[CERT-daily] Tageszusammenfassung - 22.01.2021
Daily end-of-shift report
team at cert.at
Fri Jan 22 18:10:46 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-01-2021 18:00 − Freitag 22-01-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Another File Extension to Block in your MTA: .jnlp, (Fri, Jan 22nd) ∗∗∗
---------------------------------------------
When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that had suspicious attachments based on the .jnlp extension.
---------------------------------------------
https://isc.sans.edu/diary/rss/27018
∗∗∗ Magento PHP Injection Loads JavaScript Skimmer ∗∗∗
---------------------------------------------
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files.
---------------------------------------------
https://blog.sucuri.net/2021/01/magento-php-injection-loads-javascript-skimmer.html
∗∗∗ Project Zero: Windows Exploitation Tricks: Trapping Virtual Memory Access ∗∗∗
---------------------------------------------
This blog is a continuation of my series of Windows exploitation tricks. This one describes an exploitation trick I’ve been trying to develop for years, succeeding (mostly, more on that later) on the latest versions of Windows 10.
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/01/windows-exploitation-tricks-trapping.html
∗∗∗ Crypto-Miner Dovecat hat es auf Netz-Speicher von Qnap und Synology abgesehen ∗∗∗
---------------------------------------------
Aktuelle Sicherheitshinweise sollen Netzwerkspeicher (NAS) von Qnap und Synology schützen.
---------------------------------------------
https://heise.de/-5032679
∗∗∗ New website launched to document vulnerabilities in malware strains ∗∗∗
---------------------------------------------
Launched by security researcher John Page, the new MalVuln website lists bugs in malware code.
---------------------------------------------
https://www.zdnet.com/article/new-website-launched-to-document-vulnerabilities-in-malware-strains/
∗∗∗ A look at the NIS 2.0 Recitals ∗∗∗
---------------------------------------------
The EU commission dropped a large cyber security package on December 16th 2020, including a first draft for a new version of the NIS Directive. In front of the actual normative legal text, there are 84 recitals, describing the intents of the regulation.
---------------------------------------------
https://cert.at/en/blog/2021/1/nis2-recitals-feedback
=====================
= Vulnerabilities =
=====================
∗∗∗ Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 ∗∗∗
---------------------------------------------
Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 provided by NEC Corporation contain multiple vulnerabilities.
---------------------------------------------
https://jvn.jp/en/jp/JVN38248512/
∗∗∗ Mehrere Schwachstellen in Selea CarPlateServern und Selea Targa IP OCR-ANPR Kameras ∗∗∗
---------------------------------------------
Zeroscience hat diverse Schwachstellen in zwei Produkten der Firma Selea gefunden. Bei beiden wurden unter anderem Möglichkeiten gefunden, fremden Code auszuführen.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/
∗∗∗ 0day in Windows 7 and Server 2008 R2 Gets a Micropatch ∗∗∗
---------------------------------------------
Update 1/22/2021: This vulnerability did not get patched by December 2020 or January 2021 Extended Security Updates, so we ported our micropatch to these updates.
---------------------------------------------
https://blog.0patch.com/2020/11/0day-in-windows-7-and-server-2008-r2.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7), Fedora (dotnet3.1), Gentoo (zabbix), openSUSE (ImageMagick and python-autobahn), and SUSE (hawk2 and wavpack).
---------------------------------------------
https://lwn.net/Articles/843571/
∗∗∗ Windows RDP servers are being abused to amplify DDoS attacks ∗∗∗
---------------------------------------------
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.
---------------------------------------------
https://www.zdnet.com/article/windows-rdp-servers-are-being-abused-to-amplify-ddos-attacks/
∗∗∗ Delta Electronics ISPSoft ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Use After Free vulnerability in Delta Electronics ISPSoft PLC program development tool.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01
∗∗∗ Delta Electronics TPEditor ∗∗∗
---------------------------------------------
This advisory contains mitigations for Untrusted Pointer Dereference, and Out-of-bounds Write vulnerabilities in Delta Electronics TPEditor programming software for Delta text panels.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02
∗∗∗ Honeywell OPC UA Tunneller ∗∗∗
---------------------------------------------
This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, and Uncontrolled Resource Consumption vulnerabilities in Honeywells OPC UA Tunneller software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03
∗∗∗ Mitsubishi Electric MELFA ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electrics MELFA robot controllers.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-04
∗∗∗ WAGO M&M Software fdtCONTAINER ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in the M&M (a WAGO subsidiary) fdtCONTAINER application.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-3/
∗∗∗ Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to a denial of service attack (CVE-2020-4766) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-internet-pass-thru-is-vulnerable-to-a-denial-of-service-attack-cve-2020-4766/
∗∗∗ Security Bulletin: A vulnerability in OpenSSL affects GCM16 & GCM32 KVM Switch Firmware (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openssl-affects-gcm16-gcm32-kvm-switch-firmware-cve-2019-1551/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple Mozilla Firefox vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/
∗∗∗ Security Bulletin: Security Vulnerability in IBM Java SDK affects IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-java-sdk-affects-ibm-voice-gateway/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list