[CERT-daily] Tageszusammenfassung - 05.05.2021

Wed May 5 18:10:34 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-05-2021 18:00 − Mittwoch 05-05-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Quick and dirty Python: masscan, (Tue, May 4th) ∗∗∗
---------------------------------------------
The last couple of years I have been trying to ramp up on Python and am increasingly finding that these complicated shell code scripts can be elegantly implemented in Python. The resulting code is way easier to read and way more supportable.
---------------------------------------------
https://isc.sans.edu/diary/rss/27384


∗∗∗ Introducing Baserunner: a tool for exploring and exploiting Firebase datastores ∗∗∗
---------------------------------------------
In this post well be looking at some risks posed by Firebase, a popular serverless application platform.
---------------------------------------------
https://iosiro.com/blog/baserunner-exploiting-firebase-datastores


∗∗∗ How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps ∗∗∗
---------------------------------------------
Open authorization or “OAuth” apps add business features and user-interface enhancements to major cloud platforms such as Microsoft 365 and Google Workspace. Unfortunately, they’re also a new threat vector [...]
---------------------------------------------
https://www.proofpoint.com/us/blog/email-and-cloud-threats/how-attackers-use-compromised-accounts-create-and-distribute-malicious


∗∗∗ How to Stop the Popups ∗∗∗
---------------------------------------------
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others.
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-to-stop-the-popups/


∗∗∗ Tour de Peloton: Exposed user data ∗∗∗
---------------------------------------------
An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode.
---------------------------------------------
https://www.pentestpartners.com/security-blog/tour-de-peloton-exposed-user-data/


∗∗∗ Wunderheilmittel Entgiftungspflaster? Vorsicht bei Bestellungen auf nuubu.com! ∗∗∗
---------------------------------------------
Die körperliche und psychische Gesundheit mit Hilfe eines Entgiftungspflasters steigern? Das verspricht die litauische Firma „UAB Ekomlita“, die die Webseite nuubu.com betreibt. Wir raten jedoch zu Vorsicht: Rechtliche Vorgaben werden nicht eingehalten.
---------------------------------------------
https://www.watchlist-internet.at/news/wunderheilmittel-entgiftungspflaster-vorsicht-bei-bestellungen-auf-nuubucom/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Kritische Root-Lücken bedrohen Exim-Mail-Server ∗∗∗
---------------------------------------------
Bei einer Untersuchung des Codes von Exim sind Sicherheitsforscher auf 21 Sicherheitslücken gestoßen. Angreifer könnten ganze Server übernehmen.
---------------------------------------------
https://heise.de/-6036724


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cgal, exim4, and mediawiki), Fedora (axel, libmicrohttpd, libtpms, perl-Image-ExifTool, pngcheck, python-yara, and yara), Gentoo (exim), Mageia (kernel-linus), openSUSE (bind and postsrsd), SUSE (avahi, openexr, p7zip, python-Pygments, python36, samba, sca-patterns-sle11, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450, nvidia-graphics-drivers-450-server,[...]
---------------------------------------------
https://lwn.net/Articles/855462/


∗∗∗ Advantech WISE-PaaS RMM ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Advantech WISE-PaaS RMM, a software platform focused on IoT device remote monitoring and management.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01


∗∗∗ Delta Electronics CNCSoft ScreenEditor ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Out-of-bounds Write vulnerability in Delta Electronics CNCSoft ScreenEditor software management platform.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication (CVE-2020-4979) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-insecure-inter-deployment-communication-cve-2020-4979/


∗∗∗ Security Bulletin: Issues in IBM® Java™ SDK Technology Edition affects IBM Security Identity Manager Virtual Appliance (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-issues-in-ibm-java-sdk-technology-edition-affects-ibm-security-identity-manager-virtual-appliance-cve-2020-14577-cve-2020-14578-cve-2020-14579/


∗∗∗ Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-contains-hard-coded-credentials-cve-2021-20401-cve-2020-4932/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2020-4929) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2020-4929/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-apache-httpclient-2/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal (CVE-2020-4993) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-path-traversal-cve-2020-4993/


∗∗∗ Security Bulletin: IBM QRadar SIEM may be vulnerable to a XML External Entity Injection attack (XXE) (CVE-2020-5013) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-may-be-vulnerable-to-a-xml-external-entity-injection-attack-xxe-cve-2020-5013/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Cross domain information disclosure (CVE-2020-4883) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-domain-information-disclosure-cve-2020-4883/


∗∗∗ Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13943) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2020-13943/


∗∗∗ CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k ∗∗∗
---------------------------------------------
https://www.thezdi.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily