[CERT-daily] Tageszusammenfassung - 13.01.2021
Daily end-of-shift report
team at cert.at
Wed Jan 13 18:23:33 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 12-01-2021 18:00 − Mittwoch 13-01-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Hackers steal Mimecast certificate used to encrypt customers’ M365 traffic ∗∗∗
---------------------------------------------
Compromise by "sophisticated threat actor" prompts company to issue new certificate.
---------------------------------------------
https://arstechnica.com/?p=1734653
∗∗∗ MegaCortex Ransomware: The Cyber-Threat Looming Over Corporate Networks ∗∗∗
---------------------------------------------
Cybercriminals only want one thing these days, and that thing is substantial payouts. This is why most hackers focus on big game hunting, directing the vast majority of their efforts towards company networks rather than individual home users.
---------------------------------------------
https://heimdalsecurity.com/blog/megacortex-ransomware/
∗∗∗ Hancitor activity resumes after a hoilday break, (Wed, Jan 13th) ∗∗∗
---------------------------------------------
Campaigns spreading Hancitor malware were active from October through December 2020, but Hancitor went quiet after 2020-12-17. On Tuesday 2021-01-12, criminals started sending malicious spam (malspam) pushing Hancitor again.
---------------------------------------------
https://isc.sans.edu/diary/rss/26980
∗∗∗ Obfuscation Techniques in Ransomweb “Ransomware” ∗∗∗
---------------------------------------------
As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major issues for a business’ data, revenue, and ultimately reputation.
---------------------------------------------
https://blog.sucuri.net/2021/01/obfuscation-techniques-in-ransomweb-ransomware.html
∗∗∗ A Rare Look Inside a Cryptojacking Campaign and its Profit ∗∗∗
---------------------------------------------
This post details an ongoing cryptojacking campaign targeting Linux machines, using exposed Docker API ports as an initial access vector to a victim’s machine. The attacker then installs a Golang binary, which is undetected in VirusTotal at the time of this writing.
---------------------------------------------
https://www.intezer.com/blog/research/a-rare-look-inside-a-cryptojacking-campaign-and-its-profit/
∗∗∗ Ubiquiti breach, and other IoT security problems ∗∗∗
---------------------------------------------
Ubiquiti informed its customers about unauthorized access to its online customer portal. Heres what you need to know.
---------------------------------------------
https://blog.malwarebytes.com/iot/2021/01/ubiquiti-breach-and-other-iot-security-problems/
∗∗∗ Rogue Android RAT Can Take Control of Devices, Steal Data ∗∗∗
---------------------------------------------
A recently discovered Mobile Remote Access Trojan (MRAT) can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn.
---------------------------------------------
https://www.securityweek.com/rogue-android-rat-can-take-control-devices-steal-data
∗∗∗ Google reveals sophisticated Windows and Android hacking operation ∗∗∗
---------------------------------------------
The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits.
---------------------------------------------
https://www.zdnet.com/article/google-reveals-sophisticated-windows-android-hacking-operation/
∗∗∗ Vorsicht vor gefälschten Rechnungen von Austria IT, Vicca Security & Online Service Support ∗∗∗
---------------------------------------------
Derzeit werden uns gehäuft betrügerische E-Mails mit gefälschten Rechnungen von „Austria IT“, „Vicca Security“ und „Online Service Support“ gemeldet.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-rechnungen-von-austria-it-vicca-security-online-service-support/
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft January 2021 Patch Tuesday fixes 83 flaws, 1 zero-day ∗∗∗
---------------------------------------------
With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important. There is also one zero-day and one previously disclosed vulnerabilities fixed as part of the January 2021 updates.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2021-patch-tuesday-fixes-83-flaws-1-zero-day/
∗∗∗ Microsoft fixes Secure Boot bug allowing Windows rootkit installation ∗∗∗
---------------------------------------------
Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating systems booting process even when Secure Boot is enabled.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-fixes-secure-boot-bug-allowing-windows-rootkit-installation/
∗∗∗ Cisco Security Advisories 2021-01-13 ∗∗∗
---------------------------------------------
0 Critical, 4 High, 19 Medium severity
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F01%2F13&firstPublishedEndDate=2021%2F01%2F13&limit=50
∗∗∗ Sicherheitsupdate: Kritische Schadcode-Lücke in Thunderbird ∗∗∗
---------------------------------------------
Mozilla hat seinen Mail-Client abgesichert. Nutzer sollten schnell updaten.
---------------------------------------------
https://heise.de/-5022816
∗∗∗ Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin ∗∗∗
---------------------------------------------
On November 19, 2020, our Threat Intelligence team responsibly disclosed two vulnerabilities in Orbit Fox by ThemeIsle, a WordPress plugin used by over 400,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (coturn, imagemagick, and spice-vdagent), Fedora (roundcubemail and sympa), Gentoo (asterisk and virtualbox), Oracle (kernel and kernel-container), Red Hat (dotnet3.1, dotnet5.0, and thunderbird), SUSE (crmsh, firefox, hawk2, ImageMagick, kernel, libzypp, zypper, nodejs10, nodejs14, openstack-dashboard, release-notes-suse-openstack-cloud, and tcmu-runner), and Ubuntu (coturn).
---------------------------------------------
https://lwn.net/Articles/842557/
∗∗∗ The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN69635538/
∗∗∗ Security Bulletin: CVE-2020-1968 vulnerability in OpenSSL may affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1968-vulnerability-in-openssl-may-affect-ibm-workload-scheduler/
∗∗∗ Local Privilege Escalation in VMware vRealize Automation (vRA) Guest Agent Service ∗∗∗
---------------------------------------------
https://medium.com/@bridge_004/local-privilege-escalation-in-vmware-vrealize-automation-vra-guest-agent-service-a83fbdce1129
∗∗∗ SOOIL Dana Diabecare RS Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01
∗∗∗ Schneider Electric EcoStruxure Power Build-Rapsody ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list