[CERT-daily] Tageszusammenfassung - 08.01.2021
Daily end-of-shift report
team at cert.at
Fri Jan 8 18:21:36 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-01-2021 18:00 − Freitag 08-01-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Zwei-Faktor-Authentifizierung: Strahlung verrät Schlüssel von Googles Titan-Token ∗∗∗
---------------------------------------------
Der privaten Schlüssel eines Hardware-Sicherheitstokens von Google lässt sich anhand der Strahlung rekonstruieren.
---------------------------------------------
https://www.golem.de/news/zwei-faktor-authentifizierung-strahlung-verraet-schluessel-von-googles-titan-token-2101-153245-rss.html
∗∗∗ Using the NIST Database and API to Keep Up with Vulnerabilities and Patches - Playing with Code (Part 2 of 3), (Fri, Jan 8th) ∗∗∗
---------------------------------------------
Building on yesterday's story - now that we have an inventory built in CPE format, let's take an example CVE from that and write some code. What's in the NVD database (and API) that you can access, then use in your organization?
---------------------------------------------
https://isc.sans.edu/diary/rss/26964
∗∗∗ Evaluating Cookies to Hide Backdoors ∗∗∗
---------------------------------------------
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect. For example, an attacker can inject a single line of code containing less than 130 characters into a website file. While this may not seem like a lot of code, this short string can be used to load PHP web shells on your website [...]
---------------------------------------------
https://blog.sucuri.net/2021/01/evaluating-cookies-to-hide-backdoors.html
∗∗∗ Achtung bei der Schnäppchenjagd: Fake-Shop mydealz.live lockt mit Technik-Restposten ∗∗∗
---------------------------------------------
Schnäppchen-JägerInnen aufgepasst: Auf mydealz.live gibt es statt günstigen Angeboten nur teure Abzocke. Viele KonsumentInnen stoßen derzeit auf diese Webseite, da Sie glauben auf der Plattform mydealz.de zu sein. Doch tatsächlich handelt es sich bei mydealz.live um einen Fake-Shop, der günstige Technik-Restposten verspricht, aber nicht liefert.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-bei-der-schnaeppchenjagd-fake-shop-mydealzlive-lockt-mit-technik-restposten/
∗∗∗ A crypto-mining botnet is now stealing Docker and AWS credentials ∗∗∗
---------------------------------------------
After if began stealing AWS credentials last summer, the TeamTNT botnet is now also stealing Docker API logins, making the use of firewalls mandatory for all internet-exposed Docker interfaces.
---------------------------------------------
https://www.zdnet.com/article/a-crypto-mining-botnet-is-now-stealing-docker-and-aws-credentials/
=====================
= Vulnerabilities =
=====================
∗∗∗ Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws ∗∗∗
---------------------------------------------
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.
---------------------------------------------
https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/
∗∗∗ Sicherheitsupdates: Schadcode-Attacken auf Frühwarnsystem FortiDeceptor möglich ∗∗∗
---------------------------------------------
Fortinet hat wichtige Sicherheitspatches für FortiDeceptor, FortiWeb und FortiGate SSL VPN veröffentlicht.
---------------------------------------------
https://heise.de/-5018396
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and libxstream-java), Fedora (awstats and dia), Mageia (c-ares, dash, and dovecot), openSUSE (dovecot23, gimp, kitty, and python-notebook), Oracle (kernel), SUSE (python-paramiko and tomcat), and Ubuntu (edk2, firefox, ghostscript, and openjpeg2).
---------------------------------------------
https://lwn.net/Articles/842093/
∗∗∗ Innokas Yhtymä Oy Vital Signs Monitor ∗∗∗
---------------------------------------------
This advisory contains mitigations for Cross-site Scripting, and Improper Neutralization of Special Elements in Output Used by a Downstream Component vulnerabilities in the Innokas Yhtymä Oy Vital Signs Monitor.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-007-01
∗∗∗ Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Improper Authentication vulnerability in the Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer device.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-01
∗∗∗ Omron CX-One ∗∗∗
---------------------------------------------
This advisory contains mitigations for Untrusted Pointer Dereference, Stack-based Buffer Overflow, and Type Confusion vulnerabilities in Omrons CX-One automation software suite.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02
∗∗∗ Eaton EASYsoft ∗∗∗
---------------------------------------------
This advisory contains mitigations for Type Confusion, and Out-of-bounds Read vulnerabilities in Eatons EASYsoft controller software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
∗∗∗ Delta Electronics CNCSoft-B ∗∗∗
---------------------------------------------
This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read, Untrusted Pointer Dereference, and Type Confusion vulnerabilities in the Delta Electronics CNCSoft-B software management platform.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list