===================== = End-of-Day report = =====================
Timeframe: Montag 15-02-2021 18:00 − Dienstag 16-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Cyberattack on Dutch Research Council (NWO) suspends research grants ∗∗∗ --------------------------------------------- Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cyberattack-on-dutch-research...
∗∗∗ Microsoft pulls Windows KB4601392 for blocking security updates ∗∗∗ --------------------------------------------- Microsoft has pulled a problematic Windows servicing stack update (SSU) after blocking Windows 10 and Windows Server customers from installing the security updates released during this month Patch Tuesday. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb46...
∗∗∗ Sandworm: Frankreich meldet jahrelangen staatlichen Hack auf Server ∗∗∗ --------------------------------------------- Ähnlich wie bei dem Solarwinds-Hack soll es jahrelang Angriffe auf die freie Monitoring-Software Centreon gegeben haben. --------------------------------------------- https://www.golem.de/news/sandworm-frankreich-meldet-jahrelangen-staatlichen...
∗∗∗ More weirdness on TCP port 26, (Tue, Feb 16th) ∗∗∗ --------------------------------------------- A little over a year ago, I wrote a diary asking what was going on with traffic on TCP port 26. So, last week when I noticed another spike on port 26, I decided to take another look. --------------------------------------------- https://isc.sans.edu/diary/rss/27106
∗∗∗ Corona Hilfe für Unternehmen: Gefälschtes E-Mail im Namen des Bundesministeriums für Soziales im Umlauf ∗∗∗ --------------------------------------------- Zahlreiche UnternehmerInnen finden aktuell ein E-Mail mit dem Betreff "Überbrückungshilfe III - Informationen und Unterstützung für Unternehmen", angeblich vom Bundesministerium für Soziales, in ihrem Posteingang. Vorsicht: Dieses E-Mail stammt von Kriminellen und beinhaltet Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/corona-hilfe-fuer-unternehmen-gefaels...
===================== = Vulnerabilities = =====================
∗∗∗ Malvertisers exploited browser zero-day to redirect users to scams ∗∗∗ --------------------------------------------- The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malvertisers-exploited-browse...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (spip), Mageia (chromium-browser, kernel, kernel-linus, and trojita), openSUSE (mumble and opera), Red Hat (container-tools:rhel8, java-1.8.0-ibm, kernel, kernel-rt, net-snmp, nodejs:10, nodejs:12, nodejs:14, nss, perl, python, and rh-nodejs10-nodejs), and SUSE (jasper, python-bottle, and python-urllib3). --------------------------------------------- https://lwn.net/Articles/846395/
∗∗∗ Security bugs left unpatched in Android app with one billion downloads ∗∗∗ --------------------------------------------- The vulnerabilities impact SHAREit, an app used for sharing files between users and their devices. --------------------------------------------- https://www.zdnet.com/article/security-bugs-left-unpatched-in-android-app-wi...
∗∗∗ Calsos CSDJ fails to restrict access permissions ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN87164507/
∗∗∗ FileZen vulnerable to OS command injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN58774946/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2021 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ XSA-365 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-365.html
∗∗∗ XSA-364 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-364.html
∗∗∗ XSA-363 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-363.html
∗∗∗ XSA-362 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-362.html
∗∗∗ XSA-361 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-361.html
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0178