[CERT-daily] Tageszusammenfassung - 09.02.2021

Tue Feb 9 18:10:31 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 08-02-2021 18:00 − Dienstag 09-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Android Devices Hunted by LodaRAT Windows Malware ∗∗∗
---------------------------------------------
The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign.
---------------------------------------------
https://threatpost.com/android-devices-lodarat-windows/163769/


∗∗∗ Florida: Hacker wollte Trinkwasser aus der Ferne vergiften ∗∗∗
---------------------------------------------
Kriminelle haben ein Trinkwasserwerk in Florida gehackt und die Natriumhydroxid-Zufuhr vervielfacht. Ein Mitarbeiter beobachtete die Tat und stoppte sie.
---------------------------------------------
https://heise.de/-5049266


∗∗∗ Arrest, Raids Tied to ‘U-Admin’ Phishing Kit ∗∗∗
---------------------------------------------
Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”
---------------------------------------------
https://krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/


∗∗∗ BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech ∗∗∗
---------------------------------------------
The novel Chinese shellcode "BendyBear" is one of the most sophisticated, well-engineered and difficult-to-detect samples employed by an APT.
---------------------------------------------
https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/


∗∗∗ PyPI, GitLab dealing with spam attacks ∗∗∗
---------------------------------------------
Both sites have been flooded over the weekend with garbage content.
---------------------------------------------
https://www.zdnet.com/article/pypi-gitlab-dealing-with-spam-attacks/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdate: Kritische Lücke in WordPress-Plug-in NextGen Gallery ∗∗∗
---------------------------------------------
Ein Schlupfloch in NextGen Gallery könnte Schadcode auf 800.000 WordPress-Websites lassen.
---------------------------------------------
https://heise.de/-5049401


∗∗∗ Linux kernel CVE-2020-10769 ∗∗∗
---------------------------------------------
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module.
---------------------------------------------
https://support.f5.com/csp/article/K62532228


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (flatpak), Debian (connman, golang-1.11, and openjpeg2), Fedora (pngcheck), Mageia (php, phppgadmin, and wpa_supplicant), openSUSE (privoxy), Oracle (flatpak and kernel), Red Hat (qemu-kvm-rhev), SUSE (kernel, python-urllib3, and python3), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/845504/


∗∗∗ ZDI-21-153: Micro Focus Operations Bridge Reporter userName Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-153/


∗∗∗ SSA-379803: Vulnerabilities in RUGGEDCOM ROX II ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-379803.txt


∗∗∗ SSA-428051: Privilege Escalation Vulnerability in TIA Administrator ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-428051.txt


∗∗∗ SSA-686152: Denial-of-Service Vulnerability in ARP Protocol of SCALANCE W780 and W740 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-686152.txt


∗∗∗ SSA-663999: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-663999.txt


∗∗∗ SSA-536315: Privilege escalation vulnerability in DIGSI 4 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-536315.txt


∗∗∗ SSA-944678: Potential Password Protection Bypass in SIMATIC WinCC ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-944678.txt


∗∗∗ SSA-794542: Insecure Folder Permissions in SIMARIS configuration ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-794542.txt


∗∗∗ SSA-362164: Predictable Initial Sequence Numbers in Mentor Nucleus TCP stack ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-362164.txt


∗∗∗ SSA-156833: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-156833.txt


∗∗∗ SAP Patchday Februar 2021: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0139

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily