[CERT-daily] Tageszusammenfassung - 08.03.2021
Daily end-of-shift report
team at cert.at
Mon Mar 8 18:09:29 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 05-03-2021 18:30 − Montag 08-03-2021 18:30
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Angriffe auf Exchange-Server – Microsoft stellt Prüf-Skript für Admins bereit ∗∗∗
---------------------------------------------
Sicherheitslücken im Exchange-Server ziehen derzeit Angriffe auf sich. Microsoft stellt ein Skript bereit, mit dem Administratoren ihre Systeme prüfen können.
---------------------------------------------
https://heise.de/-5073827
∗∗∗ A Basic Timeline of the Exchange Mass-Hack ∗∗∗
---------------------------------------------
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.
---------------------------------------------
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
∗∗∗ Ransomware gang plans to call victims business partners about attacks ∗∗∗
---------------------------------------------
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victims business partners to generate ransom payments.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/
∗∗∗ Spotting the Red Team on VirusTotal!, (Sat, Mar 6th) ∗∗∗
---------------------------------------------
Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but... VirusTotal remains a cloud service. It means that, once you uploaded a file to scan it, you have to consider it as "lost" and available to a lot of (good or bad) people!
---------------------------------------------
https://isc.sans.edu/diary/rss/27174
∗∗∗ The January/February 2021 issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Dependency confusion - when trust is too good to be true Water hacking - not a new trendy sport, but [...]
---------------------------------------------
https://securityblog.switch.ch/2021/03/08/the-january-february-2021-issue-of-our-switch-security-report-is-available/
∗∗∗ Domain dumpster diving ∗∗∗
---------------------------------------------
By Jaeson Schultz. Dumpster diving - searching through the trash looking for items of value - has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "hack the Gibson." Of course, not all trash is physical garbage located in a dumpster behind an office building. Some trash is virtual.
---------------------------------------------
https://blog.talosintelligence.com/2021/03/domain-dumpster-diving.html
∗∗∗ Bazar Drops the Anchor ∗∗∗
---------------------------------------------
The malware identified as Anchor first entered the scene in late 2018 and has been linked to the same group as Trickbot, due to similarities in code and usage [...]
---------------------------------------------
https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical 0-day in The Plus Addons for Elementor Allows Site Takeover ∗∗∗
---------------------------------------------
Today, March 8, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day in The Plus Addons for Elementor, a premium plugin that we estimate has over 30,000 installations. This vulnerability was reported this morning to WPScan by Seravo, a hosting company. The flaw makes it possible for attackers to create new administrative [...]
---------------------------------------------
https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (activemq, libcaca, libupnp, mqtt-client, and xcftools), Fedora (ceph, mupdf, nagios, python-PyMuPDF, and zathura-pdf-mupdf), Mageia (cups, kernel, pngcheck, and python-pygments), openSUSE (bind, chromium, gnome-autoar, kernel, mbedtls, nodejs8, and thunderbird), and Red Hat (nodejs:10, nodejs:12, nodejs:14, screen, and virt:8.2 and virt-devel:8.2).
---------------------------------------------
https://lwn.net/Articles/848710/
∗∗∗ Linux kernel vulnerability CVE-2019-18282 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K32380005
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2020 CPU (CVE-2020-14779,CVE-2020-14796, CVE-2020-14797,CVE-2020-14798) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2020-cpu-cve-2020-14779cve-2020-14796-cve-2020-14797cve-2020-14798/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-tpf-toolkit-5/
∗∗∗ Security Bulletin: Vulnerability in jackson-databind affect IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affect-ibm-spectrum-symphony/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-january-2021-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
∗∗∗ Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-provider-org-registration-flow-is-vulnerable-to-impersonation-and-sensitive-information-leak-cve-2020-4903/
∗∗∗ Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-denial-of-service-dos-via-node-js-cve-2020-8277/
∗∗∗ Security Bulletin: IBM API Connect V10 is impacted by insecure communications during database replication (CVE-2020-4695) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v10-is-impacted-by-insecure-communications-during-database-replication-cve-2020-4695/
∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java SE. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-java-se/
∗∗∗ Security Bulletin: IBM DataPower Gateway vulnerable to an RCE attack (CVE-2020-5014) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-an-rce-attack-cve-2020-5014/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list