[CERT-daily] Tageszusammenfassung - 15.01.2021

Daily end-of-shift report team at cert.at
Fri Jan 15 18:13:30 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-01-2021 18:00 − Freitag 15-01-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ ErpresserInnen kennen Ihre persönlichen Daten? Nicht einschüchtern lassen! ∗∗∗
---------------------------------------------
Immer wieder werden uns erpresserische E-Mails gemeldet, in denen persönliche Daten der Betroffenen genannt werden. Aktuell ist eine Erpressungsmail im Umlauf, in der die Kriminellen vorgeben einiges über die EmpfängerInnen zu wissen. Als Beweis geben sie die Adresse und die Telefonnummer an. Auch wenn dieses Wissen verunsichert, sollten Sie sich nicht einschüchtern lassen und die Forderungen der ErpresserInnen ignorieren.
---------------------------------------------
https://www.watchlist-internet.at/news/erpresserinnen-kennen-ihre-persoenlichen-daten-nicht-einschuechtern-lassen/


∗∗∗ Hunting for Bugs in Windows Mini-Filter Drivers ∗∗∗
---------------------------------------------
In December Microsoft fixed 4 issues in Windows in the Cloud Filter and Windows Overlay Filter (WOF) drivers (CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17139). These 4 issues were 3 local privilege escalations and a security feature bypass, and they were all present in Windows file system filter drivers. I’ve found a number of issues in filter drivers previously, including 6 in the LUAFV driver which implements UAC file virtualization.
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html


∗∗∗ Cyber Security advice for Finance staff ∗∗∗
---------------------------------------------
Working in the finance team at PTP I’m constantly reminded just how little attention is paid to hacking and cyber crime in accounting and finance training and education. When I [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/cyber-security-advice-for-finance-staff/


∗∗∗ Throwback Friday: An Example of Rig Exploit Kit, (Fri, Jan 15th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/26990



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 ∗∗∗
---------------------------------------------
Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly [...]
---------------------------------------------
https://msrc-blog.microsoft.com:443/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/


∗∗∗ Apache Releases Security Advisory for Tomcat ∗∗∗
---------------------------------------------
The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/apache-releases-security-advisory-tomcat


∗∗∗ ZDI-21-068: Panasonic Control FPWIN Pro Project File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panasonic Control FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-068/


∗∗∗ Mitsubishi Electric Factory Automation Products Path Traversal (Update A) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-20-212-03 Mitsubishi Electric Factory Automation Products Path Traversal that was published July 30, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Path Traversal vulnerability in Mitsubishi Electric Factory Automation products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-03


∗∗∗ Mitsubishi Electric Factory Automation Engineering Products (Update B) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update A) that was published November 5, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04


∗∗∗ Security Bulletin: Vulnerability in Apache Solr affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-solr-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: Malicious file upload and download could affect Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-malicious-file-upload-and-download-could-affect-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-java-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: Cross Site Scripting vulnerability in Google Web Toolkit may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2012-5920 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-in-google-web-toolkit-may-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2012-5920/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list