===================== = End-of-Day report = =====================
Timeframe: Donnerstag 10-06-2021 18:00 − Freitag 11-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Keeping an Eye on Dangerous Python Modules, (Fri, Jun 11th) ∗∗∗ --------------------------------------------- With Python getting more and more popular, especially on Microsoft Operating systems, it's common to find malicious Python scripts today. --------------------------------------------- https://isc.sans.edu/diary/rss/27514
∗∗∗ SQL Injection: Gezielte Maßnahmen statt Block Lists ∗∗∗ --------------------------------------------- Bei Schwachstellen im Web nimmt SQL Injection nach wie vor eine führende Rolle ein, dabei ist die Abwehr gar nicht schwer. --------------------------------------------- https://heise.de/-6067640
∗∗∗ Why hackers don’t fly coach ∗∗∗ --------------------------------------------- Physical security is relied on too heavily for cabin-based systems on the Airline Information Services Domain (AISD). --------------------------------------------- https://www.pentestpartners.com/security-blog/why-hackers-dont-fly-coach/
∗∗∗ Unbefugter Zugriff auf Ihr PayPal-Konto? Ignorieren Sie diese E-Mail! ∗∗∗ --------------------------------------------- Aktuell versenden Kriminelle eine Phishing-Mail im Namen von PayPal. Angeblich gäbe es ungewöhnliche Aktivitäten auf Ihrem PayPal-Konto. Daher müssten Sie sich einloggen und Ihre Identität bestätigen. Gehen Sie nicht auf die Forderungen ein. Kriminelle versuchen Zugang zu Ihrem PayPal-Konto zu bekommen. --------------------------------------------- https://www.watchlist-internet.at/news/unbefugter-zugriff-auf-ihr-paypal-kon...
∗∗∗ Proxy Windows Tooling via SOCKS ∗∗∗ --------------------------------------------- Leveraging SOCKS to proxy tools from a Windows attacker machine through a compromised host is a topic that contains some nuance and room for confusion. --------------------------------------------- https://posts.specterops.io/proxy-windows-tooling-via-socks-c1af66daeef3
∗∗∗ BackdoorDiplomacy: Upgrading from Quarian to Turian ∗∗∗ --------------------------------------------- ESET researchers discover a new campaign that evolved from the Quarian backdoor. --------------------------------------------- https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quaria...
∗∗∗ Breaking SSL Locks: App Developers Behaving Badly ∗∗∗ --------------------------------------------- Symantec analyzed five years’ worth of Android and iOS apps to see how many are sending data securely. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mob...
∗∗∗ Authorities seize SlilPP, a marketplace for stolen login credentials ∗∗∗ --------------------------------------------- The US Department of Justice announced today it seized the servers and domains of SlilPP, a well-known online marketplace where criminal groups assembled to trade stolen login credentials. --------------------------------------------- https://therecord.media/authorities-seize-slilpp-a-marketplace-for-stolen-lo...
===================== = Vulnerabilities = =====================
∗∗∗ Hackers can exploit bugs in Samsung pre-installed apps to spy on users ∗∗∗ --------------------------------------------- Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-can-exploit-bugs-in-s...
∗∗∗ Qnap sichert Switches und Netzwerkspeicher vor unberechtigten Zugriffen ab ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Netzwerkgeräte von Qnap. --------------------------------------------- https://heise.de/-6068667
∗∗∗ Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (GitHub blog) ∗∗∗ --------------------------------------------- On the GitHub blog, Kevin Backhouse writes about a privilege escalation vulnerability in polkit, which enables an unprivileged local user to get a root shell on the system. CVE-2021-3560 is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request. --------------------------------------------- https://lwn.net/Articles/859064/
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libwebp), Fedora (firefox, lasso, mod_auth_openidc, nginx, redis, and squid), Oracle (.NET 5.0, container-tools:2.0, dhcp, gupnp, hivex, kernel, krb5, libwebp, nginx:1.16, postgresql:10, and postgresql:9.6), SUSE (containerd, docker, runc, csync2, and salt), and Ubuntu (libimage-exiftool-perl, libwebp, and rpcbind). --------------------------------------------- https://lwn.net/Articles/859192/
∗∗∗ WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN70566757/
∗∗∗ Sonicwall SRA 4600 Targeted By an Old Vulnerability, (Fri, Jun 11th) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/27518
∗∗∗ ZDI-21-682: (0Day) D-Link DAP-1330 HNAP Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-682/
∗∗∗ ZDI-21-681: (0Day) D-Link DAP-1330 lighttpd http_parse_request Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-681/
∗∗∗ ZDI-21-680: (0Day) D-Link DAP-1330 lighttpd get_soap_action Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-680/
∗∗∗ ZDI-21-679: (0Day) D-Link DAP-1330 HNAP checkValidRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-679/
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability (CVE-2021-29754) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-serv...
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects TPF Toolkit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-...
∗∗∗ Security Bulletin: IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to cacheable SSL Pages (CVE-2021-20396) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analys...
∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0652