[CERT-daily] Tageszusammenfassung - 27.01.2021
Daily end-of-shift report
team at cert.at
Wed Jan 27 18:24:10 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 26-01-2021 18:00 − Mittwoch 27-01-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Emotet Takedown: Wir informieren Betroffene in Österreich ∗∗∗
---------------------------------------------
In einer koordinierten Aktion von mehreren Strafverfolgungsbehörden wurde das Netzwerk rund um die Malware Emotet ausgeschaltet und übernommen.
---------------------------------------------
https://cert.at/de/aktuelles/2021/1/emotet-takedown-wir-informieren-betroffene-in-osterreich
∗∗∗ Heres how a researcher broke into Microsoft VS Codes GitHub ∗∗∗
---------------------------------------------
This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/
∗∗∗ Linux malware uses open-source tool to evade detection ∗∗∗
---------------------------------------------
AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/
∗∗∗ Phishing & Malspam with Leaf PHPMailer ∗∗∗
---------------------------------------------
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment.
---------------------------------------------
https://blog.sucuri.net/2021/01/phishing-malspam-with-leaf-phpmailer.html
∗∗∗ Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication ∗∗∗
---------------------------------------------
FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html
∗∗∗ Vorsicht beim Online-Kauf von FFP2-Masken! ∗∗∗
---------------------------------------------
Auf den Webseiten givenic.com und quantheco.com werden günstige FFP2-Masken und weitere „COVID-19 Gesundheitstools“ angeboten.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-beim-online-kauf-von-ffp2-masken/
∗∗∗ LogoKit: Simple, Effective, and Deceptive ∗∗∗
---------------------------------------------
As sophisticated attacks dominate the headlines, its important to remember that the vast majority of cybercrime results from simple, effective, and tested tools.
---------------------------------------------
https://www.riskiq.com/blog/external-threat-management/logokit-phishing/
=====================
= Vulnerabilities =
=====================
∗∗∗ Apple critical patches fix in-the-wild iPhone exploits – update now! ∗∗∗
---------------------------------------------
Apple says. "Additional details available soon", which you can translate as "this one took us by surprise". So patch now!
---------------------------------------------
https://nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/
∗∗∗ New Attack Could Let Remote Hackers Target Devices On Internal Networks ∗∗∗
---------------------------------------------
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research.
---------------------------------------------
https://thehackernews.com/2021/01/new-attack-could-let-remote-hackers.html
∗∗∗ New Docker Container Escape Bug Affects Microsoft Azure Functions ∗∗∗
---------------------------------------------
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them.
---------------------------------------------
https://thehackernews.com/2021/01/new-docker-container-escape-bug-affects.html
∗∗∗ Sicherheitsupdate: Tor Browser vor möglichen Schadcode-Attacken geschützt ∗∗∗
---------------------------------------------
Wer weiterhin anonym und sicher mit dem Tor Browser im Internet surfen möchte, sollte die aktuelle Version installieren.
---------------------------------------------
https://heise.de/-5037561
∗∗∗ Jetzt updaten: Kritische sudo-Lücke gewährt lokalen Angreifern Root-Rechte ∗∗∗
---------------------------------------------
Über die zehn Jahre alte Lücke CVE-2021-3156 können lokale Angreifer Root-Rechte via sudo ohne sudo-Berechtigungen erlangen.
---------------------------------------------
https://heise.de/-5037687
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (sudo), CentOS (sudo), Debian (sudo), Fedora (kernel, php-pear, and sudo), Gentoo (cacti, mutt, and sudo), Mageia (sudo), openSUSE (sudo), Oracle (sudo), Red Hat (sudo), Scientific Linux (sudo), Slackware (sudo), SUSE (go1.14, go1.15, nodejs8, and sudo), and Ubuntu (libsndfile and sudo).
---------------------------------------------
https://lwn.net/Articles/844184/
∗∗∗ OS command injection vulnerability in multiple Infoscience Corporation log management tools ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN41853173/
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210127-01-buffer-en
∗∗∗ Mozilla Firefox und Thunderbird: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0093
∗∗∗ MISP: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0097
∗∗∗ Trend Micro ServerProtect: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0095
∗∗∗ Fuji Electric Tellus Lite V-Simulator and V-Server Lite ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01
∗∗∗ Eaton EASYsoft (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
∗∗∗ Mitsubishi Electric Multiple Products (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
∗∗∗ Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-775371.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list