[CERT-daily] Tageszusammenfassung - 11.03.2021
Daily end-of-shift report
team at cert.at
Thu Mar 11 18:20:08 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 10-03-2021 18:30 − Donnerstag 11-03-2021 18:30
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Der Hafnium Exchange-Server-Hack: Anatomie einer Katastrophe ∗∗∗
---------------------------------------------
Hätte Microsoft den Massenhack von Exchange-Servern mit rascheren Reaktionen verhindern verhindern können? Der Ablauf der Ereignisse wirft Fragen auf.
---------------------------------------------
https://heise.de/-5077269
∗∗∗ NAT-Slipstreaming-Angriffe: Es kommt noch schlimmer ∗∗∗
---------------------------------------------
Zeit zu handeln: Mit dem NAT-Slipstreaming 2.0 können Kriminelle nicht nur das Gerät des Opfers, sondern jede IP-Adresse im Netzwerk angreifen.
---------------------------------------------
https://heise.de/-5078104
∗∗∗ Exchange-Lücken: Jetzt kommt die Cybercrime-Welle mit Erpressung ∗∗∗
---------------------------------------------
Ein öffentlicher Exploit für die Sicherheitslücken in Microsoft Exchange bedeutet, dass die ersten Erpressungsfälle vor der Tür stehen.
---------------------------------------------
https://heise.de/-5078180
∗∗∗ F5 Announces Critical BIG-IP pre-auth RCE bug ∗∗∗
---------------------------------------------
F5 Networks is a leading provider of enterprise networking gear, with software and hardware customers like governments, Fortune 500 firms, banks, internet service providers, and largely known consumer brands (Microsoft, Oracle, and Facebook). The patch refers to the four critical vulnerabilities listed below and also includes a pre-auth RCE security flaw (CVE-2021-22986) that allows unauthenticated [...]
---------------------------------------------
https://heimdalsecurity.com/blog/f5-announces-critical-bug/
∗∗∗ FIN8 Resurfaces with Revamped Backdoor Malware ∗∗∗
---------------------------------------------
The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.
---------------------------------------------
https://threatpost.com/fin8-resurfaces-backdoor-malware/164684/
∗∗∗ Piktochart - Phishing with Infographics, (Thu, Mar 11th) ∗∗∗
---------------------------------------------
In line with our recent diaries featuring unique attack vectors for credential theft, such as phishing over LinkedIn Mail[1] and pretending to be an Outlook version update[2], we've recently learned of a phishing campaign targetting users of the Infographic service Piktochart.
---------------------------------------------
https://isc.sans.edu/diary/rss/27194
∗∗∗ Magento 2 PHP Credit Card Skimmer Saves to JPG ∗∗∗
---------------------------------------------
Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file.
---------------------------------------------
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
∗∗∗ Home Assistant, Pwned Passwords and Security Misconceptions ∗∗∗
---------------------------------------------
Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter Ive come to love as Ive embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently:always something.
---------------------------------------------
https://www.troyhunt.com/home-assistant-pwned-passwords-and-security-misconceptions/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (zeromq3), Oracle (dotnet, dotnet3.1, python3, and wpa_supplicant), and Red Hat (wpa_supplicant).
---------------------------------------------
https://lwn.net/Articles/849088/
∗∗∗ Security Advisory - Sudo Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210310-01-escalation-en
∗∗∗ Paessler PRTG: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0260
∗∗∗ Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K67830124
∗∗∗ glibc vulnerability CVE-2019-25013 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K68251873
∗∗∗ glibc vulnerability CVE-2020-29573 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K27238230
∗∗∗ Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by Multiple Vulnerabilities in OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-affected-by-multiple-vulnerabilities-in-openssl-2/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4135-2/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-7/
∗∗∗ Security Bulletin: Symbolic Link Permissions Problem Modeler Subscription Installer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-symbolic-link-permissions-problem-modeler-subscription-installer/
∗∗∗ Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025/
∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4200-2/
∗∗∗ Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-vulnerability-in-jackson-databind-cve-2020-25649/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701-5/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-on-windows-cve-2020-4642-3/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list