[CERT-daily] Tageszusammenfassung - 10.02.2021

Daily end-of-shift report team at cert.at
Wed Feb 10 18:08:59 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-02-2021 18:00 − Mittwoch 10-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Rinfo Is Making A Comeback and Is Scanning and Mining in Full Speed ∗∗∗
---------------------------------------------
In 2018 we blogged about a scanning&mining botnet family that uses ngrok.io to propagate samples: "A New Mining Botnet Blends Its C2s into ngrok Service", and since mid-October 2020, our BotMon system started to see a new variant of this family [...]
---------------------------------------------
https://blog.netlab.360.com/rinfo-is-making-a-comeback-and-is-scanning-and-mining-in-full-speed/


∗∗∗ Kaufen Sie keine Paysafecard um Zollgebühren zu bezahlen! ∗∗∗
---------------------------------------------
Eine neue Massenmail landet derzeit im Posteingang zahlreicher InternetnutzerInnen. Die Nachricht wird angeblich vom Kundenservice des deutschen oder schweizerischen Zolls gesendet.
---------------------------------------------
https://www.watchlist-internet.at/news/kaufen-sie-keine-paysafecard-um-zollgebuehren-zu-bezahlen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apple fixes SUDO root privilege escalation flaw in macOS ∗∗∗
---------------------------------------------
Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.
---------------------------------------------
https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/


∗∗∗ Confusion Attack: Microsoft warnt vor einfacher Übernahme interner Pakete ∗∗∗
---------------------------------------------
Haben internes und externes Paket den gleichen Namen, lassen sich Trojaner einschleusen.
---------------------------------------------
https://www.golem.de/news/confusion-attack-microsoft-warnt-vor-einfacher-uebernahme-interner-pakete-2102-154063-rss.html


∗∗∗ Microsoft February 2021 Patch Tuesday, (Tue, Feb 9th) ∗∗∗
---------------------------------------------
This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed.
---------------------------------------------
https://isc.sans.edu/diary/rss/27080


∗∗∗ Patchday: Adobe kümmert sich um kritische Lücken in Acrobat, Photoshop & Co. ∗∗∗
---------------------------------------------
Derzeit haben es Angreifer auf Windows-Nutzer mit Adobe Reader abgesehen. Sicherheitsupdates stehen zum Download bereit.
---------------------------------------------
https://heise.de/-5050997


∗∗∗ Patchday: Intel stellt aktualisierte Treiber, Firm- und Software bereit ∗∗∗
---------------------------------------------
Von Intel diesmal meist als Downloads für Endnutzer verfügbare Updates beseitigen Schwachstellen mit teils hoher Gefahreneinstufung aus diversen Produkten.
---------------------------------------------
https://heise.de/-5051084


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (connman, firejail, libzstd, slirp, and xcftools), Fedora (chromium, jackson-databind, and privoxy), openSUSE (chromium), Oracle (kernel and kernel-container), Slackware (dnsmasq), SUSE (java-11-openjdk, kernel, and python), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oem-5.6, linux-oracle, linux-raspi, linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3, openjdk-8, openjdk-lts, and snapd).
---------------------------------------------
https://lwn.net/Articles/845602/


∗∗∗ This old security vulnerability left millions of Internet of Things devices vulnerable to attacks ∗∗∗
---------------------------------------------
Historys repeating, warn security researchers, who find that a computer security issue thats been known about for decades could be used to manipulate IoT devices - so apply the patches now.
---------------------------------------------
https://www.zdnet.com/article/this-old-security-vulnerability-left-millions-of-internet-of-things-devices-vulnerable-to-attacks/


∗∗∗ GE Digital HMI/SCADA iFIX ∗∗∗
---------------------------------------------
This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource vulnerabilities in the GE Digital HMI/SCADA iFIX software component.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01


∗∗∗ Advantech iView ∗∗∗
---------------------------------------------
This advisory contains mitigations for SQL Injection, Path Traversal, and Missing Authentication for Critical Function vulnerabilities in the Advantech iView device management application.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02


∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-02-dos-en


∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-01-memoryleak-en


∗∗∗ Security Bulletin: IBM MQ is vulnerable to an error within Eclipse Jetty (CVE-2020-27216) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-error-within-eclipse-jetty-cve-2020-27216/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4996) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4996/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4791) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4791/


∗∗∗ Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4995) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4995/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4795) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4795/


∗∗∗ Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2016-2183) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-a-security-vulnerability-cve-2016-2183/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Arbitrary File Read (CVE-2020-4789) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-arbitrary-file-read-cve-2020-4789-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an "Apache CXF" jar vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-cxf-jar-vulnerability/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4790) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4790/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list