[CERT-daily] Tageszusammenfassung - 14.01.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-01-2021 18:00 − Donnerstag 14-01-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Big Sur: Apple erlaubt wieder Firewall-Filter für Systemdienste ∗∗∗
---------------------------------------------
In aktuellen MacOS-Versionen hatte Apple seine Systemdienste von Firewall-Regeln ausgenommen. Eine Betaversion macht das nun rückgängig.
---------------------------------------------
https://www.golem.de/news/big-sur-apple-erlaubt-wieder-firewall-filter-fuer-systemdienste-2101-153385-rss.html


∗∗∗ Sysdig beobachtet einen Shift Left bei Container Security ∗∗∗
---------------------------------------------
Während Docker als Container Runtime an Bedeutung verliert, scannen immer mehr Anwender ihre Images schon früh im Build-Prozess ihrer CI/CD-Pipelines.
---------------------------------------------
https://heise.de/-5024624


∗∗∗ Cisco says it wont patch 74 security bugs in older RV routers that reached EOL ∗∗∗
---------------------------------------------
Cisco advises RV110W, RV130, RV130W, and RV215W device owners to migrate to newer gear.
---------------------------------------------
https://www.zdnet.com/article/cisco-says-it-wont-patch-74-security-bugs-in-older-rv-routers-that-reached-eol/


∗∗∗ Telegram-based phishing service Classiscam hits European marketplaces ∗∗∗
---------------------------------------------
Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/telegram-based-phishing-service-classiscam-hits-european-marketplaces/


∗∗∗ Windows 10 bug corrupts your hard drive on seeing this files icon ∗∗∗
---------------------------------------------
An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/


∗∗∗ Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file, (Thu, Jan 14th) ∗∗∗
---------------------------------------------
Recently I had to analyze an Excel malicious file that was caught in the wild, in a real attack. The file was used in a spear phishing attack where a victim was enticed into opening the file with Excel and, of course, enabling macros.
---------------------------------------------
https://isc.sans.edu/diary/rss/26986


∗∗∗ Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments ∗∗∗
---------------------------------------------
CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices. In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services which provides technical details and [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/01/13/attackers-exploit-poor-cyber-hygiene-compromise-cloud-security


∗∗∗ Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife ∗∗∗
---------------------------------------------
This time we decided to dissect and share intelligence information about another piece of the TH-239 arsenal: a tiny and mysterious tool dubbed “STEELCORGI” on FireEye research. This tool was heavily protected using a novel technique able to make things really difficult to any DFIR Team tackling with TH-239 intrusion, but it’s contents reveal huge surprises and unattended capabilities.
---------------------------------------------
https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/


∗∗∗ A Global Perspective of the SideWinder APT ∗∗∗
---------------------------------------------
AT&T Alien Labs has conducted an investigation on the adversary group publicly known as SideWinder in order to historically document its highly active campaigns and identify a more complete picture of targets, motivations, and objectives.
---------------------------------------------
https://cybersecurity.att.com/blogs/labs-research/a-global-perspective-of-the-sidewinder-apt



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Office January security updates fix remote code execution bugs ∗∗∗
---------------------------------------------
Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this months Patch Tuesday.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/office-january-security-updates-fix-remote-code-execution-bugs/


∗∗∗ Juniper Networks Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/juniper-networks-releases-security-updates-multiple-products


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (adplug, audacious-plugins, cpu-x, kernel, kernel-headers, ocp, php, and python-lxml), openSUSE (crmsh, firefox, and hawk2), Oracle (thunderbird), Red Hat (kernel-rt), SUSE (kernel and rubygem-archive-tar-minitar), and Ubuntu (openvswitch and tar).
---------------------------------------------
https://lwn.net/Articles/842673/


∗∗∗ Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2021010110


∗∗∗ OpenSSL vulnerability CVE-2020-1971 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42910051


∗∗∗ Red Hat Decision Manager: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0037


∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210113-02-dos-en


∗∗∗ Security Advisory - Insufficient Integrity Check Vulnerability in Huawei Sound X Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210113-01-ais-en


∗∗∗ Security Advisory - Logic Vulnerability in Huawei Gauss100 Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210113-01-gauss-en


∗∗∗ Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft File Systems Agent (CVE-2020-26116) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-python-affects-ibm-spectrum-protect-plus-microsoft-file-systems-agent-cve-2020-26116/


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-2/


∗∗∗ Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data – GNU glibc (CVE-2020-1751) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-gnu-glibc-affect-ibm-cloud-pak-for-data-gnu-glibc-cve-2020-1751-2/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/


∗∗∗ Security Bulletin: PostgreSQL Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2020-25696) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerability-affects-ibm-sterling-connectdirect-for-microsoft-windows-cve-2020-25696/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-6/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-4/


∗∗∗ Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-5421). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2020-5421-2/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7769) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-and-ibm-integration-bus-cve-2020-7769/


∗∗∗ Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-15358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-cve-2020-15358/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-12/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2015-9381, CVE-2015-9382) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-cve-2015-9381-cve-2015-9382-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-that-is-used-by-ibm-workload-scheduler-2/


∗∗∗ Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway has security vulnerabilities (CVE-2019-2044, CVE-2019-2045) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-mobile-enterprise-gateway-has-security-vulnerabilities-cve-2019-2044-cve-2019-2045/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-11745) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-11745-2/


∗∗∗ Security Bulletin: IBM API Connect V5 Developer Portal is vulnerable to cross-site scripting (CVE-2020-4838) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-developer-portal-is-vulnerable-to-cross-site-scripting-cve-2020-4838-2/


∗∗∗ Security Bulletin: CVE-2020-2601 may affect IBM® SDK, Java™ Technology Edition, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-may-affect-ibm-sdk-java-technology-edition-that-is-used-by-ibm-workload-scheduler-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily