[CERT-daily] Tageszusammenfassung - 23.03.2021

Tue Mar 23 18:19:01 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 22-03-2021 18:00 − Dienstag 23-03-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ A Popular Remote Lesson Monitoring Program Might be Exploited by Attackers ∗∗∗
---------------------------------------------
Netop is a software specialized in providing visibility over student activities, that lets teachers see what their students see, in this way the teachers can also share their screen, lock student screens and keyboards and block websites with the click of a button. The software designed and advertised for helping teachers keep control of lessons [...]
---------------------------------------------
https://heimdalsecurity.com/blog/lesson-monitoring-program-exploited/


∗∗∗ Secure containerized environments with updated threat matrix for Kubernetes ∗∗∗
---------------------------------------------
The updated threat matrix for Kubernetes adds new techniques found by Microsoft researchers, as well as techniques that were suggested by the community.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/


∗∗∗ Nim Strings, (Mon, Mar 22nd) ∗∗∗
---------------------------------------------
On Tuesday's Stormcast, Johannes talked about malware written in the Nim Programming language.
---------------------------------------------
https://isc.sans.edu/diary/rss/27230


∗∗∗ Intel-Prozessoren: Zwei undokumentierte Befehle für Microcode enttarnt ∗∗∗
---------------------------------------------
Sicherheitsexperten entdecken Befehle, mit denen sich das Verhalten von Intel-Prozessoren ändern lässt - bisher jedoch nur in einem speziellen Debugging-Modus.
---------------------------------------------
https://heise.de/-5994965


∗∗∗ Erpressung per E-Mail: Kriminelle fordern Bitcoins ∗∗∗
---------------------------------------------
Momentan werden vermehrt betrügerische Erpressungsmails versendet. Kriminelle behaupten darin, sie hätten Ihre Geräte gehackt und könnten nun alles was Sie tun, live beobachten. Angeblich hätten sie Beweise, dass Sie regelmäßig auf Porno-Seiten surfen. Sogar ein Video, das Sie beim Masturbieren zeigt, sollte existieren. Damit dieses von den Kriminellen nicht veröffentlicht wird, fordern sie die Überweisung von Bitcoins.
---------------------------------------------
https://www.watchlist-internet.at/news/erpressung-per-e-mail-kriminelle-fordern-bitcoins/


∗∗∗ Ransomware gangs have found another set of new targets: Schools and universities ∗∗∗
---------------------------------------------
National Cyber Security Centre issues advice on how to protect networks from cyber criminals after a spike in ransomware attacks causing disruption across the education sector over the last month
---------------------------------------------
https://www.zdnet.com/article/ransomware-attacks-against-schools-are-rocketing-with-students-coursework-encrypted/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Neue Versionen: Firefox 87, Firefox ESR und Thunderbird 78.9 mit Security-Fixes ∗∗∗
---------------------------------------------
Updates für Firefox, Firefox ESR und den E-Mail-Client Thunderbird umfassen neben funktionalen Neuerungen auch Fixes für Schwachstellen.
---------------------------------------------
https://heise.de/-5996236


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dnsmasq, libmediainfo, and mariadb-10.1), Fedora (dotnet5.0, moodle, and radare2), Mageia (kernel and kernel-linus), Oracle (python27:2.7, python36:3.6, and python38:3.8), Red Hat (pki-core:10.6), and Ubuntu (privoxy).
---------------------------------------------
https://lwn.net/Articles/850188/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
---------------------------------------------
https://webkitgtk.org/security/WSA-2021-0002.html


∗∗∗ Synology-SA-21:12 Synology Calendar ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Synology Calendar.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_12


∗∗∗ Weintek EasyWeb cMT ∗∗∗
---------------------------------------------
This advisory contains mitigations for Code Injection, Improper Access Control, and Cross-site Scripting vulnerabilities in Weintek EasyWeb cMT human-machine interface (HMI) products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-082-01


∗∗∗ GE MU320E ∗∗∗
---------------------------------------------
This advisory contains mitigations for Use of Hard-coded Password, Execution with Unnecessary Privileges, and Inadequate Encryption Strength vulnerabilities in GE MU320E firmware.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02


∗∗∗ GE Reason DR60 ∗∗∗
---------------------------------------------
This advisory contains mitigations for Hard-coded Password, Code Injection, and Execution with Unnecessary Privileges vulnerabilities in GE Reason DR60 digital fault recorder products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03


∗∗∗ Ovarro TBox ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-21-054-04P Ovarro TBox that posted to the HSIN ICS library on February 23, 2021 This advisory contains mitigations for Code Injection, Incorrect Permission Assignment for Critical Resource, Uncontrolled Resource Consumption, Insufficiently Protected Credentials, and Use of Hard-coded Cryptographic Key vulnerabilities in Ovarro TBox remote terminal units (RTUs).
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-054-04


∗∗∗ Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2021-20336, CVE-2020-17530) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-is-affecting-tivoli-netcool-omnibus-webgui-cve-2021-20336-cve-2020-17530-2/


∗∗∗ Security Bulletin: Lift ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-lift/


∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0299

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily