[CERT-daily] Tageszusammenfassung - 24.02.2021
Daily end-of-shift report
team at cert.at
Wed Feb 24 18:29:20 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 23-02-2021 18:00 − Mittwoch 24-02-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Finnish IT services giant TietoEVRY discloses ransomware attack ∗∗∗
---------------------------------------------
Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients services.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/finnish-it-services-giant-tietoevry-discloses-ransomware-attack/
∗∗∗ Cyberkriminelle attackieren Krankenhäuser und Impfstoffhersteller ∗∗∗
---------------------------------------------
Die Corona-Pandemie wurde von Kriminellen genutzt, um Geld zu erpressen. Auch die Impfstoff-Lieferketten gerieten ins Visier.
---------------------------------------------
https://futurezone.at/digital-life/ransomware-angriffe-auf-krankenhaeuser-nehmen-stark-zu/401197883
∗∗∗ Microsoft Lures Populate Half of Credential-Swiping Phishing Emails ∗∗∗
---------------------------------------------
As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.
---------------------------------------------
https://threatpost.com/microsoft-lures-credential-swiping-phishing-emails/164207/
∗∗∗ Malspam pushes GuLoader for Remcos RAT, (Wed, Feb 24th) ∗∗∗
---------------------------------------------
Malicious spam (malspam) pushing GuLoader malware has been around for over a year now. GuLoader is a file downloader first observed in December 2019, and it has been used to distribute a wide variety of malware.
---------------------------------------------
https://isc.sans.edu/diary/rss/27132
∗∗∗ Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks ∗∗∗
---------------------------------------------
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
---------------------------------------------
https://thehackernews.com/2021/02/experts-warns-of-notable-increase-in.html
∗∗∗ 2020 ICS Cybersecurity Year in Review ∗∗∗
---------------------------------------------
The Dragos YIR report is an annual analysis of ICS/OT focused cyber threats, vulnerabilities, assessments, and incident response insights.
---------------------------------------------
https://www.dragos.com/blog/industry-news/2020-ics-cybersecurity-year-in-review/
∗∗∗ New LazyScripter Hacking Group Targets Airlines ∗∗∗
---------------------------------------------
A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association (IATA).
---------------------------------------------
https://www.securityweek.com/new-lazyscripter-hacking-group-targets-airlines
∗∗∗ An Analysis of MassLogger v3 ∗∗∗
---------------------------------------------
Researchers from Avast have published a report on their analysis of the MassLogger v3 infostealing malware. The analysis focuses on the obfuscation of the final payload.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/8f1c8a4c335e11921fdc7a3f520600fd
=====================
= Vulnerabilities =
=====================
∗∗∗ Jetzt updaten: Kritische Lücke aus VMware ESXi und vCenter Server beseitigt ∗∗∗
---------------------------------------------
Drei Sicherheitslücken mit Einstufungen von "Moderate" bis "Critical" betreffen neben ESXi und vCenter Server indirekt auch Cloud Foundation. Es gibt Updates.
---------------------------------------------
https://heise.de/-5063860
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (firefox and tor), Oracle (stunnel and xterm), Red Hat (virt:8.2 and virt-devel:8.2 and xterm), SUSE (avahi, gnuplot, java-1_7_0-ibm, and pcp), and Ubuntu (openssl).
---------------------------------------------
https://lwn.net/Articles/847240/
∗∗∗ Cisco Security Advisories 2021-02-24 ∗∗∗
---------------------------------------------
3 Critical, 4 High, 5 Medium Severity
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F02%2F24&firstPublishedEndDate=2021%2F02%2F24
∗∗∗ Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products ∗∗∗
---------------------------------------------
BOSCH-SA-372917: Linux kernel versions through 5.10.11 contain weaknesses which allow local users to execute code in the kernel with the potential to escalate privileges. The ctrlX CORE and the IoT Gateway both are shipped with vulnerable versions of those components.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-372917.html
∗∗∗ ZDI-21-249: (Pwn2Own) NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-249/
∗∗∗ ZDI-21-248: (Pwn2Own) NETGEAR R7800 udchpd DHCP_REQUEST Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-248/
∗∗∗ ZDI-21-247: NETGEAR Nighthawk R7800 ready-genie-cloud Insecure Download of Critical Component Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-247/
∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210218-01-privilege-en
∗∗∗ Security Advisory - Use After Free Vulnerability in Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-01-uaf-en
∗∗∗ Security Advisory - Denial of Service Vulnerability in Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-03-dos-en
∗∗∗ Security Bulletin: Clickjacking vulnerability identified in IBM Dependency Based Build server web UI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-clickjacking-vulnerability-identified-in-ibm-dependency-based-build-server-web-ui/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway (CVE-2020-14797, CVE-2020-14779, CVE-2020-14796) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-cve-2020-14797-cve-2020-14779-cve-2020-14796/
∗∗∗ Security Bulletin: A security vulnerability in Node.js nodemailer module affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-nodemailer-module-affects-ibm-cloud-automation-manager/
∗∗∗ Security Bulletin: Multiple CVEs – Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-cves-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager-3/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM MessageGateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-messagegateway/
∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus (CVE-2020-7760) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-integration-bus-cve-2020-7760/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4931) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4931/
∗∗∗ Security Bulletin: OpenLDAP publicly disclosed vulnerabilities affects MessageGateway (CCVE-2020-36230, CVE-2020-36229) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openldap-publicly-disclosed-vulnerabilities-affects-messagegateway-ccve-2020-36230-cve-2020-36229/
∗∗∗ Security Bulletin: IBM Cloud Pak for Security is vulnerable to cookie spoofing (CVE-2019-12749) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-security-is-vulnerable-to-cookie-spoofing-cve-2019-12749/
∗∗∗ Security Bulletin: A security vulnerability in Node.js nodemailer module affects IBM Cloud Pak for Multicloud Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-nodemailer-module-affects-ibm-cloud-pak-for-multicloud-management/
∗∗∗ Rockwell Automation FactoryTalk Services Platform ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-054-01
∗∗∗ Advantech BB-ESWGP506-2SFP-T ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-054-02
∗∗∗ Advantech Spectre RT Industrial Routers ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list