[CERT-daily] Tageszusammenfassung - 17.03.2021

Wed Mar 17 18:32:43 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-03-2021 18:00 − Mittwoch 17-03-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Mimecast says SolarWinds hackers breached its network and spied on customers ∗∗∗
---------------------------------------------
Mimecast-issued certificate used to connect to customers’ Microsoft 365 tenants.
---------------------------------------------
https://arstechnica.com/?p=1750098


∗∗∗ Twitter images can be abused to hide ZIP, MP3 files — heres how ∗∗∗
---------------------------------------------
Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/twitter-images-can-be-abused-to-hide-zip-mp3-files-heres-how/


∗∗∗ Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities ∗∗∗
---------------------------------------------
This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065.
---------------------------------------------
https://msrc-blog.microsoft.com:443/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/


∗∗∗ Microsoft Exchange Server: These quarterly updates include fixes for security flaws ∗∗∗
---------------------------------------------
Microsoft releases Exchange Server 2016 and 2019 cumulative updates that address critical flaws.
---------------------------------------------
https://www.zdnet.com/article/microsoft-exchange-server-these-quarterly-updates-include-fixes-for-security-flaws/


∗∗∗ New ICS Threat Activity Group: VANADINITE ∗∗∗
---------------------------------------------
The new VANADINITE activity group targets electric utilities, oil and gas, manufacturing, telecommunications, and transportation.
---------------------------------------------
https://www.dragos.com/blog/industry-news/new-ics-threat-activity-group-vanadinite/


∗∗∗ So hacken Kriminelle unbemerkt Ihre Website, um Fake-Shops zu betreiben ∗∗∗
---------------------------------------------
Sicherheitslücken auf Websites von Unternehmen und Vereinen werden auch genutzt, um Fake-Shops zu platzieren. Mittels Cloaking leiten Kriminelle die BesucherInnen zu Fake-Shops um. Die betroffenen Unternehmen und Vereine wissen nichts davon. Wir erklären Ihnen, wie Cloaking funktioniert und was Sie dagegen machen können.
---------------------------------------------
https://www.watchlist-internet.at/news/so-hacken-kriminelle-unbemerkt-ihre-website-um-fake-shops-zu-betreiben/


∗∗∗ New Mirai Variant Targeting Network Security Devices ∗∗∗
---------------------------------------------
We discovered ongoing attacks leveraging IoT vulnerabilities, including in network security devices, to serve a Mirai variant.
---------------------------------------------
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/


∗∗∗ NIS2 Proposal: First feedback on the normative text ∗∗∗
---------------------------------------------
After looking at the recitals a few weeks ago, here is my feedback on the normative text of the NIS2 proposal.
---------------------------------------------
https://cert.at/en/blog/2021/3/nis2-proposal-first-feedback-on-the-normative-text


∗∗∗ CISA-FBI Joint Advisory on TrickBot Malware ∗∗∗
---------------------------------------------
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/03/17/cisa-fbi-joint-advisory-trickbot-malware-0


∗∗∗ CVE-2021-27076: A Replay-Style Deserialization Attack Against SharePoint ∗∗∗
---------------------------------------------
An attacker is frequently in the position of having to find a technique to evade some data integrity measure implemented by a target.
---------------------------------------------
https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Researcher adds their package to Microsoft Azure SDK releases list ∗∗∗
---------------------------------------------
A security researcher was able to add their own test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researcher-adds-their-package-to-microsoft-azure-sdk-releases-list/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (shadow, tor, and velocity), Fedora (gsoap, qt5-qtsvg, and switchboard-plug-bluetooth), Mageia (batik, chromium-browser-stable, glibc, ksh, and microcode), openSUSE (389-ds, connman, freeradius-server, froxlor, openssl-1_0_0, openssl-1_1, postgresql12, and python-markdown2), Red Hat (bind, curl, kernel, nss and nss-softokn, perl, python, and tomcat), Scientific Linux (ipa, kernel, and pki-core), SUSE (glib2 and velocity), and Ubuntu (containerd).
---------------------------------------------
https://lwn.net/Articles/849622/


∗∗∗ WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN08191557/


∗∗∗ Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p


∗∗∗ Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by multiple vulnerabilities in jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/


∗∗∗ Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition for Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect-ibm-sdk-java-technology-edition-for-content-collector-for-sap-applications/


∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite/


∗∗∗ Security Bulletin: Rational Application Developer is vulnerable to CVE-2020-2773 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-application-developer-is-vulnerable-to-cve-2020-2773/


∗∗∗ Security Bulletin: IBM Security Directory Suite is affected by a vulnerability (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-a-vulnerability-cve-2020-4329/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-february-2021/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-may-affect-ibm-content-collector-for-sap-applications/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-2/


∗∗∗ Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-cve-2020-13434-cve-2020-13435/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilties-have-been-fixed-in-the-ibm-security-access-manager-and-ibm-security-verify-access-appliances/


∗∗∗ Cross-Site Scripting Vulnerabilities in Elementor Impact Over 7 Million Sites ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily