerabilities in Microsoft’s Azure Sphere, a cloud-connected and custom SoC platform designed specifically with IoT application security [...]
---------------------------------------------
https://blog.talosintelligence.com/2021/04/vuln-spotlight-azure-sphere-april-2021.html


∗∗∗ Vorsicht! Unseriöse Praktiken bei über 120 Datingplattformen von Date4Friend AG! ∗∗∗
---------------------------------------------
Die Schweizer Firma Date4Friend AG betreibt zahlreiche Datingplattformen im deutschsprachigen Raum. Doch viele NutzerInnen ärgern sich über die Angebote von Date4Friend AG. So entpuppen sich eigentlich günstige Abos rasch als teure Abo-Falle. VerbraucherInnen beschweren sich zudem darüber, dass Abo-Kündigungen nicht angenommen werden.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-unserioese-praktiken-bei-ueber-120-datingplattformen-von-date4friend-ag/


∗∗∗ 100,000 Google Sites Used to Install SolarMarket RAT ∗∗∗
---------------------------------------------
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
---------------------------------------------
https://threatpost.com/google-sites-solarmarket-rat/165396/


∗∗∗ Jahresbericht 2020 von CERT.at und GovCERT Austria veröffentlicht ∗∗∗
---------------------------------------------
2020 war einiges los in Bezug auf IT-Sicherheit in Österreich: Im Jänner sorgten CVE-2019-19781 a.k.a. "Shitrix" und der Angriff auf das BMEIA für einen turbulenten Start und den Rest des Jahres beschäftigten uns unter anderem Emotet, Ransomware und nicht eingespielte Updates. Aber auch abseits vom Tagesgeschäft der IT-Sicherheit hat sich einiges getan [...]
---------------------------------------------
https://cert.at/de/aktuelles/2021/4/jahresbericht-2020-von-certat-und-govcert-austria-veroffentlicht


=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483: Four Critical Microsoft Exchange Server Vulnerabilities Patched in April Patch Tuesday ∗∗∗
---------------------------------------------
One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA).
---------------------------------------------
https://de.tenable.com/blog/cve-2021-28480-cve-2021-28481-cve-2021-28482-cve-2021-28483-four-critical-microsoft-exchange


∗∗∗ New WhatsApp Bugs Couldve Let Attackers Hack Your Phone Remotely ∗∗∗
---------------------------------------------
Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even compromise encrypted communications. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out whats known as a "man-in-the-disk" attack [...]
---------------------------------------------
https://thehackernews.com/2021/04/new-whatsapp-bug-couldve-let-attackers.html


∗∗∗ Recent Patches Rock the Elementor Ecosystem ∗∗∗
---------------------------------------------
Over the last few weeks, the Wordfence Threat Intelligence team has responsibly disclosed vulnerabilities in more than 15 of the most popular addon plugins for Elementor, which are collectively installed on over 3.5 million sites. All together, our team found over 100 vulnerable endpoints.
---------------------------------------------
https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (screen), Debian (clamav, courier-authlib, and tomcat9), Red Hat (thunderbird), SUSE (clamav, glibc, kernel, open-iscsi, opensc, spamassassin, thunderbird, wpa_supplicant, and xorg-x11-server), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, [...]
---------------------------------------------
https://lwn.net/Articles/852627/


∗∗∗ New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291) ∗∗∗
---------------------------------------------
CVE-2021-20291 leads to a denial of service of the container engines CRI-O and Podman when pulling a malicious image from a registry.
---------------------------------------------
https://unit42.paloaltonetworks.com/cve-2021-20291/


∗∗∗ Schneider Electric SoMachine Basic ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Schneider Electric SoMachine Basic software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-01


∗∗∗ Advantech WebAccessSCADA ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in Advantech WebAccess/SCADA browser-based software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02


∗∗∗ JTEKT TOYOPUC products ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Improper Resource Shutdown or Release vulnerability in JTEKT TOYOPUC programmable logic controller products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Reflected cross-site scripting in Microsoft Azure DevOps Server ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-in-microsoft-azure-devops-server/


∗∗∗ vBulletin Connect: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0373

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily