[CERT-daily] Tageszusammenfassung - 17.02.2021

Daily end-of-shift report team at cert.at
Wed Feb 17 18:08:52 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-02-2021 18:00 − Mittwoch 17-02-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Masslogger Swipes Microsoft Outlook, Google Chrome Credentials ∗∗∗
---------------------------------------------
A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain.
---------------------------------------------
https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/


∗∗∗ The new "LinkedInSecureMessage" ?, (Wed, Feb 17th) ∗∗∗
---------------------------------------------
With all the talk of secure messenger applications lately, I bet you’d like to have just one more, right?  In the past few weeks, we’ve noticed a new variant on a typical cred-stealer, in this case offering itself up as a new, secure messaging format used over the career website LinkedIn.   
---------------------------------------------
https://isc.sans.edu/diary/rss/27110


∗∗∗ Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping ∗∗∗
---------------------------------------------
A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. Thats according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.ios SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "temi" personal robot.
---------------------------------------------
https://thehackernews.com/2021/02/agora-sdk-bug-left-several-video.html


∗∗∗ North Korean Malicious Cyber Activity: AppleJeus ∗∗∗
---------------------------------------------
Original release date: February 17, 2021CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.”The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/02/17/north-korean-malicious-cyber-activity-applejeus


∗∗∗ Remotely Exploitable 0day in Internet Explorer Gets a Free Micropatch ∗∗∗
---------------------------------------------
On February 4, 2021, security researchers at ENKI, a South Korean security consultancy, published a blog post detailing an unpatched vulnerability in Internet Explorer. This "0day" vulnerability was used in an attack campaign against various security researchers, including ENKI researchers, who noticed the attack and took the exploit apart to extract the vulnerability information. ENKI researchers kindly shared their proof of concept with us, so we could quickly start analyzing the vulnerability and create a micropatch for it.
---------------------------------------------
https://blog.0patch.com/2021/02/remotely-exploitable-0day-in-internet.html


∗∗∗ Vorsicht bei zu günstigen Angeboten im Facebook-Marketplace! ∗∗∗
---------------------------------------------
Der Marketplace von Facebook ermöglicht nicht nur privaten VerkäuferInnen, neue und gebrauchte Produkte anzubieten, sondern auch kommerziellen HändlerInnen. Interessierte KäuferInnen sollten die Anzeigen und die dahinterstehenden Facebook-Profile jedoch genau überprüfen. Denn wie auch bei anderen Kleinanzeigenplattformen kommt es auf Facebook immer wieder zu Betrug. Wir zeigen Ihnen wie Sie betrügerische Angebote entlarven können.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstigen-angeboten-im-facebook-marketplace/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ QNAP patches critical vulnerability in Surveillance Station NAS app ∗∗∗
---------------------------------------------
QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-patches-critical-vulnerability-in-surveillance-station-nas-app/


∗∗∗ OpenSSL Security Advisory [16 February 2021] ∗∗∗
---------------------------------------------
Severity Moderate: Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
Severity Low: Incorrect SSLv2 rollback protection (CVE-2021-23839)
Severity Low: Integer overflow in CipherUpdate (CVE-2021-23840)
---------------------------------------------
https://www.openssl.org/news/secadv/20210216.txt


∗∗∗ One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms ∗∗∗
---------------------------------------------
On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites. One of these flaws made it possible for attackers to redirect site administrators to arbitrary locations.
---------------------------------------------
https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openssl and ruby-mechanize), Fedora (chromium, jasper, roundcubemail, spice-vdagent, and webkit2gtk3), openSUSE (python-bottle), Oracle (dotnet, kernel, and kernel-container), Red Hat (redhat-ds:11, RHDM, and RHPAM), SUSE (jasper, kernel, and screen), and Ubuntu (thunderbird and wpa).
---------------------------------------------
https://lwn.net/Articles/846476/


∗∗∗ Cisco StarOS Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj


∗∗∗ Cisco Webex Meetings Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Lz6HbGCt


∗∗∗ Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wda-pt-msh-6LWOcZ5


∗∗∗ Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S


∗∗∗ Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-hijac-JrcTOQMC


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for AIX and Linux – July 2020. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-developer-for-aix-and-linux-july-2020/


∗∗∗ Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-authenticated-attacker-to-execute-arbitrary-code-on-the-system-caused-by-dll-search-order-hijacking-vulnerability-in-microsoft-windows-clie-6/


∗∗∗ Security Bulletin: OpenSSL vulnerability affects IBM Engineering Workflow Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-engineering-workflow-management/


∗∗∗ Hamilton-T1 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-047-01


∗∗∗ Open Design Alliance Drawings SDK ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01


∗∗∗ Rockwell Automation Allen-Bradley Micrologix 1100 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-047-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list