[CERT-daily] Tageszusammenfassung - 27.04.2021

Tue Apr 27 18:14:51 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 26-04-2021 18:00 − Dienstag 27-04-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ 15 open source GitHub projects for security pros ∗∗∗
---------------------------------------------
Whether you are a sysadmin, a threat intel analyst, a malware researcher, forensics expert, or even a software developer looking to build secure software, these 15 free tools from GitHub or GitLab can easily fit into your day-to-day work activities and provide added advantages.
---------------------------------------------
https://www.csoonline.com/article/3058594/19-open-source-github-projects-for-security-pros.html


∗∗∗ CAD: .DGN and .MVBA Files, (Mon, Apr 26th) ∗∗∗
---------------------------------------------
Regularly I receive questions about MicroStation files, since I wrote a diary entry about AutoCAD drawings containing VBA code.
---------------------------------------------
https://isc.sans.edu/diary/rss/27354


∗∗∗ Aggrokatz: pypykatz trifft Cobalt Strike ∗∗∗
---------------------------------------------
Das Tool "aggrokatz", welches von SEC Consult intern zum Parsen von LSASS-Dump-Dateien in Cobalt Strike eingesetzt wird, wurde soeben als Open Source Tool veröffentlicht!
---------------------------------------------
https://sec-consult.com/de/blog/detail/aggrokatz-pypykatz-trifft-cobalt-strike/


∗∗∗ The March/April 2021 issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Exploit on Exchange
---------------------------------------------
https://securityblog.switch.ch/2021/04/27/the-march-april-2021-issue-of-our-switch-security-report-is-available/


∗∗∗ Vulnerability Spotlight: Information disclosure vulnerability in the Linux Kernel ∗∗∗
---------------------------------------------
Cisco Talos recently discovered an information disclosure vulnerability in the Linux Kernel.
---------------------------------------------
https://blog.talosintelligence.com/2021/04/vuln-spotlight-linux-kernel.html


∗∗∗ Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU ∗∗∗
---------------------------------------------
Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the worlds most dangerous malware: Emotet.
---------------------------------------------
https://www.troyhunt.com/data-from-the-emotet-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi-and-nhtcu/


∗∗∗ WhatsApp-NutzerInnen aufgepasst: Kriminelle versuchen Ihr WhatsApp-Konto zu stehlen ∗∗∗
---------------------------------------------
Sie wurden auf WhatsApp gebeten, einen 6-stelligen-Code weiterzuleiten? Tun Sie das auf gar keinen Fall, dieser Code ist der Schlüssel zu Ihrem WhatsApp-Account. Kriminelle versuchen Sie mit unterschiedlichsten Begründungen zu überzeugen, diesen weiterzuleiten.
---------------------------------------------
https://www.watchlist-internet.at/news/whatsapp-nutzerinnen-aufgepasst-kriminelle-versuchen-ihr-whatsapp-konto-zu-stehlen/


∗∗∗ CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks ∗∗∗
---------------------------------------------
A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/04/26/cisa-and-nist-release-new-interagency-resource-defending-against


=====================
=  Vulnerabilities  =
=====================

∗∗∗ All Your Macs Are Belong To Us ∗∗∗
---------------------------------------------
Here, we detail a bug that trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk!
---------------------------------------------
https://objective-see.com/blog/blog_0x64.html


∗∗∗ Citrix ShareFile storage zones controller security update ∗∗∗
---------------------------------------------
A security issue has been identified in the Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller.
---------------------------------------------
https://support.citrix.com/article/CTX310780


∗∗∗ Severe Unpatched Vulnerabilities Leads to Closure of Store Locator Plus Plugin ∗∗∗
---------------------------------------------
On March 5, 2021, the Wordfence Threat Intelligence team wrapped up an investigation that led to the discovery of a privilege escalation vulnerability along with several additional vulnerabilities in Store Locator Plus, a WordPress plugin installed on over 9,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, and gst-plugins-ugly1.0), Fedora (kernel, kernel-headers, kernel-tools, and rust), openSUSE (firefox), Oracle (firefox, mariadb:10.3 and mariadb-devel:10.3, thunderbird, and xstream), Red Hat (kernel, kernel-alt, kpatch-patch, nss, and openldap), Scientific Linux (firefox, thunderbird, and xstream), SUSE (firefox), and Ubuntu (file-roller, firefox, and ruby2.7).
---------------------------------------------
https://lwn.net/Articles/854623/


∗∗∗ NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability ∗∗∗
---------------------------------------------
A newly identified NTLM (New Technology LAN Manager) relay attack abuses a remote procedure call (RPC) vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal.
---------------------------------------------
https://www.securityweek.com/ntlm-relay-attack-abuses-windows-rpc-protocol-vulnerability


∗∗∗ Apple Security Updates 2021-04-26 ∗∗∗
---------------------------------------------
https://support.apple.com/en-us/HT201222


∗∗∗ Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-7/


∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting-4/


∗∗∗ Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296-2/


∗∗∗ Security Bulletin: Buffer Overflow Vulnerability in IBM SDK Affects IBM Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-buffer-overflow-vulnerability-in-ibm-sdk-affects-ibm-transformation-extender-3/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-cve-2020-5024-6/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2020-27221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-snapshot-on-aix-and-linux-cve-2020-27221/


∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-spectrum-scale-gui-3/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files (CVE-2020-4976) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-weak-file-permissions-allowing-access-to-specific-files-cve-2020-4976-6/


∗∗∗ Nvidia Treiber: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0440


∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0447


∗∗∗ TYPO3 Extension: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0449


∗∗∗ Google Releases Security Updates for Chrome ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/04/27/google-releases-security-updates-chrome

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily