[CERT-daily] Tageszusammenfassung - 30.03.2021

Daily end-of-shift report team at cert.at
Tue Mar 30 18:19:51 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-03-2021 18:00 − Dienstag 30-03-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Card Complete: Warnung vor täuschend echten Phishing-Mails ∗∗∗
---------------------------------------------
Es sind aktuell vermeintliche Mails von Card Complete im Umlauf, die täuschend echt aussehen.
---------------------------------------------
https://futurezone.at/digital-life/card-complete-warnung-vor-taeuschend-echten-phishing-mails/401336643


∗∗∗ IT-Sicherheitsexperte: "Bei den Exchange-Fällen waren wir am Limit" ∗∗∗
---------------------------------------------
Tim Philipp Schäfers hilft aktuell Firmen, Sicherheitslücken in Exchange zu schließen. Einige hätten Schäden recht einfach verhindern können, sagt er. Ein Interview von Moritz Tremmel
---------------------------------------------
https://www.golem.de/news/it-sicherheitsexperte-bei-den-exchange-faellen-waren-wir-am-limit-2103-155324-rss.html


∗∗∗ New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats ∗∗∗
---------------------------------------------
The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/03/30/new-security-signals-study-shows-firmware-attacks-on-the-rise-heres-how-microsoft-is-working-to-help-eliminate-this-entire-class-of-threats/


∗∗∗ Old TLS versions - gone, but not forgotten... well, not really "gone" either, (Tue, Mar 30th) ∗∗∗
---------------------------------------------
With the recent official deprecation of TLS 1.0 and TLS 1.1 by RFC 8996[1], a step, which has long been in preparation and which was preceded by many recommendations to discontinue the use of both protocols (as well as by the removal of support for them from all mainstream web browsers[2]), one might assume that the use of old TLS versions on the internet would have significantly decreased over the last few months. This has however not been the case.
---------------------------------------------
https://isc.sans.edu/diary/rss/27260


∗∗∗ You Just Received 25k USD in Your BTC Account! A Practical Phishing Defense Tutorial ∗∗∗
---------------------------------------------
>From time to time, we all receive some unexpected messages. Either through social media or email. Usually, these are harmless, meant to advertise a product or a service. However, sometimes they can be malicious, with an intent to steal our data and eventually our money, this is a so-called “phishing” attack.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/you-just-received-25k-usd-in-your-btc-account-a-practical-phishing-defense-tutorial/


∗∗∗ Unfair exchange: ransomware attacks surge globally amid Microsoft Exchange Server vulnerabilities ∗∗∗
---------------------------------------------
Following the recent disclosure of vulnerabilities affecting Microsoft Exchange Servers, Check Point Research (CPR) has observed a global surge in the number of ransomware attacks. In fact, since the beginning of 2021, there has been a 9% increase monthly in organizations affected ransomware. This uptick includes a 57% increase in organizations affected by ransomware in the past 6 months.
---------------------------------------------
https://blog.checkpoint.com/2021/03/30/unfair-exchange-ransomware-attacks-surge-globally-amid-microsoft-exchange-server-vulnerabilities/


∗∗∗ Malicious commits found in PHP code repository: What you need to know ∗∗∗
---------------------------------------------
The PHP Git repository compromise is in the news. We break it down for you, and tell you what you need to know.
---------------------------------------------
https://blog.malwarebytes.com/hacking-2/2021/03/malicious-commits-found-in-php-code-repository-what-you-need-to-know/


∗∗∗ Akamai Sees Largest DDoS Extortion Attack Known to Date ∗∗∗
---------------------------------------------
Distributed denial of service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent, according to web security services provider Akamai.
---------------------------------------------
https://www.securityweek.com/akamai-sees-largest-ddos-extortion-attack-known-date


∗∗∗ Kaufen Sie Corona-Tests nicht auf Kleinanzeigenplattformen ∗∗∗
---------------------------------------------
Durch die Initiative "Alles gurgelt" erhalten Wienerinnen und Wiener kostenlose PCR-Gurgeltests in allen Wiener BIPA-Filialen. Pro Person können bis zu 4 Selbsttests pro Woche abgeholt werden. Einige versuchen sich mit diesem Angebot jedoch ein kleines Taschengeld dazu zu verdienen und bieten die Gratis-Tests in Kleinanzeigenportalen an. Die Stadt Wien rät davon ab, die kostenlosen Tests auf Kleinanzeigenportalen zu kaufen.
---------------------------------------------
https://www.watchlist-internet.at/news/kaufen-sie-corona-tests-nicht-auf-kleinanzeigenplattformen/


∗∗∗ Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks ∗∗∗
---------------------------------------------
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are some of the critical threats facing organizations highlighted in F-Secure's latest attack landscape update.
---------------------------------------------
https://blog.f-secure.com/attack-landscape-update-h1-2021/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability ∗∗∗
---------------------------------------------
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes


∗∗∗ ArcGIS general raster security update ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been identified when processing specially crafted files that may allow arbitrary code execution in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier). Esri has released updates for the affected products that resolve the high-risk vulnerabilities here.
---------------------------------------------
https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/


∗∗∗ Xen Security Advisory CVE-2021-28688 / XSA-371 - Linux: blkback driver may leak persistent grants ∗∗∗
---------------------------------------------
A malicious or buggy frontend driver may be able to cause resource leaks from the corresponding backend driver. This can result in a host-wide Denial of Sevice (DoS).
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-371.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lxml), Fedora (openssl, pdfbox, rpm, and rubygem-kramdown), openSUSE (eclipse), Oracle (flatpak and openssl), Red Hat (curl, kernel, kpatch-patch, mariadb, nss-softokn, openssl, perl, and tomcat), and SUSE (firefox, ovmf, and tar).
---------------------------------------------
https://lwn.net/Articles/851164/


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
Two security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. 
These issues affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR.
---------------------------------------------
https://support.citrix.com/article/CTX306565


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0327


∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0325

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list