[CERT-daily] Tageszusammenfassung - 25.01.2021

Mon Jan 25 18:11:16 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 22-01-2021 18:00 − Montag 25-01-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Security baseline for Microsoft Edge, version 88 ∗∗∗
---------------------------------------------
We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 88!   We have reviewed the settings in Microsoft Edge version 88 and updated our guidance with the addition of one setting that we will explain below. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the version 88 package from the Security Compliance Toolkit.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-88/ba-p/2094443


∗∗∗ Video: Doc & RTF Malicious Document, (Sun, Jan 24th) ∗∗∗
---------------------------------------------
I made a video for my diary entry "Doc & RTF Malicious Document". And I show a new feature of my tool re-search.py, that helps with filtering URLs found in OOXML files.
---------------------------------------------
https://isc.sans.edu/diary/rss/27022


∗∗∗ Scanning for Accessible MS-RDPEUDP services ∗∗∗
---------------------------------------------
We have started daily IPv4 /0 scanning for exposed MS-RDPEUDP instances on port 3389/UDP. Aside from the usual risks associated with exposing RDP services to the Internet, this UDP extension of the popular RDP services has been found to be susceptible to amplification DDoS abuse with an amplification factor of over 84. Over 12 000 instances of MS-RDPEUDP have been found to be accessible on the IPv4 Internet.
---------------------------------------------
https://www.shadowserver.org/news/scanning-for-accessible-ms-rdpeudp-services/


∗∗∗ RIFT: Analysing a Lazarus Shellcode Execution Method ∗∗∗
---------------------------------------------
After analysing the macro document, and pivoting on the macro, NCC Group’s RIFT identified a number of other similar documents. In these documents we came across an interesting technique being used to execute shellcode from VBA without the use of common “suspicious” APIs, such as VirtualAlloc, WriteProcessMemory or CreateThread – which may be detected by end point protection solutions. Instead, the macro documents abuse “benign” Windows API features toachieve code-execution.
---------------------------------------------
https://research.nccgroup.com/2021/01/23/rift-analysing-a-lazarus-shellcode-execution-method/


∗∗∗ Firewall-Hersteller SonicWall untersucht mögliche Zero-Day-Lücken in Produkten ∗∗∗
---------------------------------------------
Angreifer haben bislang unbekannte Lücken in SonicWall-Produkten ausgenutzt, um ins System des Herstellers einzudringen.
---------------------------------------------
https://heise.de/-5033933


∗∗∗ Von niedrig bis kritisch: Schwachstellenbewertung mit CVSS ∗∗∗
---------------------------------------------
Das Common Vulnerability Scoring System hilft bei der Bewertung von Schwachstellen. Wir erklären Funktionsweise und Grenzen des Systems.
---------------------------------------------
https://heise.de/-5031983


∗∗∗ DNSpooq: Wie sehr spukts in Österreich? ∗∗∗
---------------------------------------------
Am 2021-01-19 veröffentlichte JSOF eine Reihe von Schwachstellen in dnsmasq, einer populären DNS-Resolver Software für kleine Netzwerke. Ihr Blogpost dazu fasst diese Lücken unter dem Namen “DNSpooq" zusammen und beschreibt zwei mögliche Angriffsszenarien: ...
---------------------------------------------
https://cert.at/de/aktuelles/2021/1/dnspooq-wie-sehr-spukts-in-osterreich


∗∗∗ Rückblick auf das letzte Drittel 2020 ∗∗∗
---------------------------------------------
Vorfälle und Aussendungen: ZeroLogon, Emotet, Microsoft Exchange CVE-2020-0688, Windows Server ohne Support, Ungepatchte Sophos Firewall XG Instanzen, SonicOS DoS und RCE, cit0day Leak, Ein Leak kommt selten allein, ...
---------------------------------------------
https://cert.at/de/blog/2021/1/ruckblick-auf-das-letzte-drittel-2020


=====================
=  Vulnerabilities  =
=====================

∗∗∗ BlackBerry Powered by Android Security Bulletin - January 2021 ∗∗∗
---------------------------------------------
This advisory is in response to the Android Security Bulletin (January 2021) and addresses issues in that Security Bulletin that affect BlackBerry powered by Android smartphones.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000073450


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (crmsh, debian-security-support, flatpak, gst-plugins-bad1.0, openvswitch, python-bottle, salt, tomcat9, and vlc), Fedora (chromium, python-pillow, sddm, and xen), Gentoo (chromium, dnsmasq, flatpak, glibc, kdeconnect, openjdk, python, thunderbird, virtualbox, and wireshark), Mageia (blosc, crmsh, glibc, perl-DBI, php-oojs-oojs-ui, python-pip, python-urllib3, and undertow), openSUSE (gdk-pixbuf, hawk2, ImageMagick, opera, python-autobahn, viewvc, wavpack, xstream), Red Hat (dnsmasq), Slackware (seamonkey), SUSE (ImageMagick, hawk2, mutt, permissions, stunnel) and Ubuntu (pound).
---------------------------------------------
https://lwn.net/Articles/843855/


∗∗∗ Cisco DNA Center Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-csrf-dC83cMcV


∗∗∗ Synology-SA-21:01 DNSpooq ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily