[CERT-daily] Tageszusammenfassung - 10.05.2021

Daily end-of-shift report team at cert.at
Mon May 10 18:16:05 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 07-05-2021 18:00 − Montag 10-05-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Correctly Validating IP Addresses: Why encoding matters for input validation., (Mon, May 10th) ∗∗∗
---------------------------------------------
Recently, a number of libraries suffered from a very similar security flaw: IP addresses expressed in octal were not correctly interpreted. The result was that an attacker was able to bypass input validation rules that restricted IP addresses to specific subnets.
---------------------------------------------
https://isc.sans.edu/diary/rss/27404


∗∗∗ Manipulierte Entwicklungsumgebung: Xcode-Malware war enorm verbreitet ∗∗∗
---------------------------------------------
Im Verfahren Epic gegen Apple kam heraus, dass 2015 fast 130 Millionen iPhone-Nutzer von "XcodeGhost" betroffen waren – in über 2500 Apps.
---------------------------------------------
https://heise.de/-6041836


∗∗∗ Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs ∗∗∗
---------------------------------------------
Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. Lemon Duck remains relevant as the operators begin to target [...]
---------------------------------------------
https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html


∗∗∗ Banking‑Trojaner Ousaban analysiert ∗∗∗
---------------------------------------------
In unserer Serie zu lateinamerikanischen Banking-Trojanern betrachten wir einen Vertreter mit komplexen Vertriebsweg
---------------------------------------------
https://www.welivesecurity.com/deutsch/2021/05/07/banking-trojaner-ousaban-analysiert/


∗∗∗ Colonial Pipeline Falls Victim to Attack ∗∗∗
---------------------------------------------
Summary 
A top U.S. fuel pipeline company has suffered a cyber attack that has forced them to halt operations. Several news sources and the company itself have confirmed the attack. 
 
Threat Type 
Cyber Attack
 
Overview 
** Update May 10 - 8:50 AM** 
The most recent reporting indicates that the attack likely involved DarkSide, a ransomware-as-a-service (RaaS) affiliate operation. DarkSide posted the following statement to their leak site following the attack: We are apolitical, we do not participate in [...]
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/cc757925ae0fdf1689518a35128215f4


∗∗∗ SolarWinds says fewer than 100 customers were impacted by supply chain attack ∗∗∗
---------------------------------------------
Texas-based software firm SolarWinds downgraded the number of customers impacted by its 2020 supply chain attack from 18,000 to less than 100.
---------------------------------------------
https://therecord.media/solarwinds-says-fewer-than-100-customers-were-impacted-by-supply-chain-attack/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Foxit Reader bug lets attackers run malicious code via PDFs ∗∗∗
---------------------------------------------
Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/foxit-reader-bug-lets-attackers-run-malicious-code-via-pdfs/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libxml2), Fedora (autotrace, babel, kernel, libopenmpt, libxml2, mingw-exiv2, mingw-OpenEXR, mingw-openexr, python-markdown2, and samba), openSUSE (alpine, avahi, libxml2, p7zip, redis, syncthing, and vlc), and Ubuntu (webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/855909/


∗∗∗ Linux kernel vulnerability CVE-2020-1749 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K02186513


∗∗∗ Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloudpak-foundational-services-events-operator-is-affected-by-potential-data-integrity-issue-cve-2020-25649/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2020-14782-deferred-from-oracle-oct-2020-cpu-for-java-8/


∗∗∗ Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-security-is-vulnerable-to-cve-2021-20538-and-cve-2021-20577/


∗∗∗ Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-urijs-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/


∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise – CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2020-14782-deferred-from-oracle-oct-2020-cpu-for-java-8/


∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8/


∗∗∗ Security Bulletin: IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability (CVE-2021-20559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-control-desk-is-vulnerable-to-cross-site-scripting-vulnerability-cve-2021-20559/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Codec ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-apache-commons-codec/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in XStream ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-xstream/


∗∗∗ Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list