[CERT-daily] Tageszusammenfassung - 16.02.2021

Tue Feb 16 18:08:44 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 15-02-2021 18:00 − Dienstag 16-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Cyberattack on Dutch Research Council (NWO) suspends research grants ∗∗∗
---------------------------------------------
Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cyberattack-on-dutch-research-council-nwo-suspends-research-grants/


∗∗∗ Microsoft pulls Windows KB4601392 for blocking security updates ∗∗∗
---------------------------------------------
Microsoft has pulled a problematic Windows servicing stack update (SSU) after blocking Windows 10 and Windows Server customers from installing the security updates released during this month Patch Tuesday.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb4601392-for-blocking-security-updates/


∗∗∗ Sandworm: Frankreich meldet jahrelangen staatlichen Hack auf Server ∗∗∗
---------------------------------------------
Ähnlich wie bei dem Solarwinds-Hack soll es jahrelang Angriffe auf die freie Monitoring-Software Centreon gegeben haben.
---------------------------------------------
https://www.golem.de/news/sandworm-frankreich-meldet-jahrelangen-staatlichen-hack-auf-server-2102-154216-rss.html


∗∗∗ More weirdness on TCP port 26, (Tue, Feb 16th) ∗∗∗
---------------------------------------------
A little over a year ago, I wrote a diary asking what was going on with traffic on TCP port 26. So, last week when I noticed another spike on port 26, I decided to take another look.
---------------------------------------------
https://isc.sans.edu/diary/rss/27106


∗∗∗ Corona Hilfe für Unternehmen: Gefälschtes E-Mail im Namen des Bundesministeriums für Soziales im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche UnternehmerInnen finden aktuell ein E-Mail mit dem Betreff "Überbrückungshilfe III - Informationen und Unterstützung für Unternehmen", angeblich vom Bundesministerium für Soziales, in ihrem Posteingang. Vorsicht: Dieses E-Mail stammt von Kriminellen und beinhaltet Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/news/corona-hilfe-fuer-unternehmen-gefaelschtes-e-mail-im-namen-des-bundesministeriums-fuer-soziales-im-uml/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Malvertisers exploited browser zero-day to redirect users to scams ∗∗∗
---------------------------------------------
The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (spip), Mageia (chromium-browser, kernel, kernel-linus, and trojita), openSUSE (mumble and opera), Red Hat (container-tools:rhel8, java-1.8.0-ibm, kernel, kernel-rt, net-snmp, nodejs:10, nodejs:12, nodejs:14, nss, perl, python, and rh-nodejs10-nodejs), and SUSE (jasper, python-bottle, and python-urllib3).
---------------------------------------------
https://lwn.net/Articles/846395/


∗∗∗ Security bugs left unpatched in Android app with one billion downloads ∗∗∗
---------------------------------------------
The vulnerabilities impact SHAREit, an app used for sharing files between users and their devices.
---------------------------------------------
https://www.zdnet.com/article/security-bugs-left-unpatched-in-android-app-with-one-billion-downloads/


∗∗∗ Calsos CSDJ fails to restrict access permissions ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN87164507/


∗∗∗ FileZen vulnerable to OS command injection ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN58774946/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-operations-center-cve-2020-4954-cve-2020-4955-cve-2020-4956-2/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2021 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-january-2021-cpu/


∗∗∗ XSA-365 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-365.html


∗∗∗ XSA-364 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-364.html


∗∗∗ XSA-363 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-363.html


∗∗∗ XSA-362 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-362.html


∗∗∗ XSA-361 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-361.html


∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0178

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily