[CERT-daily] Tageszusammenfassung - 06.04.2021

Tue Apr 6 18:26:55 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 02-04-2021 18:00 − Dienstag 06-04-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Malicious cheats for Call of Duty: Warzone are circulating online ∗∗∗
---------------------------------------------
The cheat is fake, but the malware it installs is the real thing.
---------------------------------------------
https://arstechnica.com/?p=1754269


∗∗∗ Telefonnummer, E-Mail: Bin ich im Facebook-Leak? ∗∗∗
---------------------------------------------
Auf verschiedenen Webseiten können Nutzer prüfen, ob sie zu den 533 Millionen Betroffenen des Facebook-Datenlecks gehören.
---------------------------------------------
https://www.golem.de/news/telefonnummer-e-mail-bin-ich-im-facebook-leak-2104-155500-rss.html


∗∗∗ Kryptomining: Coinhive-Skripte warnen vor sich selbst ∗∗∗
---------------------------------------------
Der Sicherheitsforscher Troy Hunt hat die Domains des Kryptominers Coinhive bekommen. Mit ihnen macht er auf Sicherheitsprobleme aufmerksam.
---------------------------------------------
https://www.golem.de/news/kryptomining-coinhive-skripte-warnen-vor-sich-selbst-2104-155517-rss.html


∗∗∗ The leap of a Cycldek-related threat actor ∗∗∗
---------------------------------------------
The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.
---------------------------------------------
https://securelist.com/the-leap-of-a-cycldek-related-threat-actor/101243/


∗∗∗ From PowerShell to Payload: An Analysis of Weaponized Malware ∗∗∗
---------------------------------------------
John Hammond, security researcher with Huntress, takes a deep-dive into a stagers technical and coding aspects.
---------------------------------------------
https://threatpost.com/powershell-payload-analysis-malware/165188/


∗∗∗ YARA and CyberChef: ZIP, (Sun, Apr 4th) ∗∗∗
---------------------------------------------
When processing the result of "unzip" in CyberChef, for example with YARA rules, all files contained inside the ZIP file, are concatenated together.
---------------------------------------------
https://isc.sans.edu/diary/rss/27276


∗∗∗ Gigaset: Malware-Befall von Android-Geräten des Herstellers gibt Rätsel auf ∗∗∗
---------------------------------------------
Besitzer von Android-Smartphones von Gigaset kämpfen seit einigen Tagen mit Malware. Einiges deutet auf einen kompromittierten Update-Server als Quelle hin.
---------------------------------------------
https://heise.de/-6006464


∗∗∗ Man in the Terminal ∗∗∗
---------------------------------------------
By using path hijacking and modification on Unix-like machines, we can achieve pseudo-keylogging functionality by prioritizing malicious middleware binaries to record and transfer standard input/output streams.
---------------------------------------------
https://posts.specterops.io/man-in-the-terminal-65476e6165b9


∗∗∗ 2020 Phishing Trends With PDF Files ∗∗∗
---------------------------------------------
We analyzed recent phishing trends with PDF files and noted a dramatic increase in the practice, as well as five approaches popular with attackers.
---------------------------------------------
https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files/


∗∗∗ SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications ∗∗∗
---------------------------------------------
New research also reveals that SAP vulnerabilities, on average, are weaponized in less than 72 hours.
---------------------------------------------
https://www.zdnet.com/article/sap-issues-advisory-on-vulnerable-applications-being-widely-targeted-by-hackers/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple out-of-bounds write vulnerabilities in Accusoft ImageGear that an adversary could exploit to corrupt memory on the targeted machine. The ImageGear library is a [...]
---------------------------------------------
https://blog.talosintelligence.com/2021/03/vuln-spotlight-accusoft-image-gear-march-2021.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libxstream-java, php-nette, and smarty3), Fedora (curl, openssl, spamassassin, and webkit2gtk3), Mageia (ant, batik, kernel, kernel-linus, nodejs-chownr, nodejs-yargs-parser, python-bottle, and ruby-em-http-request), openSUSE (curl and OpenIPMI), and Red Hat (openssl).
---------------------------------------------
https://lwn.net/Articles/851640/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, netty, python-bleach, and python3.5), Fedora (libmediainfo, libzen, and mediainfo), Mageia (openssl), openSUSE (chromium), Red Hat (389-ds:1.4, flatpak, kernel, kernel-rt, kpatch-patch, libldb, and virt:rhel and virt-devel:rhel), and Ubuntu (python-django and ruby-rack).
---------------------------------------------
https://lwn.net/Articles/851772/


∗∗∗ Android Patchday April ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erhöhen oder Informationen offenzulegen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0344


∗∗∗ QTS 4.3.6.1620 Build 20210322 ∗∗∗
---------------------------------------------
Security Updates  
Fixed a command injection vulnerability (CVE-2020-2509).  
Fixed a vulnerability in Apache HTTP server (CVE-2020-9490).
---------------------------------------------
https://www.qnap.com/en/release-notes/qts/4.3.6.1620/20210322


∗∗∗ Shodan Verified Vulns 2021-04-01 ∗∗∗
---------------------------------------------
Der März verging Dank (?) den Exchange-Schachstellen wie im Flug und wir werfen entsprechend wieder einen Blick auf jene Schwachstellen, die Shodan in Österreich sieht. Mit Stand 2021-04-01 ergab sich Folgendes:  Es ist also passiert! Mit einem Schlag sind die TLS-Schwachstellen (fast) vom Thron gestoßen – die Microsoft Exchange Lücken greifen nach der Spitze.
---------------------------------------------
https://cert.at/de/aktuelles/2021/4/shodan-verified-vulns-2021-04-01


∗∗∗ April 5, 2021   TNS-2021-07   [R1] Nessus 8.14.0 Fixes One Vulnerability ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2021-07


∗∗∗ Grafana vulnerability CVE-2019-15043 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00843201

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily