===================== = End-of-Day report = =====================
Timeframe: Dienstag 09-02-2021 18:00 − Mittwoch 10-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Rinfo Is Making A Comeback and Is Scanning and Mining in Full Speed ∗∗∗ --------------------------------------------- In 2018 we blogged about a scanning&mining botnet family that uses ngrok.io to propagate samples: "A New Mining Botnet Blends Its C2s into ngrok Service", and since mid-October 2020, our BotMon system started to see a new variant of this family [...] --------------------------------------------- https://blog.netlab.360.com/rinfo-is-making-a-comeback-and-is-scanning-and-m...
∗∗∗ Kaufen Sie keine Paysafecard um Zollgebühren zu bezahlen! ∗∗∗ --------------------------------------------- Eine neue Massenmail landet derzeit im Posteingang zahlreicher InternetnutzerInnen. Die Nachricht wird angeblich vom Kundenservice des deutschen oder schweizerischen Zolls gesendet. --------------------------------------------- https://www.watchlist-internet.at/news/kaufen-sie-keine-paysafecard-um-zollg...
===================== = Vulnerabilities = =====================
∗∗∗ Apple fixes SUDO root privilege escalation flaw in macOS ∗∗∗ --------------------------------------------- Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-...
∗∗∗ Confusion Attack: Microsoft warnt vor einfacher Übernahme interner Pakete ∗∗∗ --------------------------------------------- Haben internes und externes Paket den gleichen Namen, lassen sich Trojaner einschleusen. --------------------------------------------- https://www.golem.de/news/confusion-attack-microsoft-warnt-vor-einfacher-ueb...
∗∗∗ Microsoft February 2021 Patch Tuesday, (Tue, Feb 9th) ∗∗∗ --------------------------------------------- This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed. --------------------------------------------- https://isc.sans.edu/diary/rss/27080
∗∗∗ Patchday: Adobe kümmert sich um kritische Lücken in Acrobat, Photoshop & Co. ∗∗∗ --------------------------------------------- Derzeit haben es Angreifer auf Windows-Nutzer mit Adobe Reader abgesehen. Sicherheitsupdates stehen zum Download bereit. --------------------------------------------- https://heise.de/-5050997
∗∗∗ Patchday: Intel stellt aktualisierte Treiber, Firm- und Software bereit ∗∗∗ --------------------------------------------- Von Intel diesmal meist als Downloads für Endnutzer verfügbare Updates beseitigen Schwachstellen mit teils hoher Gefahreneinstufung aus diversen Produkten. --------------------------------------------- https://heise.de/-5051084
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (connman, firejail, libzstd, slirp, and xcftools), Fedora (chromium, jackson-databind, and privoxy), openSUSE (chromium), Oracle (kernel and kernel-container), Slackware (dnsmasq), SUSE (java-11-openjdk, kernel, and python), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oem-5.6, linux-oracle, linux-raspi, linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3, openjdk-8, openjdk-lts, and snapd). --------------------------------------------- https://lwn.net/Articles/845602/
∗∗∗ This old security vulnerability left millions of Internet of Things devices vulnerable to attacks ∗∗∗ --------------------------------------------- Historys repeating, warn security researchers, who find that a computer security issue thats been known about for decades could be used to manipulate IoT devices - so apply the patches now. --------------------------------------------- https://www.zdnet.com/article/this-old-security-vulnerability-left-millions-...
∗∗∗ GE Digital HMI/SCADA iFIX ∗∗∗ --------------------------------------------- This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource vulnerabilities in the GE Digital HMI/SCADA iFIX software component. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01
∗∗∗ Advantech iView ∗∗∗ --------------------------------------------- This advisory contains mitigations for SQL Injection, Path Traversal, and Missing Authentication for Critical Function vulnerabilities in the Advantech iView device management application. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02
∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-0...
∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-0...
∗∗∗ Security Bulletin: IBM MQ is vulnerable to an error within Eclipse Jetty (CVE-2020-27216) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4791) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analys...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4995) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4795) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2016-2183) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has...
∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Arbitrary File Read (CVE-2020-4789) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnera...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an "Apache CXF" jar vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4790) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...