[CERT-daily] Tageszusammenfassung - 21.01.2021
Daily end-of-shift report
team at cert.at
Thu Jan 21 18:06:51 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-01-2021 18:00 − Donnerstag 21-01-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop ∗∗∗
---------------------------------------------
One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?
---------------------------------------------
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
∗∗∗ Powershell Dropping a REvil Ransomware, (Thu, Jan 21st) ∗∗∗
---------------------------------------------
I spotted a piece of Powershell code that deserved some investigations because it makes use of RunSpaces. The file (SHA256:e1e19d637e6744fedb76a9008952e01ee6dabaecbc6ad2701dfac6aab149cecf) has a very low VT score: only 1/59!.
---------------------------------------------
https://isc.sans.edu/diary/rss/27012
∗∗∗ Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw ∗∗∗
---------------------------------------------
A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020.
---------------------------------------------
https://www.securityweek.com/scanning-activity-detected-after-release-exploit-critical-sap-solman-flaw
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mutt), Fedora (libntlm, mingw-python-pillow, python-pillow, and sudo), Mageia (kernel), SUSE (gdk-pixbuf, perl-Convert-ASN1, samba, and yast2-multipath), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.4, linux-hwe-5.8, linux-oracle).
---------------------------------------------
https://lwn.net/Articles/843413/
∗∗∗ Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator/
∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-4/
∗∗∗ Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are affected by vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser (CVE-2018-1311) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-ibm-integration-bus-are-affected-by-vulnerabilities-in-apache-xerces-c-3-0-0-to-3-2-2-xml-parser-cve-2018-1311/
∗∗∗ Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator-2/
∗∗∗ Security Bulletin: Vulnerability in gencore affects AIX (CVE-2020-4887) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gencore-affects-aix-cve-2020-4887/
∗∗∗ Security Bulletin: Vulnerability in Apache Ant affects IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-spectrum-symphony/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10693) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-10693/
∗∗∗ Security Bulletin: Vulnerability in Google Guava affects WebSphere Service Registry and Repository (CVE-2018-10237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-google-guava-affects-websphere-service-registry-and-repository-cve-2018-10237/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4969) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4969/
∗∗∗ Security Bulletin: Rational Test Control Panel affected by Spring Framework vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-test-control-panel-affected-by-spring-framework-vulnerability/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4958) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4958/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4966) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4966/
∗∗∗ XSA-360 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-360.html
∗∗∗ Drupal: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0081
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list