[CERT-daily] Tageszusammenfassung - 09.03.2021

Tue Mar 9 18:15:11 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 08-03-2021 18:30 − Dienstag 09-03-2021 18:30
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers ∗∗∗
---------------------------------------------
A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/


∗∗∗ GitHub Fixed a Bug impacting Authenticated Sessions ∗∗∗
---------------------------------------------
Earlier this month GitHub received a report of anomalous behavior from an external party, therefore they fixed the bug trying to protect user accounts against a potentially serious security vulnerability. The weird behavior was generated by a race condition vulnerability that misrouted the GitHub user’s login session to the web browser of another logged-in user, [...]
---------------------------------------------
https://heimdalsecurity.com/blog/github-fixes-bug/


∗∗∗ Serious Security: Webshells explained in the aftermath of HAFNIUM attacks ∗∗∗
---------------------------------------------
Webshells explained, with some (safe) examples you can try at home if you want to learn more.
---------------------------------------------
https://nakedsecurity.sophos.com/2021/03/09/serious-security-webshells-explained-in-the-aftermath-of-hafnium-attacks/


∗∗∗ 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect [...]
---------------------------------------------
https://thehackernews.com/2021/03/9-android-apps-on-google-play-caught.html


∗∗∗ Fuzzing grub: part 1 ∗∗∗
---------------------------------------------
Recently a set of 8 vulnerabilities were disclosed for the grub bootloader. I found 2 of them (CVE-2021-20225 and CVE-2021-20233), and contributed a number of other fixes for crashing bugs which we dont believe are exploitable. I found them by applying fuzz testing to grub. Heres how.
---------------------------------------------
https://sthbrx.github.io/blog/2021/03/04/fuzzing-grub-part-1/


∗∗∗ Vorsicht vor betrügerischen Wohnungsinseraten im Facebook-Marketplace ∗∗∗
---------------------------------------------
Auch im Facebook-Marketplace werden Miet- und Eigentumswohnungen inseriert. Ist der Preis jedoch sehr günstig, sollten Sie vorsichtig sein, denn es könnte sich um Betrug handeln. Behaupten VermieterInnen, dass sie im Ausland sind und sie die Besichtigung und Übermittlung der Kaution über Airbnb abwickeln, können Sie eindeutig von Betrug ausgehen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-wohnungsinseraten-im-facebook-marketplace/


∗∗∗ Overview of dnsmasq Vulnerabilities: The Dangers of DNS Cache Poisoning ∗∗∗
---------------------------------------------
We review vulnerabilities in dnsmasq, an open source DNS resolver, deep dive into DNS cache poisoning and describe effects on cloud products.
---------------------------------------------
https://unit42.paloaltonetworks.com/overview-of-dnsmasq-vulnerabilities-the-dangers-of-dns-cache-poisoning/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities ∗∗∗
---------------------------------------------
Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-creative-cloud-adobe-connect-vulnerabilities/


∗∗∗ Apple Plugs Severe WebKit Remote Code-Execution Hole ∗∗∗
---------------------------------------------
Apple pushed out security updates for a memory-corruption bug to devices running on iOS, macOS, watchOS and for Safari.
---------------------------------------------
https://threatpost.com/apple-webkit-remote-code-execution/164595/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (firefox, kernel, kernel-headers, kernel-tools, libebml, and wpa_supplicant), openSUSE (mbedtls), Oracle (kernel, kernel-container, and screen), Red Hat (curl, kernel, kernel-rt, kpatch-patch, nss-softokn, python, and virt:rhel and virt-devel:rhel), Scientific Linux (screen), SUSE (389-ds, crmsh, openldap2, openssl-1_0_0, and wpa_supplicant), and Ubuntu (glib2.0, gnome-autoar, golang-1.10, golang-1.14, and libzstd).
---------------------------------------------
https://lwn.net/Articles/848835/


∗∗∗ Siemens Releases Several Advisories for Vulnerabilities in Third-Party Components ∗∗∗
---------------------------------------------
Siemens on Tuesday published 12 new security advisories to inform customers about nearly two dozen vulnerabilities affecting its products.
---------------------------------------------
https://www.securityweek.com/siemens-releases-several-advisories-vulnerabilities-third-party-components


∗∗∗ Synology-SA-21:11 Download Station ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to execute arbitrary code via a susceptible version of Download Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_11


∗∗∗ Synology-SA-21:10 Media Server ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to access intranet resources via a susceptible version of Media Server.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_10


∗∗∗ SAP Security Patch Day - March 2021 ∗∗∗
---------------------------------------------
On 9th of March 2021, SAP Security Patch Day saw the release of 9 Security Notes. There were 4 updates to previously released Patch Day Security Notes.
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107


∗∗∗ Microsoft Exchange attacks: Now Microsoft rushes out a patch for these unsupported Exchange servers, too ∗∗∗
---------------------------------------------
Microsoft provides more patches for critical Exchange vulnerabilities that are being exploited widely on the internet.
---------------------------------------------
https://www.zdnet.com/article/microsoft-exchange-attacks-now-microsoft-rushes-out-a-patch-for-these-unsupported-exchange-servers-too/


∗∗∗ Squid: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0241


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0247


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-returns-potentially-sensitive-information-in-headers-which-could-lead-to-further-attacks-against-the-system/


∗∗∗ Security Bulletin: Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2015-5237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-google-protocol-buffers-as-used-by-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution-cve-2015-5237/


∗∗∗ Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow – CVE-2021-20358 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-leakage-vulnerability-affect-ibm-business-automation-workflow-cve-2021-20358/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020 – Includes Oracle Oct 2020 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-includes-oracle-oct-2020-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/


∗∗∗ Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4687, CVE-2020-4760, CVE-2020-4704 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-ibm-content-navigator-component-in-ibm-business-automation-workflow-cve-2020-4687-cve-2020-4760-cve-2020-4704-3/


∗∗∗ Security Bulletin: Multiple security vulnerabilities in JAVA affects IBM Cloud Pak for Multicloud Management Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-java-affects-ibm-cloud-pak-for-multicloud-management-monitoring/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-14/


∗∗∗ Security Bulletin: Vulnerability in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2020-25649) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fasterxml-jackson-libraries-affect-ibm-cram-social-program-management-cve-2020-25649/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily