[CERT-daily] Tageszusammenfassung - 05.02.2021

Daily end-of-shift report team at cert.at
Fri Feb 5 18:09:01 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-02-2021 18:00 − Freitag 05-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Hackers steal StormShield firewall source code in data breach ∗∗∗
---------------------------------------------
Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the companys support ticket system and steal source code for Stormshield Network Security firewall software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/


∗∗∗ Free coffee! Belgian researcher hacks prepaid vending machines ∗∗∗
---------------------------------------------
Only try this at home, folks! As easy as it might look, its illegal in the wild, with good reason.
---------------------------------------------
https://nakedsecurity.sophos.com/2021/02/04/free-coffee-dutch-researcher-hacks-prepaid-vending-machines/


∗∗∗ Stack Canaries – Gingerly Sidestepping the Cage ∗∗∗
---------------------------------------------
Tell-tale values added to binaries during compilation to protect critical stack values like the Return Pointer against buffer overflow attacks.
---------------------------------------------
https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage


∗∗∗ [SANS ISC] VBA Macro Trying to Alter the Application Menus ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “VBA Macro Trying to Alter the Application Menus‘”: Who remembers the worm Melissa? It started to spread in March 1999! In information security, it looks like speaking about prehistory but I spotted a VBA macro that tried to use the same defensive techniqueThe post [SANS ISC] VBA Macro Trying to Alter the Application Menus appeared first on /dev/random.
---------------------------------------------
https://blog.rootshell.be/2021/02/05/sans-isc-vba-macro-trying-to-alter-the-application-menus/


∗∗∗ Abusing Google Chrome extension syncing for data exfiltration and C&C ∗∗∗
---------------------------------------------
I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication.
---------------------------------------------
https://isc.sans.edu/diary/rss/27066


∗∗∗ besondereprasente.com: Fordern Sie Ihr Geld zurück! ∗∗∗
---------------------------------------------
Obwohl die Webseite besondereprasente.com gar nicht mehr existiert, erhält die Watchlist Internet nach wie vor zahlreiche Meldungen zu diesem Fake-Shop. Der Grund: Wer bei besondereprasente.com bestellt, tappt in eine teure Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/besondereprasentecom-fordern-sie-ihr-geld-zurueck/


∗∗∗ Plex Media servers are being abused for DDoS attacks ∗∗∗
---------------------------------------------
Cyber-security firm Netscout warns of new DDoS attack vector.
---------------------------------------------
https://www.zdnet.com/article/plex-media-servers-are-being-abused-for-ddos-attacks/


∗∗∗ Kasperksy warnt vor Krypto-Scam ∗∗∗
---------------------------------------------
Kapersky hat ein neues Scam-System entdeckt, das es mit verlockenden Angeboten von angeblichen neuen Kryptobörsen auf Anwender von Discord abgesehen hat.
---------------------------------------------
https://www.zdnet.de/88393274/kasperksy-warnt-vor-krypto-scam/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Zero-Day im Chrome-Browser: Jetzt Update einspielen ∗∗∗
---------------------------------------------
Eine aktiv ausgenutzte Schwachstelle im Chrome-Browser gefährdet die meisten Betriebssysteme. Google hat ein Update.
---------------------------------------------
https://heise.de/-5046783


∗∗∗ Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style ∗∗∗
---------------------------------------------
On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (java-11-openjdk, kernel, and monitorix), Mageia (mutt, nodejs, and nodejs-ini), Oracle (flatpak, glibc, and kernel), Red Hat (rh-nodejs14-nodejs), Scientific Linux (flatpak), and Ubuntu (flatpak and minidlna).
---------------------------------------------
https://lwn.net/Articles/845191/


∗∗∗ WordPress Plugin "Name Directory" vulnerable to cross-site request forgery ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN50470170/


∗∗∗ Security Bulletin: Watson Machine Learning Community Edition docker containers have been updated to fix a security issue in libcurl ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-community-edition-docker-containers-have-been-updated-to-fix-a-security-issue-in-libcurl/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect Connect:Direct Web Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-connectdirect-web-services/


∗∗∗ Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for various security issues in nanopb. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-tensorflow-in-watson-machine-learning-1-6-2-and-1-7-0-has-been-patched-for-various-security-issues-in-nanopb/


∗∗∗ Security Bulletin: IBM API Connect is impacted by insecure web server configuration (CVE-2020-4825) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-insecure-web-server-configuration-cve-2020-4825/


∗∗∗ Security Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-tensorflow-in-watson-machine-learning-community-edition-1-6-2-and-1-7-0-has-been-patched-for-various-security-issues-2/


∗∗∗ Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server Admin Console ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-embedded-websphere-application-server-admin-console/


∗∗∗ Security Bulletin: Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-liberty-server-wlp-affects-ibm-cloud-application-business-insights/


∗∗∗ Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-go-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc/


∗∗∗ Security Bulletin: PowerHA System Mirror for AIX vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-powerha-system-mirror-for-aix-vulnerability/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7754) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-and-ibm-integration-bus-cve-2020-7754/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list