[CERT-daily] Tageszusammenfassung - 11.02.2021
Daily end-of-shift report
team at cert.at
Thu Feb 11 18:08:17 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 10-02-2021 18:00 − Donnerstag 11-02-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Dimitri Robl
=====================
= News =
=====================
∗∗∗ TrickBots BazarBackdoor malware is now coded in Nim to evade antivirus ∗∗∗
---------------------------------------------
TrickBots stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/
∗∗∗ Hybrid, Older Users Most-Targeted by Gmail Attackers ∗∗∗
---------------------------------------------
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasnt a big factor.
---------------------------------------------
https://threatpost.com/hybrid-older-users-gmail-attackers/163826/
∗∗∗ Agent Tesla hidden in a historical anti-malware tool, (Thu, Feb 11th) ∗∗∗
---------------------------------------------
While going through attachments of e-mails, which were caught in my e-mail quarantine since the beginning of February, I found an ISO file with what turned out to be a sample of the Agent Tesla infostealer. That, by itself, would not be that unusual, but the Agent Tesla sample turned out to be unconventional in more ways than one [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/27088
∗∗∗ Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472) ∗∗∗
---------------------------------------------
Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/02/10/microsoft-launches-phase-2-mitigation-netlogon-remote-code
∗∗∗ Zeoticus 2.0: Ransomware With No C2 Required ∗∗∗
---------------------------------------------
Zeoticus ransomware first appeared for sale in various underground forums and markets in early 2020. The ransomware is currently Windows-specific and, according to the developers, functions on all “supported versions of Windows”.
---------------------------------------------
https://labs.sentinelone.com/zeoticus-2-0-ransomware-with-no-c2-required/
∗∗∗ FBI warnt vor Windows 7 und TeamViewer ∗∗∗
---------------------------------------------
Die US-Bundespolizei FBI hat anlässlich des Giftangriffes auf ein Wasserwerk in Florida eine offizielle Warnung vor dem Einsatz von Windows 7 und TeamViewer ausgesprochen.
---------------------------------------------
https://www.zdnet.de/88393353/fbi-warnt-vor-windows-7-und-teamviewer/
=====================
= Vulnerabilities =
=====================
∗∗∗ SAP Commerce Critical Security Bug Allows RCE ∗∗∗
---------------------------------------------
The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses.
---------------------------------------------
https://threatpost.com/sap-commerce-critical-security-bug/163822/
∗∗∗ DoS- und Schadcode-Attacken gegen McAfee Total Protection möglich ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für McAfee Total Protection unter Windows.
---------------------------------------------
https://heise.de/-5052175
∗∗∗ WIndows Print Spooler Keeps Delivering Vulnerabilities, And We Keep Patching Them (CVE-2020-1030) ∗∗∗
---------------------------------------------
by Mitja Kolsek, the 0patch Team Security researcher Victor Mata of Accenture published a detailed analysis of a binary planting vulnerability in Windows Print Spooler (CVE-2020-1030), which they had previously reported to Microsoft in May 2020, and a fix for which was included in September 2020 Windows Updates.
---------------------------------------------
https://blog.0patch.com/2021/02/print-spooler-keeps-delivering.html
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firejail and netty), Fedora (java-1.8.0-openjdk, java-11-openjdk, rubygem-mechanize, and xpdf), Mageia (gstreamer1.0-plugins-bad, nethack, and perl-Email-MIME and perl-Email-MIME-ContentType), openSUSE (firejail, java-11-openjdk, python, and rclone), Red Hat (dotnet, dotnet3.1, dotnet5.0, and rh-nodejs12-nodejs), SUSE (firefox, kernel, python, python36, and subversion), and Ubuntu (gnome-autoar, junit4, openvswitch, postsrsd, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/845750/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i – July 2020. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-developer-for-i-july-2020/
∗∗∗ Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-does-not-properly-encode-error-messages-sent-to-web-users-cve-2021-20405/
∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with a cross-site scripting vulnerability (CVE-2020-7676) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-a-cross-site-scripting-vulnerability-cve-2020-7676/
∗∗∗ Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/
∗∗∗ Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-program-management/
∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with known vulnerabilities (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/
∗∗∗ Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-sourcing/
∗∗∗ Security Bulletin: Cross Site Scripting may affect IBM Business Automation Workflow and IBM Case Manager (ICM) – CVE-2020-4768 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-may-affect-ibm-business-automation-workflow-and-ibm-case-manager-icm-cve-2020-4768/
∗∗∗ Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (CVE-2020-4847) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-sufficiently-guard-against-unauthorized-api-calls-cve-2020-4847/
∗∗∗ Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-contract-management/
∗∗∗ VMSA-2021-0001 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0001.html
∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0147
∗∗∗ Trend Micro Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0169
∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0163
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list