[CERT-daily] Tageszusammenfassung - 16.04.2021

Daily end-of-shift report team at cert.at
Fri Apr 16 18:11:08 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 15-04-2021 18:00 − Freitag 16-04-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücken: Google Project Zero gibt Nutzern 30 Tage zum Patchen ∗∗∗
---------------------------------------------
Mit der neuen Regelung hofft Googles Project Zero auf mehr Sicherheit für die Nutzer und schnellere Patches.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecken-google-project-zero-gibt-nutzern-30-tage-zum-patchen-2104-155782-rss.html


∗∗∗ [SANS ISC] HTTPS Support for All Internal Services ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “HTTPS Support for All Internal Services“: SSL/TLS has been on stage for a while with deprecated protocols, free certificates for everybody. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday, [...]
---------------------------------------------
https://blog.rootshell.be/2021/04/16/sans-isc-https-support-for-all-internal-services/


∗∗∗ The rise of QakBot ∗∗∗
---------------------------------------------
AT&T Alien Labs closely monitors the evolution of crimeware such as the QakBot malware family and campaigns in connection with QakBot. The jointly coordinated takedown of the actors behind Emotet in late January has left a gap in the cybercrime landscape, which QakBot seems poised to fill.
---------------------------------------------
https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot


∗∗∗ “Huge upsurge” in DDoS attacks during pandemic ∗∗∗
---------------------------------------------
A new report by Netscout sets yet out another way in which why 2020 was a record-breaking year for for all the wrong reasons.
---------------------------------------------
https://blog.malwarebytes.com/reports/2021/04/huge-upsurge-in-ddos-attacks-during-pandemic/


∗∗∗ Security vs User Journey ∗∗∗
---------------------------------------------
Something I often think about is how my recommendations for clients to fix small security issues can spoil / complicate their users’ journey. UX matters I understand that UX is [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/security-vs-user-journey/


∗∗∗ Are Your Nagios XI Servers Turning Into Cryptocurrency Miners for Attackers? ∗∗∗
---------------------------------------------
Unit 42 researchers found an attack in the wild targeting Nagios XI 5.7.5 that exploits CVE-2021-25296 and drops a cryptocurrency miner. Read more for an analysis of the vulnerable code, the resulting command injection, and the malicious scripts.
---------------------------------------------
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/


∗∗∗ CISA and CNMF Analysis of SolarWinds-related Malware ∗∗∗
---------------------------------------------
CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network with an active SUNSHUTTLE infection. The webshell can provide a cyber threat actor an alternative method of accessing a network, even if the SUNSHUTTLE [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/cisa-and-cnmf-analysis-solarwinds-related-malware


∗∗∗ Codecov discloses 2.5-month-long supply chain attack ∗∗∗
---------------------------------------------
Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools.
---------------------------------------------
https://therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (smarty3), Fedora (libpano13, python3.8, and seamonkey), Mageia (chromium-browser-stable, gstreamer1.0, thunderbird, and x11-server), Oracle (libldb and thunderbird), SUSE (grafana and system-user-grafana, kernel, and openldap2), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, [...]
---------------------------------------------
https://lwn.net/Articles/852978/


∗∗∗ Schneider Electric C-Bus Toolkit ∗∗∗
---------------------------------------------
This advisory contains mitigations for Improper Privilege Management and Path Traversal vulnerabilities in the Schneider Electric C-Bus Toolkit.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-01


∗∗∗ EIPStackGroup OpENer Ethernet/IP ∗∗∗
---------------------------------------------
This advisory contains mitigations for Incorrect Conversion Between Numeric Types, Stack-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in EIPStackGroup OpENer Ethernet IP.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02


∗∗∗ Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61267093


∗∗∗ NSS vulnerability CVE-2020-12403 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13290208


∗∗∗ LibreOffice: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0393

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list