===================== = End-of-Day report = =====================
Timeframe: Mittwoch 17-02-2021 18:00 − Donnerstag 18-02-2021 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl
===================== = News = =====================
∗∗∗ How to Not Give a Scam ∗∗∗ --------------------------------------------- Learn about tactics attackers use for extortion emails and how to build a picture around raw data as the DomainTools team leads an investigation into a sextortion scam. --------------------------------------------- https://www.domaintools.com/resources/blog/how-to-not-give-a-scam
∗∗∗ Mac Malware Targets Apple’s In-House M1 Processor ∗∗∗ --------------------------------------------- A malicious adware-distributing application specifically targets Apples new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices. --------------------------------------------- https://threatpost.com/macos-malware-apple-m1-processor/164075/
∗∗∗ Covid‑19‑Impfstoffe: Gefahr durch Betrugsmails und Falschmeldungen ∗∗∗ --------------------------------------------- Die weltweit anlaufenden Impfkampagnen sind der langersehnte Lichtblick beim Kampf gegen die Pandemie. Gleichzeitig haben auch Betrüger und Verbreiter von Falschmeldungen das Thema Impfstoffe für sich entdeckt. --------------------------------------------- https://www.welivesecurity.com/deutsch/2021/02/17/covid-19-impfstoffe-gefahr...
===================== = Vulnerabilities = =====================
∗∗∗ CVE-2020-8625: A vulnerability in BINDs GSSAPI security policy negotiation can be targeted by a buffer overflow attack ∗∗∗ --------------------------------------------- This vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features. Solution: Upgrade to the patched release most closely related to your current version of BIND --------------------------------------------- https://kb.isc.org/docs/cve-2020-8625
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mumble, openssl, php7.3, and webkit2gtk), openSUSE (jasper, php7, and screen), SUSE (bind, php7, and php72), and Ubuntu (bind9, openssl, openssl1.0, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/846623/
∗∗∗ Security Bulletin: A security vulnerability in Node.js y18n module affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4933) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-aff...
∗∗∗ Security Bulletin: Vulnerability has been identified in SnakeYAML used by IBM Dependency Based Build ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-has-been-ide...
∗∗∗ Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-data-loader-max...
∗∗∗ Security Bulletin: A security vulnerability in Node.js ini module affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-data-loader-max...
∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple BIND vulnerabilities (CVE-2020-8622, CVE-2020-8623, CVE-2020-8624) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affect...
∗∗∗ February 16, 2021 TNS-2021-02 [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2021-02
∗∗∗ XSA-366 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-366.html
∗∗∗ Jira Server for Slack Security Advisory 17th February 2021 ∗∗∗ --------------------------------------------- https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisor...