[CERT-daily] Tageszusammenfassung - 20.04.2021

Tue Apr 20 18:09:44 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 19-04-2021 18:00 − Dienstag 20-04-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Remote Code Execution: Angriffe auf VPN-Geräte von Pulse Secure ∗∗∗
---------------------------------------------
Produkte von Pulse Secure sind von einer kritischen Sicherheitslücke betroffen, für die es keinen Patch gibt. Angriffe finden bereits statt.
---------------------------------------------
https://www.golem.de/news/remote-code-execution-angriffe-auf-vpn-geraete-von-pulse-secure-2104-155880-rss.html


∗∗∗ Google Play apps with 700k installs steal texts and charge you money ∗∗∗
---------------------------------------------
Google removes eight apps after receiving report from researchers.
---------------------------------------------
https://arstechnica.com/?p=1758227


∗∗∗ Fake Microsoft Store, Spotify sites spread info-stealing malware ∗∗∗
---------------------------------------------
Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-microsoft-store-spotify-sites-spread-info-stealing-malware/


∗∗∗ Breaking ABUS Secvest internet-connected alarm systems (CVE-2020-28973) ∗∗∗
---------------------------------------------
ABUS Secvest is a wireless alarm system that is marketed at consumers and small businesses. It is usually deployed by a specialized company. A Secvest FUAA50000 controller costs about EUR400. A typical deployment with motion sensors, a siren and door/window sensors can cost thousands of euro’s. In this article I will describe how more than 10.000 internet-connected alarm systems could be hacked and deactivated remotely.
---------------------------------------------
https://eye.security/en/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973


∗∗∗ Firefox & Thunderbird: Sicherheitsrelevante Updates für Browser & E-Mail-Client ∗∗∗
---------------------------------------------
Mozilla hat Firefox 88 nebst ESR-Pendant sowie Thunderbird 78.10 veröffentlicht. Im Gepäck haben die Releases unter anderem auch wichtige Schwachstellen-Fixes.
---------------------------------------------
https://heise.de/-6021309


∗∗∗ Facebook Messenger users targeted by a large-scale scam ∗∗∗
---------------------------------------------
A large-scale scam campaign targeting Facebook Messenger users all over the world has been detected by Group-IB. Digital Risk Protection (DRP) analysts have found evidence proving that users in over 80 countries in Europe, Asia, the MEA region, North and South America might have been affected. By distributing ads promoting an allegedly updated version of Facebook Messenger, cybercriminals harvested users’ login credentials.
---------------------------------------------
https://www.helpnetsecurity.com/2021/04/20/facebook-messenger-scam/


∗∗∗ E-Mail: UnternehmerInnen werden aufgefordert, Corona-Tests bei "testversand.com" zu kaufen ∗∗∗
---------------------------------------------
In Deutschland müssen ArbeitgeberInnen ab heute für MitarbeiterInnen, die nicht im Home-Office sind, Corona-Tests bereitstellen. Diese Maßnahme nutzen Kriminelle und kontaktieren zahlreiche UnternehmerInnen, um den unseriösen Online-Shop für Corona-Tests "testversand.com" zu empfehlen. Es ist anzunehmen, dass dieses E-Mail auch an österreichische UnternehmerInnen versendet wird.
---------------------------------------------
https://www.watchlist-internet.at/news/e-mail-unternehmerinnen-werden-aufgefordert-corona-tests-bei-testversandcom-zu-kaufen/


∗∗∗ Multi-factor authentication: Use it for all the people that access your network, all the time ∗∗∗
---------------------------------------------
The vast majority of cyberattacks involve a password being hacked - providing your employees with multi-factor authentication could go a long way towards stopping cyber criminals breaking into your network.
---------------------------------------------
https://www.zdnet.com/article/multi-factor-authentication-use-it-for-all-the-people-that-access-your-network-all-the-time/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple vulnerabilities in Synology DiskStation Manager. DSM is the Linux-based operating system for every Synology network-attached storage device (NAS). 
---------------------------------------------
https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html


∗∗∗ Widespread Attacks Continue Targeting Vulnerabilities in The Plus Addons for Elementor Pro ∗∗∗
---------------------------------------------
Over the past 10 days, Wordfence has blocked over 14 million attacks targeting Privilege Escalation Vulnerabilities in The Plus Addons for Elementor Pro on over 75% of sites reporting attacks during this period. By April 13, 2021, this campaign was targeting more sites than all other campaigns put together.
---------------------------------------------
https://www.wordfence.com/blog/2021/04/widespread-attacks-continue-targeting-vulnerabilities-in-the-plus-addons-for-elementor-pro/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (xorg-server), Fedora (CImg, gmic, leptonica, mingw-binutils, mingw-glib2, mingw-leptonica, mingw-python3, nodejs, and seamonkey), openSUSE (irssi, kernel, nextcloud-desktop, python-django-registration, and thunderbird), Red Hat (389-ds:1.4, kernel, kernel-rt, perl, and pki-core:10.6), SUSE (kernel, sudo, and xen), and Ubuntu (clamav and openslp-dfsg).
---------------------------------------------
https://lwn.net/Articles/853614/


∗∗∗ Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights-2/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20453) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20453/


∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise (CVE-2020-1968) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-cve-2020-1968/


∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise (CVE-2020-1971). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-cve-2020-1971/


∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE related to the Libraries component could affect InfoSphere Streams version 4.3 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-libraries-component-could-affect-infosphere-streams-version-4-3/


∗∗∗ Security Bulletin: Multiple vulnerabilites in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/


∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/


∗∗∗ Security Bulletin: Apache Solr, shipped with IBM Operations Analytics – Log Analysis, susceptible to vulnerability in Apache POI (CVE-2019-12415) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-susceptible-to-vulnerability-in-apache-poi-cve-2019-12415/


∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE related to the JNDI component could affect InfoSphere Streams ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-jndi-component-could-affect-infosphere-streams/


∗∗∗ Security Bulletin: Potential TLS vulnerability using Diffie-Hellman TLS ciphersuites in IBM DataPower Gateway (CVE-2020-1968) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-tls-vulnerability-using-diffie-hellman-tls-ciphersuites-in-ibm-datapower-gateway-cve-2020-1968/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily