[CERT-daily] Tageszusammenfassung - 01.02.2021

Mon Feb 1 18:11:16 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 29-01-2021 18:00 − Montag 01-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers, (Mon, Feb 1st) ∗∗∗
---------------------------------------------
Over the last number of weeks (after the Solarwinds Orion news) there's been a lot of discussion on how to detect if a server-based applcation is compromised. The discussions have ranged from buying new sophisticated tools, auditing the development pipeline, to diffing patches. But really, for me it's as simple as saying "should my application server really be able to connect to any internet host on any protocol". 
---------------------------------------------
https://isc.sans.edu/diary/rss/27054


∗∗∗ Hintermänner der Fonix-Ransomware geben auf und veröffentlichen Master-Schlüssel ∗∗∗
---------------------------------------------
Opfer des Verschlüsselungstrojaner Fonix sehen Licht am Ende des Tunnels.
---------------------------------------------
https://heise.de/-5041914


∗∗∗ SonicWall zero-day exploited in the wild ∗∗∗
---------------------------------------------
Security firm NCC Group said it detected "indiscriminate" exploitation of a mysterious SonicWall zero-day.
---------------------------------------------
https://www.zdnet.com/article/sonicwall-zero-day-exploited-in-the-wild/


∗∗∗ Shodan Verified Vulns 2021-02-01 ∗∗∗
---------------------------------------------
Wieder ist ein Monat vergangen und damit auch wieder die Zeit gekommen, um einen Blick auf Shodans Daten zu den Verified Vulnerabilities in Österreich zu werfen.
---------------------------------------------
https://cert.at/de/aktuelles/2021/2/shodan-verified-vulns-2021-02-01


∗∗∗ Trickbot feiert Comeback ∗∗∗
---------------------------------------------
Kaum ist die Freude über die Zerschlagung von Emotet verklungen, feiert ein anderes Malware-Netzwerk namens Trickbot nach einigen Monaten Stille ein Comeback.
---------------------------------------------
https://www.zdnet.de/88393163/trickbot-feiert-comeback/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021 ∗∗∗
---------------------------------------------
A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges.  [...] Cisco is investigating its product line to determine which products may be affected by this vulnerability. As the investigation progresses, Cisco will update this advisory with information about affected products.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM


∗∗∗ WordPress-Plug-in Popup Builder: Angreifer könnten Newsletter verschicken ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für das WordPress-Plug-in Popup Builder.
---------------------------------------------
https://heise.de/-5041788


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (home-assistant, libgcrypt, libvirt, and mutt), Debian (ffmpeg, kernel, libonig, libsdl2, mariadb-10.1, and thunderbird), Fedora (chromium, firefox, jasper, libebml, mingw-python3, netpbm, opensmtpd, thunderbird, and xen), Gentoo (firefox and thunderbird), Mageia (db53, dnsmasq, kernel, kernel-linus, and php-pear), openSUSE (go1.14, go1.15, messagelib, nodejs8, segv_handler, and thunderbird), Oracle (firefox, kernel, and thunderbird), Red Hat (flatpak), SUSE (firefox, rubygem-nokogiri) and Ubuntu (mysql-5.7, mysql-8.0, python-django).
---------------------------------------------
https://lwn.net/Articles/844749/


∗∗∗ Sudo vulnerability CVE-2021-3156 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K86488846?utm_source=f5support&utm_medium=RSS


∗∗∗ Critical vulnerability in Apple iOS WebKit browser components can impact users of the BIG-IP APM F5 Access client ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K58149033?utm_source=f5support&utm_medium=RSS

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily