[CERT-daily] Tageszusammenfassung - 24.03.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 23-03-2021 18:00 − Mittwoch 24-03-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft warns of phishing attacks bypassing email gateways ∗∗∗
---------------------------------------------
An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/


∗∗∗ Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers ∗∗∗
---------------------------------------------
Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities.
---------------------------------------------
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html


∗∗∗ Zahlreiche negative Bewertungen zu fashionmanufaktur.at ∗∗∗
---------------------------------------------
Seit Monaten häufen sich negative Erfahrungen und Bewertungen zahlreicher KonsumentInnen zum Online-Shop fashionmanufaktur.at.
---------------------------------------------
https://www.watchlist-internet.at/news/zahlreiche-negative-bewertungen-zu-fashionmanufakturat/


∗∗∗ Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech ∗∗∗
---------------------------------------------
We describe trends in COVID-19 themed phishing attacks since the start of the pandemic to gain insight into the topics that attackers try to exploit.
---------------------------------------------
https://unit42.paloaltonetworks.com/covid-19-themed-phishing-attacks/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-354: (0Day) Lepide Active Directory Self Service Backup Missing Authentication Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Lepide Active Directory Self Service. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-354/


∗∗∗ Cisco Security Advisories 2021-03-24 ∗∗∗
---------------------------------------------
1 Critical, 18 High, 19 Medium severity
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (imagemagick and squid), Fedora (jasper and kernel), Red Hat (pki-core), SUSE (gnutls, go1.15, go1.16, hawk2, jetty-minimal, libass, nghttp2, openssl, ruby2.5, sudo, and wavpack), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, linux-oem-5.10, linux-oem-5.6, linux-oracle, linux-oracle-5.4,[...]
---------------------------------------------
https://lwn.net/Articles/850352/


∗∗∗ SaltStack revises partial patch for command injection, privilege escalation vulnerability ∗∗∗
---------------------------------------------
The second fix was reportedly necessary after SaltStack did not participate in coordinated disclosure.
---------------------------------------------
https://www.zdnet.com/article/saltstack-revises-partial-patch-for-command-injection-privilege-escalation-vulnerability/


∗∗∗ Uncontrolled Search Path Element in Multiple Bosch Products ∗∗∗
---------------------------------------------
BOSCH-SA-835563-BT: Multiple Bosch software applications are affected by a security vulnerability, which potentially allows an attacker to load additional code in the form of DLLs (commonly known as "DLL Hijacking" or "DLL Preloading").
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix-4/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Elastic Storage System where an attacker could cause a denial of service (CVE-2020-5015) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storage-system-where-an-attacker-could-cause-a-denial-of-service-cve-2020-5015/


∗∗∗ Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-5/


∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) – 180875 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-180875/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SE affects IBM Elastic Storage Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-se-affects-ibm-elastic-storage-server/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2020-14803, CVE-2020-27221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact-cve-2020-14803-cve-2020-27221/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/


∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Netcool Impact (CVE-2020-14781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-sdk-java-technology-edition-shipped-with-ibm-tivoli-netcool-impact-cve-2020-14781/


∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-4590) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2020-4590/


∗∗∗ Intel I210 network adapter vulnerability CVE-2020-0522 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37283878


∗∗∗ Intel I210 network adapter vulnerability CVE-2020-0523 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31445234


∗∗∗ Intel I210 network adapter vulnerability CVE-2020-0524 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K83504933


∗∗∗ Intel I210 network adapter vulnerability CVE-2020-0525 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44482551


∗∗∗ Linux Kernel: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0306


∗∗∗ Pro-FTPd: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0304

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily