[CERT-daily] Tageszusammenfassung - 02.03.2021

Daily end-of-shift report team at cert.at
Tue Mar 2 18:17:36 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 01-03-2021 18:00 − Dienstag 02-03-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ European e-ticketing platform Ticketcounter extorted in data breach ∗∗∗
---------------------------------------------
A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/


∗∗∗ Bruce Schneier: Auch das Wirtschaftssystem trägt Schuld am Solarwinds-Hack ∗∗∗
---------------------------------------------
Mit schlechter IT-Sicherheit würden Gewinne gemacht, während Verbraucher und Gesellschaft die Risiken trügen. Das muss sich laut Schneier ändern.
---------------------------------------------
https://www.golem.de/news/bruce-schneier-auch-das-wirtschaftssystem-traegt-schuld-am-solarwinds-hack-2103-154615-rss.html


∗∗∗ Inside the Ransomware Economy ∗∗∗
---------------------------------------------
The trouble with ransomware is well known at this point. From Egregor to Doppelpaymer to Ryuk, it continues to command headlines. Pandemic-fueled phishing scams, the lack of visibility across remote endpoints, and lax attitudes have been a boon for ransomware groups over the last year. Worst of all, ransomware no longer discriminates. It dominates small towns and municipal offices, video game makers, and shamelessly, healthcare organizations and school systems already pushed to the brink by the COVID-19 pandemic. The threat could still become more pervasive over the next two to three years, not because ransomware is effective in and of itself but because of other players in the game - insurance companies, brokers, and even attorneys - that continue to fan the flames.
---------------------------------------------
https://www.securityweek.com/inside-ransomware-economy


∗∗∗ Einreiseanmeldung für Deutschland nicht über „digitale-einreiseanmeldung.de“ vornehmen ∗∗∗
---------------------------------------------
Die Corona-Pandemie erschwert die Einreise in andere Länder erheblich. Für eine Reise nach Deutschland muss beispielsweise unter Umständen zuvor eine digitale Einreisanmeldung vorgenommen werden. Bei der Recherche über Einreisebestimmungen stoßen Reisende jedoch oftmals auf unseriöse Websites, die die digitale Einreisanmeldung kostenpflichtig anbieten. Nehmen Sie von kostenpflichtigen Angeboten zur Einreiseanmeldung Abstand. Es ist unklar, ob diese Anbieter Ihre [...]
---------------------------------------------
https://www.watchlist-internet.at/news/einreiseanmeldung-fuer-deutschland-nicht-ueber-digitale-einreiseanmeldungde-vornehmen/


∗∗∗ Fast Flux 101: How Cybercriminals Improve the Resilience of Their Infrastructure to Evade Detection and Law Enforcement Takedowns ∗∗∗
---------------------------------------------
Cybercriminals use fast flux to maintain uptime for malicious activities. We show how it works in a fictional scenario and real-world case studies.
---------------------------------------------
https://unit42.paloaltonetworks.com/fast-flux-101/


∗∗∗ Povlsomware Ransomware ∗∗∗
---------------------------------------------
Povlsomware markets itself as a proof-of-concept (POC) ransomware designed to test security vendor products. Trend Micro reports on some interesting capabilities associated with the malware.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/e7d232e9df181a3c873c3eaeb56c2e97



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Android Security Bulletin - March 2021 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2021-03-01


∗∗∗ Zehn Sicherheitslücken in Server-Konfigurationssoftware Saltstack geschlossen ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für die Serversoftware Saltstack. Keine Lücke gilt als kritisch.
---------------------------------------------
https://heise.de/-5069120


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (bind, intel-ucode, ipmitool, isync, openssl, python, python-cryptography, python-httplib2, salt, tar, and thrift), Fedora (ansible, salt, webkit2gtk3, and wpa_supplicant), Oracle (bind), Red Hat (bind, kernel, and kpatch-patch), Scientific Linux (bind), SUSE (firefox, gnome-autoar, java-1_8_0-ibm, java-1_8_0-openjdk, nodejs10, open-iscsi, perl-XML-Twig, python-cryptography, and thunderbird), and Ubuntu (bind9).
---------------------------------------------
https://lwn.net/Articles/847944/


∗∗∗ Joomla! Security Announcements ∗∗∗
---------------------------------------------
[20210301] - Core - Insecure randomness within 2FA secret generation
https://developer.joomla.org:443/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html
[20210302] - Core - Potential Insecure FOFEncryptRandval
https://developer.joomla.org:443/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html
[20210303] - Core - XSS within alert messages showed to users
https://developer.joomla.org:443/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html
[20210304] - Core - XSS within the feed parser library
https://developer.joomla.org:443/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html
[20210305] - Core - Input validation within the template manager
https://developer.joomla.org:443/security-centre/845-20210305-core-input-validation-within-the-template-manager.html
[20210306] - Core - com_media allowed paths that are not intended for image uploads
https://developer.joomla.org:443/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html
[20210307] - Core - ACL violation within com_content frontend editing
https://developer.joomla.org:443/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html
[20210308] - Core - Path Traversal within joomla/archive zip class
https://developer.joomla.org:443/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html
[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field
https://developer.joomla.org:443/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html
---------------------------------------------
https://developer.joomla.org/security-centre.html


∗∗∗ Linux NFS kernel vulnerablity CVE-2020-25212 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42355373


∗∗∗ [webapps] Tiny Tiny RSS - Remote Code Execution ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/49606


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-5/


∗∗∗ Security Bulletin: IBM Cognos Command Center has addressed multiple vulnerabilities (Q12021) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-has-addressed-multiple-vulnerabilities-q12021/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-10/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-6/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-12/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability (CVE-2020-4189) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-vulnerability-cve-2020-4189-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-11/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Privilege Escalation vulnerability (CVE-2020-4952) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-privilege-escalation-vulnerability-cve-2020-4952-2/


∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java-sdk-update/


∗∗∗ Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-datacap-taskmaster-capture-is-affected-by-vulnerable-to-appscans-sslv3-client-hello-with-cbc-cipher-suites-that-contain-tls_fallback_scsv-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list