===================== = End-of-Day report = =====================
Timeframe: Dienstag 19-01-2021 18:00 − Mittwoch 20-01-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Qakbot activity resumes after holiday break, (Wed, Jan 20th) ∗∗∗ --------------------------------------------- It had been relatively quiet for Qakbot until Tuesday 2021-01-19, when we started seeing malicious spam (malspam) pushing Qakbot again. --------------------------------------------- https://isc.sans.edu/diary/rss/27008
∗∗∗ Google Poject Zero: The State of State Machines ∗∗∗ --------------------------------------------- On January 29, 2019, a serious vulnerability was discovered in Group FaceTime. --------------------------------------------- https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.h...
∗∗∗ Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments ∗∗∗ --------------------------------------------- A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targete...
∗∗∗ Abuse.ch URLhaus als neue Datenquelle für unsere Aussendungen aufgenommen ∗∗∗ --------------------------------------------- Seit Mittwoch, 13. Jänner 2020 senden wir die Daten der URLhaus Feeds des abuse.ch-Projekts in unseren regelmäßigen Benachrichtigungen an Netzbetreiber aus. Die Feeds umfassen URLs, die Malwaredateien diverser Schadsoftwarefamilien hosten. --------------------------------------------- https://cert.at/de/blog/2021/1/abusech-urlhaus-als-neue-datenquelle-fur-unse...
===================== = Vulnerabilities = =====================
∗∗∗ Oracle Critical Patch Update Advisory - January 2021 ∗∗∗ --------------------------------------------- This Critical Patch Update contains 329 new security patches. --------------------------------------------- https://www.oracle.com/security-alerts/cpujan2021.html
∗∗∗ Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 ∗∗∗ --------------------------------------------- In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardeni...
∗∗∗ Cisco Security Advisories 2021-01-20 ∗∗∗ --------------------------------------------- 4 Critical, 9 High, 18 Medium severity --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&se...
∗∗∗ Rechteausweitung: Kritische Lücke in älteren iOS- und macOS-Versionen ∗∗∗ --------------------------------------------- Der Bug in Apples XPC-Schnittstelle lässt sich ausnutzen, um erweiterte Rechte zu erlangen, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-5030842
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (coturn, dovecot, glibc, and sudo), Mageia (openldap and resource-agents), openSUSE (dnsmasq, python-jupyter_notebook, viewvc, and vlc), Oracle (dnsmasq and xstream), SUSE (perl-Convert-ASN1, postgresql, postgresql13, and xstream), and Ubuntu (nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server, pillow, pyxdg, and thunderbird). --------------------------------------------- https://lwn.net/Articles/843255/
∗∗∗ Two Vulnerabilities in Bosch Fire Monitoring System (FSM) ∗∗∗ --------------------------------------------- BOSCH-SA-332072-BT: Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). The critical issue applies to FSM systems with versions 5.2 and lower. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-332072-bt.html
∗∗∗ Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-...
∗∗∗ Security Advisory - Inconsistent Interpretation of HTTP Requests Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210120-0...
∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210120-0...
∗∗∗ Intel Ethernet 700 Series Controllers vulnerabilities CVE-2020-8690, CVE-2020-8691, CVE-2020-8692, and CVE-2020-8693 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28563873
∗∗∗ MISP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0057