[CERT-daily] Tageszusammenfassung - 15.02.2021
Daily end-of-shift report
team at cert.at
Mon Feb 15 18:11:40 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 12-02-2021 18:00 − Montag 15-02-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Copycats imitate novel supply chain attack that hit tech giants ∗∗∗
---------------------------------------------
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/copycats-imitate-novel-supply-chain-attack-that-hit-tech-giants/
∗∗∗ Sunbird und Hornbill: Neue Android-Spyware der Confucius-APT ∗∗∗
---------------------------------------------
Sicherheitsforscher entdecken zwei Schadprogramme, die sie einer pro-indischen APT-Gruppe zuordnen. Beide sollen auf kommerzieller Spyware basieren.
---------------------------------------------
https://www.golem.de/news/sunbird-und-hornbill-neue-android-spyware-der-confucius-apt-2102-154192-rss.html
∗∗∗ Using Logstash to Parse IPtables Firewall Logs, (Sat, Feb 13th) ∗∗∗
---------------------------------------------
One of our reader submitted some DSL Modem Firewall logs (iptables format) and I wrote a simple logstash parser to analyze and illustrate the activity, in this case it is all scanning activity against this modem. An iptables parser exist for Filebeat, but for this example, I wanted to show how to create a simple logstash parser using Grok to parse these logs and send them to Elastic.
---------------------------------------------
https://isc.sans.edu/diary/rss/27096
=====================
= Vulnerabilities =
=====================
∗∗∗ VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle ∗∗∗
---------------------------------------------
Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.
---------------------------------------------
https://heise.de/-5055247
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (busybox, linux-4.19, openvswitch, subversion, unbound1.9, and xterm), Fedora (audacity, community-mysql, kernel, libzypp, mysql-connector-odbc, python-django, python3.10, and zypper), openSUSE (librepo, openvswitch, subversion, and wpa_supplicant), Red Hat (subversion:1.10), SUSE (kernel, openvswitch, perl-File-Path, and wpa_supplicant), and Ubuntu (postgresql-12).
---------------------------------------------
https://lwn.net/Articles/846318/
∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001 ∗∗∗
---------------------------------------------
* Versions affected: WebKitGTK before 2.30.5 and WPE WebKit before 2.30.5.
* Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
* Description: An use after free issue in the AudioSourceProviderGStreamer class was addressed with improved memory management.
---------------------------------------------
https://webkitgtk.org/security/WSA-2021-0001.html
∗∗∗ Security Bulletin: Insecure HTTP Communication ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-insecure-http-communication-2/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-operations-center-cve-2020-4954-cve-2020-4955-cve-2020-4956/
∗∗∗ Security Bulletin: IBM Cognos Controller is vulnerable to privilege escalation (CVE-2020-4685) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-is-vulnerable-to-privilege-escalation-cve-2020-4685-3/
∗∗∗ Security Bulletin: Vulnerabilities in bind CVE-2020-8622, CVE-2020-8623 and CVE-2020-8624. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-bind-cve-2020-8622-cve-2020-8623-and-cve-2020-8624/
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console (CVE-2020-1971). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2020-1971/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list