[CERT-daily] Tageszusammenfassung - 12.01.2021

Tue Jan 12 18:28:33 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-01-2021 18:00 − Dienstag 12-01-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Gefälschte Kundeninformation im Namen der bank99 im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche BankkundInnen werden aktuell angeblich von der bank99 per E-Mail aufgefordert, eine App herunterzuladen. Bei Nichtdurchführung droht angeblich eine Bearbeitungsgebühr. Vorsicht: Bei diesem E-Mail handelt es sich um Betrug. Kriminelle geben sich als bank99 aus und versuchen mit dieser E-Mail an Ihre Bankdaten zu kommen. Verschieben Sie es in Ihren Spam-Ordner!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-kundeninformation-im-namen-der-bank99-im-umlauf/


∗∗∗ Mac malware uses run-only AppleScripts to evade analysis ∗∗∗
---------------------------------------------
A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mac-malware-uses-run-only-applescripts-to-evade-analysis/


∗∗∗ Microsoft Sysmon now detects malware process tampering attempts ∗∗∗
---------------------------------------------
Microsoft has released Sysmon 13 with a new security feature that detects if a process has been tampered using process hollowing or process herpaderping techniques.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-detects-malware-process-tampering-attempts/


∗∗∗ Protecting Against Supply Chain Attacks by Profiling Suppliers ∗∗∗
---------------------------------------------
Learn how to better spot supply chain attacks targeting your organization. This blog outlines how defenders can use the techniques and tools they already use to profile suppliers and get ahead of potential threats.
---------------------------------------------
https://www.domaintools.com/resources/blog/protecting-against-supply-chain-attacks-by-profiling-suppliers


∗∗∗ Stealing Your Private YouTube Videos, One Frame at a Time ∗∗∗
---------------------------------------------
* In the real world you would have to know the ID of the target video. Mass-leaking those would be considered a bug on its own. * Since these are just images, you can’t access audio. * The resolution is very low. (but it’s high enough to see what is happening)
---------------------------------------------
https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/


∗∗∗ Ubiquiti: Change Your Password, Enable 2FA ∗∗∗
---------------------------------------------
Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
---------------------------------------------
https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/


∗∗∗ CES 2021: Intel adds ransomware detection capabilities at the silicon level ∗∗∗
---------------------------------------------
Intel 11th Gen Intel Core vPro CPUs with support for the Hardware Shield and TDT features will be able to detect ransomware attacks at the hardware level, many layers below antivirus software.
---------------------------------------------
https://www.zdnet.com/article/ces-2021-intel-adds-ransomware-detection-capabilities-at-the-silicon-level/


∗∗∗ Third malware strain discovered in SolarWinds supply chain attack ∗∗∗
---------------------------------------------
CrowdStrike, one of the two security firms formally investigating the hack, sheds some light on how hackers compromised the SolarWinds Orion app build process.
---------------------------------------------
https://www.zdnet.com/article/third-malware-strain-discovered-in-solarwinds-supply-chain-attack/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Photoshop (APSB21-01), Adobe Illustrator (APSB21-02), Adobe Animate (APSB21-03), Adobe Campaign Classic (APSB21-04), Adobe InCopy (APSB21-05), Adobe Captivate (APSB21-06) and Adobe Bridge (APSB21-07). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1960


∗∗∗ Microsoft Releases Security Updates for Edge ∗∗∗
---------------------------------------------
Microsoft has released a security update to address multiple vulnerabilities in Edge (Chromium-based). An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the latest entry for Microsoft Security Advisory ADV200002 and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/01/11/microsoft-releases-security-updates-edge


∗∗∗ SAP Releases January 2021 Security Updates ∗∗∗
---------------------------------------------
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for January 2021 and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/01/12/sap-releases-january-2021-security-updates


∗∗∗ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce


∗∗∗ SSA-139628 V1.0: Vulnerabilities in Web Server for Scalance X Products ∗∗∗
---------------------------------------------
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.Siemens has released updates for several affected products and recommends to update to the latest version(s). Siemens recommends countermeasures where fixes are not currently available.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-139628.txt


∗∗∗ SSA-274900 V1.0: Use of hardcoded key in Scalance X devices under certain conditions ∗∗∗
---------------------------------------------
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmwareSiemens has released updates for some devices, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-274900.txt


∗∗∗ SSA-622830 V1.0: Multiple Vulnerabilities in JT2Go and Teamcenter Visualization ∗∗∗
---------------------------------------------
JT2Go and Teamcenter Visualization are affected by multiple vulnerabilities that could lead to arbitrary code execution or data extraction on the target host system. Siemens has released updates for both affected products and recommends to update to the latest versions. Siemens is also preparing further updates and recommends specific countermeasures until remaining fixes are available.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-622830.txt


∗∗∗ SSA-979834 V1.0: Multiple vulnerabilities in Solid Edge ∗∗∗
---------------------------------------------
Solid Edge is affected by multiple vulnerabilities that could allow arbitrary code execution on an affected system. Siemens has released an update for Solid Edge and recommends to update to the latest version.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-979834.txt


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (chromium), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), Slackware (sudo), SUSE (firefox, nodejs10, nodejs12, and nodejs14), and Ubuntu (apt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-hwe-5.8, linux-oem-5.6, linux-oracle, linux-oracle-5.4, nvidia-graphics-drivers-390, nvidia-graphics-drivers-450, nvidia-graphics-drivers-460, python-apt, and [...]
---------------------------------------------
https://lwn.net/Articles/842382/


∗∗∗ [20210103] - Core - XSS in com_tags image parameters ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/838-20210103-core-xss-in-com-tags-image-parameters.html


∗∗∗ [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/837-20210102-core-xss-in-mod-breadcrumbs-aria-label-attribute.html


∗∗∗ [20210101] - Core - com_modules exposes module names ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/836-20210101-core-com-modules-exposes-module-names.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily