[CERT-daily] Tageszusammenfassung - 22.02.2021

Daily end-of-shift report team at cert.at
Mon Feb 22 18:07:37 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 19-02-2021 18:00 − Montag 22-02-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Trojaner-Alarm bei 3D-Drucker-Software von Creality ∗∗∗
---------------------------------------------
Das auf den Download-Seiten Crealitys für den 3D-Drucker Ender 5 angebotene Software-Paket führt auf Windows-PCs zu einer Alarmmeldung.
---------------------------------------------
https://heise.de/-5061290


∗∗∗ Silver Sparrow: Mysteriöse Malware auf über 29.000 Macs entdeckt ∗∗∗
---------------------------------------------
Die für Intel- und ARM-Macs ausgelegte Software hat eine Selbstzerstörungsfunktion und kontaktiert regelmäßig Befehlsserver, tut aber bislang nichts.
---------------------------------------------
https://heise.de/-5062066


∗∗∗ Powerhouse VPN products can be abused for large-scale DDoS attacks ∗∗∗
---------------------------------------------
Around 1,500 Powerhouse VPN servers are exposed online and ready to be abused by DDoS groups.
---------------------------------------------
https://www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks/


∗∗∗ Recently fixed Windows zero-day actively exploited since mid-2020 ∗∗∗
---------------------------------------------
Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/


∗∗∗ Quickie: Extracting HTTP URLs With tshark, (Sat, Feb 20th) ∗∗∗
---------------------------------------------
After I posted diary entry "Quickie: tshark & Malware Analysis", someone asked me how to extract HTTP URLs from capture files with tshark.
---------------------------------------------
https://isc.sans.edu/diary/rss/27120


∗∗∗ DDE and oledump, (Sun, Feb 21st) ∗∗∗
---------------------------------------------
I was asked if the DDE YARA rules I created work with oledump.py on the sample that Xavier wrote about in his diary entry "Dynamic Data Exchange (DDE) is Back in the Wild?".
---------------------------------------------
https://isc.sans.edu/diary/rss/27122


∗∗∗ New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victims Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a [...]
---------------------------------------------
https://thehackernews.com/2021/02/new-hack-lets-attackers-bypass.html


∗∗∗ Genetics of a Modern IoT Attack ∗∗∗
---------------------------------------------
When it comes to IoT attacks and malware, there is a perceptible pattern in which all intrusions manifest. It is good practice to study such patterns and draw conclusions so that we may extrapolate to future attacks.
---------------------------------------------
https://cujo.com/genetics-of-a-modern-iot-attack/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! SonicWall optimiert Sicherheitsupdates für SMA 100 ∗∗∗
---------------------------------------------
Der Netzwerkausrüster hat neue Patches für sein Fernzugriffsystem SMA 100 veröffentlicht und rät zur zügigen Installation.
---------------------------------------------
https://heise.de/-5061513


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, libzstd, openldap, openvswitch, screen, and wpa), Fedora (dotnet5.0, subversion, and wpa_supplicant), openSUSE (mumble, python-djangorestframework, and tor), Oracle (container-tools:ol8, kernel, nodejs:10, nodejs:12, nodejs:14, subversion:1.10, and xterm), Red Hat (stunnel and xterm), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, krb5-appl, python3, tomcat, and webkit2gtk3).
---------------------------------------------
https://lwn.net/Articles/847035/


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0198


∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-multicloud-management/


∗∗∗ Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-pak-for-multicloud-management/


∗∗∗ Security Bulletin: A vulnerability in Bouncy Castle affects IBM Rational Performance Tester (CVE-2020-26939) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-bouncy-castle-affects-ibm-rational-performance-tester-cve-2020-26939/


∗∗∗ Security Bulletin: A security vulnerability in Node.js ini module affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-ini-module-affects-ibm-cloud-pak-for-multicloud-management/


∗∗∗ Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-fasterxml-jackson-databind-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2020-25649/


∗∗∗ Security Bulletin: App Connect Professional & IBM WebSphere Cast Iron Solution are affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-ibm-websphere-cast-iron-solution-are-affected-by-apache-tomcat-vulnerabilities/


∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management/


∗∗∗ Security Bulletin: A security vulnerability in PostgreSQL affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-postgresql-affects-ibm-cloud-pak-for-multicloud-management/


∗∗∗ Security Bulletin: A security vulnerability in Node.js y18n module affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-y18n-module-affects-ibm-cloud-pak-for-multicloud-management/


∗∗∗ Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights/


∗∗∗ Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/


∗∗∗ Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-conductor-2-5-0/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list