[CERT-daily] Tageszusammenfassung - 21.04.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 20-04-2021 18:00 − Mittwoch 21-04-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Brace yourselves. Facebook has a new mega-leak on its hands ∗∗∗
---------------------------------------------
Facebook Email Search v1.0 can process 5 million email addresses per day, researcher says.
---------------------------------------------
https://arstechnica.com/?p=1758893


∗∗∗ Logins for 1.3 million Windows RDP servers collected from hacker market ∗∗∗
---------------------------------------------
​The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/


∗∗∗ New article: Run your malicious VBA macros anywhere! ∗∗∗
---------------------------------------------
Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.
---------------------------------------------
https://www.virusbulletin.com/blog/2021/04/new-article-run-your-malicious-vba-macros-anywhere/


∗∗∗ CVE-2021-30481: Source engine remote code execution via game invites ∗∗∗
---------------------------------------------
In this blog post, we will look at how an attacker can use the Steamworks API in combination with various features and properties of the Source engine to gain remote code execution (RCE) through malicious Steam game invites.
---------------------------------------------
https://secret.club/2021/04/20/source-engine-rce-invite.html


∗∗∗ A year of Fajan evolution and Bloomberg themed campaigns ∗∗∗
---------------------------------------------
Some malware campaigns are designed to spread malware to as many people as possible — while some others carefully choose their targets. Cisco Talos recently discovered a malware campaign that does not fit in any of the two categories.
---------------------------------------------
https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html


∗∗∗ Kleinanzeigenbetrug: Vorsicht bei Abwicklung über erfundene Speditionen! ∗∗∗
---------------------------------------------
Der Verkauf von gebrauchten Waren über Kleinanzeigenportale wie willhaben.at, shpock.com oder ebay.at boomt. Doch Vorsicht: Auch der Betrug auf solchen Plattformen wird uns derzeit häufig gemeldet. Besonders beliebt unter den Kriminellen ist die Kaufabwicklung über erfundene Speditionen.
---------------------------------------------
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-vorsicht-bei-abwicklung-ueber-erfundene-speditionen/


∗∗∗ WhatsApp Pink: Watch out for this fake update ∗∗∗
---------------------------------------------
The malware sends automated replies to messages on WhatsApp and other major chat apps.
---------------------------------------------
https://www.welivesecurity.com/2021/04/20/whatsapp-pink-watch-out-fake-update/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit ∗∗∗
---------------------------------------------
Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.
---------------------------------------------
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html


∗∗∗ Oracle veröffentlicht 390 Sicherheitsupdates für MySQL, Java & Co. ∗∗∗
---------------------------------------------
In seinem Quartalsupdate patcht sich Oracle durch sein Software-Portfolio und schließt unter anderem einige kritische Sicherheitslücken.
---------------------------------------------
https://heise.de/-6022746


∗∗∗ Jetzt patchen! Attacken auf E-Mail Security Appliances von SonicWall ∗∗∗
---------------------------------------------
Es gibt wichtige Updates für SonicWalls "Email Security". Angreifer nutzen eine Lücke derzeit aktiv aus.
---------------------------------------------
https://heise.de/-6022716


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, php-pear, wordpress, and zabbix), Oracle (java-1.8.0-openjdk and java-11-openjdk), Red Hat (java-1.8.0-openjdk, java-11-openjdk, kernel, and kpatch-patch), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (seamonkey), SUSE (apache-commons-io, ImageMagick, kvm, ruby2.5, and sudo), and Ubuntu (edk2, libcaca, ntp, and ruby2.3, ruby2.5, ruby2.7).
---------------------------------------------
https://lwn.net/Articles/853759/


∗∗∗ VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/567764


∗∗∗ ZDI-21-442: (0Day) Advantech WebAccess/HMI Designer SNF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-442/


∗∗∗ ZDI-21-441: (0Day) Advantech WebAccess/HMI Designer PLF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-441/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics – Log Analysis ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-eclipse-jetty-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/


∗∗∗ Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics – Log Analysis (CVE-2019-17558) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-solr-affects-ibm-operations-analytics-log-analysis-cve-2019-17558/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20454/


∗∗∗ Security Bulletin: Vulnerability in jersey affect Apache Zookeeper shipped with IBM Operations Analytics – Log Analysis (CVE-2014-3643) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jersey-affect-apache-zookeeper-shipped-with-ibm-operations-analytics-log-analysis-cve-2014-3643/


∗∗∗ Security Bulletin: Security Bulletin: IBM SDK Java Quarterly CPU Oct 2020 Vulnerabilities Affect IBM Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-ibm-sdk-java-quarterly-cpu-oct-2020-vulnerabilities-affect-ibm-transformation-extender/


∗∗∗ Security Bulletin: SMTP for IBM i is affected by CVE-2021-20501 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-smtp-for-ibm-i-is-affected-by-cve-2021-20501/


∗∗∗ Security Bulletin: Update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/


∗∗∗ Security Bulletin: protobuf Vulnerability in Apache Solr affect IBM Operations Analytics – Log Analysis Analysis (CVE-2015-5237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-protobuf-vulnerability-in-apache-solr-affect-ibm-operations-analytics-log-analysis-analysis-cve-2015-5237/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-and-apache-tomcat-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-v9000-products/


∗∗∗ Security Bulletin: Vulnerability in Apache Ant affect IBM Operations Analytics – Log Analysis Analysis (CVE-2020-1945) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affect-ibm-operations-analytics-log-analysis-analysis-cve-2020-1945/


∗∗∗ Severe Vulnerabilities Patched in Redirection for Contact Form 7 Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/


∗∗∗ Hitachi ABB Power Grids Ellipse APM ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-01


∗∗∗ Rockwell Automation Stratix Switches ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-02


∗∗∗ Delta Industrial Automation COMMGR ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03


∗∗∗ Delta Electronics CNCSoft ScreenEditor ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-04


∗∗∗ Delta Electronics CNCSoft-B ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-05


∗∗∗ Eaton Intelligent Power Manager ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-06


∗∗∗ Siemens Mendix ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-07

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily