[CERT-daily] Tageszusammenfassung - 18.02.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 17-02-2021 18:00 − Donnerstag 18-02-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ How to Not Give a Scam ∗∗∗
---------------------------------------------
Learn about tactics attackers use for extortion emails and how to build a picture around raw data as the DomainTools team leads an investigation into a sextortion scam.
---------------------------------------------
https://www.domaintools.com/resources/blog/how-to-not-give-a-scam


∗∗∗ Mac Malware Targets Apple’s In-House M1 Processor ∗∗∗
---------------------------------------------
A malicious adware-distributing application specifically targets Apples new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.
---------------------------------------------
https://threatpost.com/macos-malware-apple-m1-processor/164075/


∗∗∗ Covid‑19‑Impfstoffe: Gefahr durch Betrugsmails und Falschmeldungen ∗∗∗
---------------------------------------------
Die weltweit anlaufenden Impfkampagnen sind der langersehnte Lichtblick beim Kampf gegen die Pandemie. Gleichzeitig haben auch Betrüger und Verbreiter von Falschmeldungen das Thema Impfstoffe für sich entdeckt.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2021/02/17/covid-19-impfstoffe-gefahr-durch-betrugsmails-und-falschmeldungen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2020-8625: A vulnerability in BINDs GSSAPI security policy negotiation can be targeted by a buffer overflow attack ∗∗∗
---------------------------------------------
This vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features. Solution: Upgrade to the patched release most closely related to your current version of BIND
---------------------------------------------
https://kb.isc.org/docs/cve-2020-8625


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mumble, openssl, php7.3, and webkit2gtk), openSUSE (jasper, php7, and screen), SUSE (bind, php7, and php72), and Ubuntu (bind9, openssl, openssl1.0, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/846623/


∗∗∗ Security Bulletin: A security vulnerability in Node.js y18n module affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-y18n-module-affects-ibm-cloud-automation-manager/


∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4933) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4933/


∗∗∗ Security Bulletin: Vulnerability has been identified in SnakeYAML used by IBM Dependency Based Build ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-has-been-identified-in-snakeyaml-used-by-ibm-dependency-based-build/


∗∗∗ Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-data-loader-maxloader-shipped-with-ibm-maximo-for-civil-infrastructure-is-vulnerable-to-cross-site-scripting-and-missing-or-insecure-x-xss-protection-header/


∗∗∗ Security Bulletin: A security vulnerability in Node.js ini module affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-ini-module-affects-ibm-cloud-automation-manager/


∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-automation-manager-4/


∗∗∗ Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-data-loader-maxloader-shipped-with-ibm-maximo-for-civil-infrastructure-is-vulnerable-to-autocomplete-html-attribute-not-disabled-for-password-field/


∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-automation-manager/


∗∗∗ Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-automation-manager/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple BIND vulnerabilities (CVE-2020-8622, CVE-2020-8623, CVE-2020-8624) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-bind-vulnerabilities-cve-2020-8622-cve-2020-8623-cve-2020-8624/


∗∗∗ February 16, 2021   TNS-2021-02   [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2021-02


∗∗∗ XSA-366 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-366.html


∗∗∗ Jira Server for Slack Security Advisory 17th February 2021 ∗∗∗
---------------------------------------------
https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily