[CERT-daily] Tageszusammenfassung - 28.01.2021

Daily end-of-shift report team at cert.at
Thu Jan 28 18:10:45 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 27-01-2021 18:00 − Donnerstag 28-01-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Emotet vs. Windows Attack Surface Reduction, (Thu, Jan 28th) ∗∗∗
---------------------------------------------
Emotet malware in the form of malicious Word documents continued to make the rounds over the past weeks, and the samples initially often had pretty poor anti-virus coverage (Virustotal).
---------------------------------------------
https://isc.sans.edu/diary/rss/27036


∗∗∗ Italy CERT Warns of a New Credential Stealing Android Malware ∗∗∗
---------------------------------------------
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
---------------------------------------------
https://thehackernews.com/2021/01/italy-cert-warns-of-new-credential.html


∗∗∗ CISA Malware Analysis on Supernova ∗∗∗
---------------------------------------------
CISA has released a malware analysis report on Supernova malware affecting unpatched SolarWinds Orion software. The report contains indicators of compromise (IOCs) and analyzes several malicious artifacts.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/01/27/cisa-malware-analysis-supernova


∗∗∗ Pro-Ocean: Rocke Group’s New Cryptojacking Malware ∗∗∗
---------------------------------------------
In 2019, Unit 42 researchers documented cloud-targeted malware used by the Rocke Group to conduct cryptojacking attacks to mine for Monero.
---------------------------------------------
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/


∗∗∗ US and Bulgarian authorities disrupt NetWalker ransomware operation ∗∗∗
---------------------------------------------
Authorities seize dark web domains, charge a Canadian, and seize $454,000 in cryptocurrency.
---------------------------------------------
https://www.zdnet.com/article/us-and-bulgarian-authorities-dirsupt-netwalker-ransomware-operation/


∗∗∗ Stack Overflow: Heres what happened when we were hacked back in 2019 ∗∗∗
---------------------------------------------
Company goes into detail on how a hacker used Overflows community knowledge-sharing to figure out how to hack it back in 2019.
---------------------------------------------
https://www.zdnet.com/article/stack-overflow-heres-what-happened-when-we-were-hacked-back-in-2019/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Google Chrome blocks 7 more ports to stop NAT Slipstreaming attacks ∗∗∗
---------------------------------------------
Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-chrome-blocks-7-more-ports-to-stop-nat-slipstreaming-attacks/


∗∗∗ The Wordfence 2020 WordPress Threat Report ∗∗∗
---------------------------------------------
Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress [...]
---------------------------------------------
https://www.wordfence.com/blog/2021/01/the-wordfence-2020-wordpress-threat-report/


∗∗∗ Windows Installer Local Privilege Escalation 0day Gets a Micropatch ∗∗∗
---------------------------------------------
On December 26, security researcher Abdelhamid Naceri published a blog post with a number of 0days in various security products and a local privilege escalation 0day in Windows Installer.
---------------------------------------------
https://blog.0patch.com/2021/01/windows-installer-local-privilege.html


∗∗∗ Local Privilege Escalation 0day in PsExec Gets a Micropatch ∗∗∗
---------------------------------------------
Update 1/28/2021: Since our publication of micropatch for PsExec version 2.2, PsExec has been updated to versions 2.30, 2.31 and finally 2.32. where it still resides today. David was able to update his POC for each version so the current version 2.32. is still vulnerable to the same attack.
---------------------------------------------
https://blog.0patch.com/2021/01/local-privilege-escalation-0day-in.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ansible, firefox-esr, and slurm-llnl), Fedora (firefox, nss, php-pear, seamonkey, and thunderbird), Gentoo (phpmyadmin and telegram-desktop), openSUSE (chromium and python-autobahn), Oracle (firefox and sudo), Red Hat (firefox), Scientific Linux (firefox), and Ubuntu (ceph, kernel, linux, linux-lts-xenial, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-aws, linux-kvm, linux-oracle, linux-raspi2,[...]
---------------------------------------------
https://lwn.net/Articles/844366/


∗∗∗ SECURITY BULLETIN: January 2021 Security Bulletin for Trend Micro OfficeScan XG SP1 ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000284205


∗∗∗ SECURITY BULLETIN: January 2021 Security Bulletin for Trend Micro Apex One and Apex One as a Service ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000284202


∗∗∗ SECURITY BULLETIN: January 2021 Security Bulletin for Trend Micro Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000284206


∗∗∗ JasPer: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0100


∗∗∗ Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0099

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list