[CERT-daily] Tageszusammenfassung - 04.01.2021

Daily end-of-shift report team at cert.at
Mon Jan 4 18:54:39 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 30-12-2020 18:00 − Montag 04-01-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Citrix adds NetScaler ADC setting to block recent DDoS attacks ∗∗∗
---------------------------------------------
Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks. [...] https://support.citrix.com/article/CTX289674
---------------------------------------------
https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/


∗∗∗ Malware: Wurm macht Windows- und Linux-Server zu Monero-Minern ∗∗∗
---------------------------------------------
Die Schadsoftware nutzt offene Ports von Diensten wie MySQL aus und setzt darauf, dass sie mit schwachen Passwörtern gesichert sind.
---------------------------------------------
https://www.golem.de/news/malware-wurm-macht-windows-und-linux-server-zu-monero-minern-2101-153114-rss.html


∗∗∗ From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th) ∗∗∗
---------------------------------------------
Since another year went by, Ive decided to once again check all of the malicious files, which were caught in my e-mail quarantine during its course. Last year, when I went through the batch of files from 2019, I found couple of very large samples[1] and I wanted to see whether Iɽ find something similar in the 2020 batch.
---------------------------------------------
https://isc.sans.edu/diary/rss/26946


∗∗∗ Cyber-Attacke über SolarWinds: Angreifer hatten Zugriff auf Microsoft-Quellcode ∗∗∗
---------------------------------------------
Microsoft hat eingeräumt, dass die Angreifer im Fall SolarWinds sehr tief in die konzerninternen Netzwerke eingedrungen und bis zum Quellcode gelangt sind.
---------------------------------------------
https://heise.de/-5001678


∗∗∗ IntelOwl 2.0: Freies Tool für Threat-Intelligence-Analysen ∗∗∗
---------------------------------------------
In der neuen Major Release 2.0 erhält das Threat-Intelligence-Werkzeug IntelOwl mehrere neue Analysatoren. Das Tool erscheint als Open-Source-Software.
---------------------------------------------
https://heise.de/-5002685



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Zend Framework remote code execution vulnerability revealed ∗∗∗
---------------------------------------------
An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/


∗∗∗ Zyxel hat Backdoor in Firewalls einprogrammiert ∗∗∗
---------------------------------------------
Zyxel Networks hat in Firewalls und Access-Point-Controller Hintertüren eingebaut und das Passwort verraten. Für die Firewalls gibt es ein Update.
---------------------------------------------
https://heise.de/-5002067


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox, openjpeg2, openssl, qemu, tensorflow, and thunderbird) and Debian (highlight.js).
---------------------------------------------
https://lwn.net/Articles/841498/


∗∗∗ Security updates for the start of 2021 ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libxstream-java and p11-kit), Mageia (curl and minidlna), and openSUSE (groovy).
---------------------------------------------
https://lwn.net/Articles/841544/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy).
---------------------------------------------
https://lwn.net/Articles/841653/


∗∗∗ Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201230-02-cloudengine-en


∗∗∗ Apache Tomcat vulnerability CVE-2020-17527 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44415301

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list