[CERT-daily] Tageszusammenfassung - 03.02.2021

Wed Feb 3 18:12:34 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 02-02-2021 18:00 − Mittwoch 03-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd) ∗∗∗
---------------------------------------------
This Excel spreadsheet pushed what might be SystemBC malware when I tested it in my lab environment on Monday 2021-02-01.
---------------------------------------------
https://isc.sans.edu/diary/rss/27060


∗∗∗ Interview with a LockBit ransomware operator ∗∗∗
---------------------------------------------
In September 2020, Cisco Talos established contact with a self-described LockBit operator and experienced threat actor. Over the course of several weeks, we conducted multiple interviews.
---------------------------------------------
https://blog.talosintelligence.com/2021/02/interview-with-lockbit-ransomware.html


∗∗∗ Hildegard: New TeamTNT Malware Targeting Kubernetes ∗∗∗
---------------------------------------------
Hildegard is a new malware campaign believed to originate from TeamTNT. It targets Kubernetes clusters and launches cryptojacking operations.
---------------------------------------------
https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/


∗∗∗ Gefälschte Rechnung für Desinfektionsmittel im Umlauf! ∗∗∗
---------------------------------------------
Viele Unternehmen müssen aufgrund der Coronakrise stärkere Hygienemaßnahmen umsetzen. Dazu zählt auch die Bereitstellung von Desinfektionsmittel. Für viele ist es daher wohl wenig überraschend, wenn sich im E-Mail-Posteingang eine Rechnung für bestellte Desinfektionsmittel findet.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-rechnung-fuer-desinfektionsmittel-im-umlauf/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities ∗∗∗
---------------------------------------------
In this blog, I will be discussing three new security issues that I recently found in several SolarWinds products. All three are severe bugs with the most critical one allowing remote code execution with high privileges.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (open-build-service and openldap), Fedora (jasper, libebml, and tcmu-runner), openSUSE (segv_handler), Red Hat (thunderbird), Scientific Linux (kernel), SUSE (cups and openvswitch), and Ubuntu (apport and ca-certificates).
---------------------------------------------
https://lwn.net/Articles/844948/


∗∗∗ Recent root-giving Sudo bug also impacts macOS ∗∗∗
---------------------------------------------
A bug in the Sudo app can let attackers with access to a local system to elevate their access to a root-level account.
---------------------------------------------
https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/


∗∗∗ Cisco Security Advisories 2021-02-03 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F02%2F03&firstPublishedEndDate=2021%2F02%2F03


∗∗∗ Security Advisory - Improper Resource Management Vulnerability in eUDC660 Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-resourcemanagement-en


∗∗∗ Security Advisory - Improper Information Processing Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-informationleak-en


∗∗∗ Security Advisory - Improper Permission Assignment Vulnerability in Huawei ManageOne Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-manageone-en


∗∗∗ Security Advisory - Information Leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-plaintextlog-en


∗∗∗ Security Advisory - Information Leakage Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210202-01-fw-en


∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm-2/


∗∗∗ Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a remote code execution vulnerability (CVE-2020-4682) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/


∗∗∗ Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-2/


∗∗∗ Security Bulletin: IBM Network Performance Insight 1.3.1 affected by Apache Cassandra vulnerability (CVE-2020-13946) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-affected-by-apache-cassandra-vulnerability-cve-2020-13946/


∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-node-js-cve-2020-8201-cve-2020-8251-cve-2020-8252/


∗∗∗ Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-denial-of-service-dos-via-etcd-cve-2020-15106-cve-2020-15112-cve-2020-15113/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sterling-connectdirect-browser-user-interface-2/


∗∗∗ Security Bulletin: jackson-databind vulnerability CVE-2021-20190 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerability-cve-2021-20190-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-4/


∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is vulnerable to arbitrary code excution in Drupal Core (CVE-2020-13671) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-vulnerable-to-arbitrary-code-excution-in-drupal-core-cve-2020-13671/


∗∗∗ Security Bulletin: IBM Cloud Pak For Security vulnerable to potential information disclosure through HTTP headers (CVE-2020-4967) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-security-vulnerable-to-potential-information-disclosure-through-http-headers-cve-2020-4967/


∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale allows to inject malicious content into command log files (CVE-2020-4889) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-allows-to-inject-malicious-content-into-command-log-files-cve-2020-4889/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-server-side-request-forgery-ssrf-cve-2020-4787/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-program-management/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-5/


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a ClickJacking vulnerability (CVE-2020-4165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-clickjacking-vulnerability-cve-2020-4165/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-october-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns-2/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-2/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2020-4949/


∗∗∗ Security Bulletin: Bouncy Castle Vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bouncy-castle-vulnerability/


∗∗∗ February 2, 2021   TNS-2021-01   [R1] Nessus AMI 8.13.1 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2021-01


∗∗∗ Linux kernel vulnerability CVE-2020-14385 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K84900646


∗∗∗ D-LINK Router DNS-320: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0122


∗∗∗ Rockwell Automation MicroLogix 1400 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01


∗∗∗ Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02


∗∗∗ 2019-08Hirschmann RSP, RSPE, and OS2 series HSR denial of service vulnerability ∗∗∗
---------------------------------------------
https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view


∗∗∗ 2021-02ICX35 Local Web Based Configuration Interface Password Set ∗∗∗
---------------------------------------------
https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12277-source/options/view

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily