[CERT-daily] Tageszusammenfassung - 07.05.2021

Daily end-of-shift report team at cert.at
Fri May 7 18:16:25 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 06-05-2021 18:00 − Freitag 07-05-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cuba Ransomware partners with Hancitor for spam-fueled attacks ∗∗∗
---------------------------------------------
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cuba-ransomware-partners-with-hancitor-for-spam-fueled-attacks/


∗∗∗ MSM: Qualcomm-Modems in Millionen Smartphones angreifbar ∗∗∗
---------------------------------------------
Die Modems von Qualcomm könnten aus Android heraus angegriffen werden, um Gespräche mitzuhören.
---------------------------------------------
https://www.golem.de/news/msm-qualcomm-modems-in-millionen-smartphones-angreifbar-2105-156359-rss.html


∗∗∗ TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers ∗∗∗
---------------------------------------------
Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week.
---------------------------------------------
https://www.securityweek.com/tsuname-vulnerability-can-be-exploited-ddos-attacks-dns-servers


∗∗∗ Grill- und Gartensaison eröffnet: BetrügerInnen locken mit günstigen Angeboten! ∗∗∗
---------------------------------------------
Egal ob Werkzeuge zur Pflanzenpflege, ein neuer Griller, Terrassenmöbel oder ein Pool für den Garten: Mit steigenden Temperaturen, nimmt der Bedarf nach diesen Produkten zu. Natürlich lassen da auch BetrügerInnen nicht lange auf sich warten und locken mit günstigen Angeboten für die Grill- und Gartensaison. Wir zeigen Ihnen, wo Sie lieber nicht shoppen sollten!
---------------------------------------------
https://www.watchlist-internet.at/news/grill-und-gartensaison-eroeffnet-betruegerinnen-locken-mit-guenstigen-angeboten/


∗∗∗ New Moriya rootkit stealthily backdoors Windows systems ∗∗∗
---------------------------------------------
Unknown attackers may have been quietly exploiting networks in attacks reaching back to 2018.
---------------------------------------------
https://www.zdnet.com/article/new-moriya-rootkit-stealthily-backdoors-windows-systems/


∗∗∗ LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution.
---------------------------------------------
https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mediawiki and unbound1.9), Fedora (djvulibre and samba), Mageia (ceph, messagelib, and pagure), openSUSE (alpine and exim), Oracle (kernel and postgresql), Scientific Linux (postgresql), and Ubuntu (thunderbird and unbound).
---------------------------------------------
https://lwn.net/Articles/855744/


∗∗∗ SYSS-2021-024: XSS-SCHWACHSTELLE IM PRODUKT ADISCON LOGANALYZER (CVE-2021-31738) ∗∗∗
---------------------------------------------
Die Loginmaske des Adiscon LogAnalyzer war anfällig für eine Reflected XSS-Schwachstelle. Der Hersteller hat diese bereits mit einem Patch behoben.
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-024-xss-schwachstelle-im-produkt-adiscon-loganalyzer-cve-2021-31738


∗∗∗ ABB Cybersecurity Advisory - AC 800PEC platform NAME:WRECK vulnerability ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A1892&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ ABB Cybersecurity Advisory - Cassia Access Controller for ABB ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108368&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Advisory - Out-of-Bounds Write Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210506-02-outofbounds-en


∗∗∗ Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2021-3177 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-cloud-pak-for-data-is-impacted-by-cve-2021-3177/


∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Interac e-Transfers for Red Hat OpenShift (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-interac-e-transfers-for-red-hat-openshift-cve-2020-5258/


∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-digital-payments-for-redhat-openshift-cve-2020-5258/


∗∗∗ Security Bulletin: Information disclosure vulnerability may affect IBM Robotic Process Automation Anywher – CVE-2020-4901 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-may-affect-ibm-robotic-process-automation-anywher-cve-2020-4901/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list