[CERT-daily] Tageszusammenfassung - 20.01.2021

Wed Jan 20 18:14:34 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 19-01-2021 18:00 − Mittwoch 20-01-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Qakbot activity resumes after holiday break, (Wed, Jan 20th) ∗∗∗
---------------------------------------------
It had been relatively quiet for Qakbot until Tuesday 2021-01-19, when we started seeing malicious spam (malspam) pushing Qakbot again.
---------------------------------------------
https://isc.sans.edu/diary/rss/27008


∗∗∗ Google Poject Zero: The State of State Machines ∗∗∗
---------------------------------------------
On January 29, 2019, a serious vulnerability was discovered in Group FaceTime.
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html


∗∗∗ Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments ∗∗∗
---------------------------------------------
A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations.
---------------------------------------------
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/


∗∗∗ Abuse.ch URLhaus als neue Datenquelle für unsere Aussendungen aufgenommen ∗∗∗
---------------------------------------------
Seit Mittwoch, 13. Jänner 2020 senden wir die Daten der URLhaus Feeds des abuse.ch-Projekts in unseren regelmäßigen Benachrichtigungen an Netzbetreiber aus. Die Feeds umfassen URLs, die Malwaredateien diverser Schadsoftwarefamilien hosten.
---------------------------------------------
https://cert.at/de/blog/2021/1/abusech-urlhaus-als-neue-datenquelle-fur-unsere-aussendungen-aufgenommen


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Oracle Critical Patch Update Advisory - January 2021 ∗∗∗
---------------------------------------------
This Critical Patch Update contains 329 new security patches.
---------------------------------------------
https://www.oracle.com/security-alerts/cpujan2021.html


∗∗∗ Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 ∗∗∗
---------------------------------------------
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html


∗∗∗ Cisco Security Advisories 2021-01-20 ∗∗∗
---------------------------------------------
4 Critical, 9 High, 18 Medium severity
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F01%2F20&firstPublishedEndDate=2021%2F01%2F20&limit=50


∗∗∗ Rechteausweitung: Kritische Lücke in älteren iOS- und macOS-Versionen ∗∗∗
---------------------------------------------
Der Bug in Apples XPC-Schnittstelle lässt sich ausnutzen, um erweiterte Rechte zu erlangen, warnt ein Sicherheitsforscher.
---------------------------------------------
https://heise.de/-5030842


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (coturn, dovecot, glibc, and sudo), Mageia (openldap and resource-agents), openSUSE (dnsmasq, python-jupyter_notebook, viewvc, and vlc), Oracle (dnsmasq and xstream), SUSE (perl-Convert-ASN1, postgresql, postgresql13, and xstream), and Ubuntu (nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server, pillow, pyxdg, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/843255/


∗∗∗ Two Vulnerabilities in Bosch Fire Monitoring System (FSM) ∗∗∗
---------------------------------------------
BOSCH-SA-332072-BT: Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). The critical issue applies to FSM systems with versions 5.2 and lower.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-332072-bt.html


∗∗∗ Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g


∗∗∗ Security Advisory - Inconsistent Interpretation of HTTP Requests Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210120-01-http-en


∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210120-02-privilege-en


∗∗∗ Intel Ethernet 700 Series Controllers vulnerabilities CVE-2020-8690, CVE-2020-8691, CVE-2020-8692, and CVE-2020-8693 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28563873


∗∗∗ MISP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0057

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily