[CERT-daily] Tageszusammenfassung - 04.02.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 03-02-2021 18:00 − Donnerstag 04-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices ∗∗∗
---------------------------------------------
28 malicious extensions disguised traffic as Google Analytics data.
---------------------------------------------
https://arstechnica.com/?p=1739523


∗∗∗ New Fonix ransomware decryptor can recover victims files for free ∗∗∗
---------------------------------------------
Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-fonix-ransomware-decryptor-can-recover-victims-files-for-free/


∗∗∗ How to Audit Password Changes in Active Directory ∗∗∗
---------------------------------------------
Todays admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be.
---------------------------------------------
https://thehackernews.com/2021/02/how-to-audit-password-changes-in-active.html


∗∗∗ Project Zero: Déjà vu-lnerability ∗∗∗
---------------------------------------------
A Year in Review of 0-days Exploited In-The-Wild in 2020
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html


∗∗∗ E-Tretroller sind leicht zu überwachen und zu manipulieren ∗∗∗
---------------------------------------------
Die Apps der Verleiher sind sehr auskunftsfreudig. Mit den übertragenen Daten lässt sich ein E-Tretroller sogar während der Fahrt abschalten.
---------------------------------------------
https://heise.de/-5045945


∗∗∗ Browser sync—what are the risks of turning it on? ∗∗∗
---------------------------------------------
Browser synchronization is a handy feature but it comes with a few risks. Heres what you should be asking yourself before you switch it on.
---------------------------------------------
https://blog.malwarebytes.com/privacy-2/2021/02/browser-sync-what-are-the-risks-of-turning-it-on/


∗∗∗ This old form of ransomware has returned with new tricks and new targets ∗∗∗
---------------------------------------------
Cerber was once the most common form of ransomware - and now its back, years after its heyday.
---------------------------------------------
https://www.zdnet.com/article/this-old-form-of-ransomware-has-returned-with-new-tricks-and-new-targets/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB21-09) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB21-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for the week of February 09, 2021. 
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1967


∗∗∗ Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices ∗∗∗
---------------------------------------------
Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a devices wireless communications.
---------------------------------------------
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html


∗∗∗ Jetzt patchen! Sicherheitsupdate für SonicWall SMA 100 ist da ∗∗∗
---------------------------------------------
Derzeit haben es Angreifer auf das Fernzugriffsystem SMA 100 von SonicWall abgesehen. Nun gibt es Patches.
---------------------------------------------
https://heise.de/-5045657


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (glibc, linux-firmware, perl, and qemu-kvm), Debian (dnsmasq), Fedora (netpbm), Mageia (firefox, messagelib, python and python3, ruby-nokogiri, and thunderbird), Oracle (kernel, perl, and qemu-kvm), Red Hat (flatpak), and SUSE (openvswitch and python-urllib3).
---------------------------------------------
https://lwn.net/Articles/845088/


∗∗∗ Panasonic Video Insight VMS vulnerable to arbitrary code execution ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN42252698/


∗∗∗ ZDI-21-151: (0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-151/


∗∗∗ ZDI-21-150: (0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-150/


∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2020-14781 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-affected-by-cve-2020-14781/


∗∗∗ Security Bulletin: IBM SDK Java Quarterly CPU Jul 2020 Vulnerabilities Affect IBM Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-quarterly-cpu-jul-2020-vulnerabilities-affect-ibm-transformation-extender-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i-5/


∗∗∗ wpa_supplicant: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0129


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX291439


∗∗∗ Luxion KeyShot ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01


∗∗∗ Horner Automation Cscape ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-035-02


∗∗∗ WAGO M&M Software fdtCONTAINER (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily