[CERT-daily] Tageszusammenfassung - 09.12.2020
Daily end-of-shift report
team at cert.at
Wed Dec 9 18:48:11 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 07-12-2020 18:00 − Mittwoch 09-12-2020 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Credit card stealing malware bundles backdoor for easy reinstall ∗∗∗
---------------------------------------------
An almost impossible to remove malware set to automatically activate on Black Friday was deployed on multiple Magento-powered online stores by threat actors according to researchers at Dutch cyber-security company Sansec.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-bundles-backdoor-for-easy-reinstall/
∗∗∗ Microsoft fixes new Windows Kerberos security bug in staged rollout ∗∗∗
---------------------------------------------
Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/
∗∗∗ IT-Security: Hacker klauen Hacking-Werkzeuge von Fireeye ∗∗∗
---------------------------------------------
Das Security-Unternehmen versucht nun, das Schlimmste zu verhindern und gibt Tipps gegen die eigenen Angriffswerkzeuge.
---------------------------------------------
https://www.golem.de/news/it-security-hacker-klauen-hacking-werkzeuge-von-fireeye-2012-152688-rss.html
∗∗∗ OpenSSL behebt Speicherfehler ∗∗∗
---------------------------------------------
Ein Update beseitigt einen Null-Pointer-Zugriff, der laut Advisory zum Absturz führen kann.
---------------------------------------------
https://heise.de/-4985050
∗∗∗ Threat Assessment: Egregor Ransomware ∗∗∗
---------------------------------------------
Unit 42 shares courses of action that can help mitigate tactics, techniques and procedures used with Egregor ransomware.
---------------------------------------------
https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/
∗∗∗ njRAT Spreading Through Active Pastebin Command and Control Tunnel ∗∗∗
---------------------------------------------
Malware authors have been leveraging njRAT (AKA Bladabindi), a Remote Access trojan), to download and deliver second-stage payloads from Pastebin.
---------------------------------------------
https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control/
∗∗∗ Achtung: Kriminelle versenden betrügerische Mails im Namen von FinanzOnline ∗∗∗
---------------------------------------------
Derzeit versenden BetrügerInnen zahlreiche E-Mails im Namen des Finanzamtes. Angeblich würden Sie eine Steuerrückerstattung von 1.850 Euro bekommen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-kriminelle-versenden-betruegerische-mails-im-namen-von-finanzonline/
=====================
= Vulnerabilities =
=====================
∗∗∗ Command Injection: NSA warnt vor VMware-Lücke ∗∗∗
---------------------------------------------
Der US-Geheimdienst NSA sieht russische Akteure hinter Angriffen auf eine Sicherheitslücke in VMware-Produkten.
---------------------------------------------
https://www.golem.de/news/command-injection-nsa-warnt-vor-vmware-luecke-2012-152673-rss.html
∗∗∗ D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws ∗∗∗
---------------------------------------------
Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware.
---------------------------------------------
https://threatpost.com/d-link-routers-zero-day-flaws/162064/
∗∗∗ Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams ∗∗∗
---------------------------------------------
A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a targets system.
---------------------------------------------
https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html
∗∗∗ ZDI-20-1400: (0Day) Realtek RTL8811AU Wi-Fi Driver rtwlane Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Realtek RTL8811AU Wi-Fi driver.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1400/
∗∗∗ ZDI-20-1399: (0Day) Realtek RTL8811AU Wi-Fi Driver rtwlanu Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Realtek RTL8811AU Wi-Fi driver.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1399/
∗∗∗ Jetzt updaten: Cisco schiebt Update für Security-Manager-Lücke von November nach ∗∗∗
---------------------------------------------
Für eine Sicherheitslücke mit "High"-Einstufung im Security Manager stand noch ein Fix aus. Da Proof-of-Concept-Code online ist, sollten Nutzer jetzt handeln.
---------------------------------------------
https://heise.de/-4983238
∗∗∗ Patchday: Microsoft stopft kritische Lücken in Exchange Server ∗∗∗
---------------------------------------------
Für unter anderem Hyper-V, Office und Windows stehen wichtige Sicherheitsupdates zum Download bereit. Einige Lücken gelten als kritisch.
---------------------------------------------
https://heise.de/-4984254
∗∗∗ Kritische Lücke im Python-Framework PyYAML bedroht IBM Spectrum Protect ∗∗∗
---------------------------------------------
IBM hat unter anderem für IBM Db2 und Spectrum Protect wichtige Sicherheitsupdates veröffentlicht.
---------------------------------------------
https://heise.de/-4983755
∗∗∗ Patchday: Adobe schließt kritische Lücken - aber nicht in Flash ∗∗∗
---------------------------------------------
Sicherheitspatches schließen Schadcode-Lücken in Adobe Experience Manager, Lightroom und Prelude.
---------------------------------------------
https://heise.de/-4984303
∗∗∗ Patchday: SAP-Updates versperren Angriffswege über teils kritische Lücken ∗∗∗
---------------------------------------------
Neben einer NetWeaver-Schwachstelle mit dem CVSS-"Highscore" 10 hat SAP zum Patchday noch zahlreiche weitere Sicherheitsprobleme aus seinen Produkten entfernt.
---------------------------------------------
https://heise.de/-4984262
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (minidlna, openssl, and trafficserver), Mageia (oniguruma, php-pear, python, python3, and x11vnc), openSUSE (minidlna), Oracle (kernel and net-snmp), Red Hat (kernel, mariadb-galera, microcode_ctl, and net-snmp), Slackware (seamonkey), SUSE (thunderbird and xen), and Ubuntu (xorg-server).
---------------------------------------------
https://lwn.net/Articles/839311/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (golang-golang-x-net-dev, python-certbot, and xorg-server), Fedora (resteasy, scap-security-guide, and vips), openSUSE (chromium, python, and rpmlint), SUSE (kernel), and Ubuntu (aptdaemon, curl, gdk-pixbuf, lxml, and openssl, openssl1.0).
---------------------------------------------
https://lwn.net/Articles/839481/
∗∗∗ December 2020 Android Updates Patch 46 Vulnerabilities ∗∗∗
---------------------------------------------
A total of 46 vulnerabilities were addressed this week with the release of the December 2020 security updates for Android.
---------------------------------------------
https://www.securityweek.com/december-2020-android-updates-patch-46-vulnerabilities
∗∗∗ Amnesia:33: TCP/IP-Schwachstellen gefährden Millionen internetfähige Geräte ∗∗∗
---------------------------------------------
Die 33 Anfälligkeiten verteilen sich auf vier Open-Source-Bibliotheken. Hersteller integrieren die Bibliotheken wiederum in die Firmware von Routern, Switches, Druckern und vielen anderen Geräten. Oftmals bieten diese keine Option zur Aktualisierung der Gerätesoftware.
---------------------------------------------
https://www.zdnet.de/88390349/amnesia33-tcp-ip-schwachstellen-gefaehrden-millionen-internetfaehige-geraete/
∗∗∗ GE Healthcare Imaging and Ultrasound Products ∗∗∗
---------------------------------------------
This advisory contains mitigations for Unprotected Transport of Credentials, and Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in select GE Healthcare Imaging and Ultrasound products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
∗∗∗ ICS-CERT Security Advisories - December 8th, 2020 ∗∗∗
---------------------------------------------
SummaryICS-CERT has released nine security advisories addressing vulnerabilities in ICS-related devices and software.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/7b486a6b0dbeee0d5e268e11454c7e1e
∗∗∗ Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Security Advisory - Information Disclosure Vulnerability in TE Mobile Software ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201209-01-informationleak-en
∗∗∗ Security Advisory - CSV Injection Vulnerability in iManager NetEco Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201209-01-csvinjection-en
∗∗∗ LibTIFF vulnerability CVE-2018-18557 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K70117303
∗∗∗ Linux kernel vulnerability CVE-2017-10661 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04337834
∗∗∗ Linux kernel vulnerability CVE-2017-18344 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K07020416
∗∗∗ NGINX Controller Agent vulnerability CVE-2020-27730 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43530108
∗∗∗ Linux kernel vulnerability CVE-2018-18397 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K83102920
∗∗∗ Linux kernel vulnerability CVE-2018-1120 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42202505
∗∗∗ Citrix Secure Mail for Android Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX286763
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list