[CERT-daily] Tageszusammenfassung - 12.02.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 11-02-2021 18:00 − Freitag 12-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Buggy WordPress plugin exposes 100K sites to takeover attacks ∗∗∗
---------------------------------------------
Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/buggy-wordpress-plugin-exposes-100k-sites-to-takeover-attacks/


∗∗∗ Internet Explorer 11 zero-day vulnerability gets unofficial micropatch ∗∗∗
---------------------------------------------
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-unofficial-micropatch/


∗∗∗ Web shell attacks continue to rise ∗∗∗
---------------------------------------------
A year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/


∗∗∗ AgentTesla Dropped Through Automatic Click in Microsoft Help File, (Fri, Feb 12th) ∗∗∗
---------------------------------------------
Attackers have plenty of resources to infect our systems. If some files may look suspicious because the extension is less common (like .xsl files), others look really safe and make the victim confident to open it. I spotted a phishing campaign that delivers a fake invoice. The attached file is a classic ZIP archive but it contains a .chm file: a Microsoft compiled HTML Help file.
---------------------------------------------
https://isc.sans.edu/diary/rss/27092


∗∗∗ Vorsicht Finanzbetrug: Zahlen Sie keine 250 Euro auf horizoninvest.cc ein! ∗∗∗
---------------------------------------------
Die österreichische Finanzmarktaufsicht (FMA) warnt derzeit mit einer aktuellen Kampagne vor Anlage- und Finanzbetrug. Auch bei der Watchlist Internet werden zunehmend betrügerische Plattformen gemeldet, die leicht verdientes Geld durch Investments, versprechen. Aktuell melden LeserInnen vermehrt horizoninvest.cc. Zahlen Sie dort auf keinen Fall Geld ein! Dieses landet nämlich direkt in den Händen der Kriminellen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-finanzbetrug-zahlen-sie-keine-250-euro-auf-horizoninvestcc-ein/


∗∗∗ Free decrypter released for Avaddon ransomware victims... aaand, its gone! ∗∗∗
---------------------------------------------
The Avaddon ransomware gang said in a forum post they already updated their code to counter the tools release.
---------------------------------------------
https://www.zdnet.com/article/free-decrypter-released-for-avaddon-ransomware-victims-aaand-its-gone/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Angreifer könnten BIG-IP Appliances von F5 übernehmen ∗∗∗
---------------------------------------------
Verschiedene Netzwerkprodukte von F5 sind attackierbar. Angreifer könnten Geräte lahmlegen oder sogar eigene Befehle ausführen.
---------------------------------------------
https://heise.de/-5053268


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (ansible, chromium, cups, docker, firefox, gitlab, glibc, helm, lib32-glibc, minio, nextcloud, opendoas, opera, php, php7, privoxy, python-django, python-jinja, python2-jinja, thunderbird, vivaldi, and wireshark-cli), Fedora (jasper, linux-firmware, php, python-cryptography, spice-vdagent, subversion, and thunderbird), Mageia (gssproxy and phpldapadmin), openSUSE (chromium, containerd, docker, docker-runc,, librepo, nextcloud, and privoxy), SUSE
---------------------------------------------
https://lwn.net/Articles/845999/


∗∗∗ Security Bulletin: Multiple security vulnerability has been identified in Oracle Java shipped with IBM® Intelligent Operations Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerability-has-been-identified-in-oracle-java-shipped-with-ibm-intelligent-operations-center/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-7/


∗∗∗ Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect-ibm-sdk-java-technology-edition-2/


∗∗∗ Security Bulletin: IBM Security Verify Information Queue does not sufficiently safeguard session IDs from session fixation attacks (CVE-2021-20411) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-does-not-sufficiently-safeguard-session-ids-from-session-fixation-attacks-cve-2021-20411/


∗∗∗ Security Bulletin: CVE-2020-2773 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: a security vulnerability has been identified in Oracle Java shipped with IBM® Intelligent Operations Center (CVE-2020-2590) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-oracle-java-shipped-with-ibm-intelligent-operations-center-cve-2020-2590/


∗∗∗ Security Bulletin: IBM Security Verify Information Queue does not sufficiently protect the key that encrypts and decrypts product credentials (CVE-2021-20408) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-does-not-sufficiently-protect-the-key-that-encrypts-and-decrypts-product-credentials-cve-2021-20408/


∗∗∗ Security Bulletin: A security vulnerability has been identified in Oracle Java shipped with IBM® Intelligent Operations Center (CVE-2020-2601) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-oracle-java-shipped-with-ibm-intelligent-operations-center-cve-2020-2601/


∗∗∗ Security Bulletin: IBM Security Verify Information Queue discloses sensitive information in source code (CVE-2021-20407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-discloses-sensitive-information-in-source-code-cve-2021-20407/


∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a relatively weak cryptographic algorithm to protect application data (CVE-2021-20406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-relatively-weak-cryptographic-algorithm-to-protect-application-data-cve-2021-20406/


∗∗∗ Multiple Embedded TCP/IP stacks ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-01


∗∗∗ Rockwell Automation DriveTools SP and Drives AOP ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02


∗∗∗ Wibu-Systems CodeMeter (Update E) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily