End-of-Day report
Timeframe: Mittwoch 30-12-2020 18:00 - Montag 04-01-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Citrix adds NetScaler ADC setting to block recent DDoS attacks
Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks. [...] https://support.citrix.com/article/CTX289674
https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/
Malware: Wurm macht Windows- und Linux-Server zu Monero-Minern
Die Schadsoftware nutzt offene Ports von Diensten wie MySQL aus und setzt darauf, dass sie mit schwachen Passwörtern gesichert sind.
https://www.golem.de/news/malware-wurm-macht-windows-und-linux-server-zu-monero-minern-2101-153114-rss.html
From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th)
Since another year went by, Ive decided to once again check all of the malicious files, which were caught in my e-mail quarantine during its course. Last year, when I went through the batch of files from 2019, I found couple of very large samples[1] and I wanted to see whether I- find something similar in the 2020 batch.
https://isc.sans.edu/diary/rss/26946
Cyber-Attacke über SolarWinds: Angreifer hatten Zugriff auf Microsoft-Quellcode
Microsoft hat eingeräumt, dass die Angreifer im Fall SolarWinds sehr tief in die konzerninternen Netzwerke eingedrungen und bis zum Quellcode gelangt sind.
https://heise.de/-5001678
IntelOwl 2.0: Freies Tool für Threat-Intelligence-Analysen
In der neuen Major Release 2.0 erhält das Threat-Intelligence-Werkzeug IntelOwl mehrere neue Analysatoren. Das Tool erscheint als Open-Source-Software.
https://heise.de/-5002685
Vulnerabilities
Zend Framework remote code execution vulnerability revealed
An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007.
https://www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/
Zyxel hat Backdoor in Firewalls einprogrammiert
Zyxel Networks hat in Firewalls und Access-Point-Controller Hintertüren eingebaut und das Passwort verraten. Für die Firewalls gibt es ein Update.
https://heise.de/-5002067
Security updates for Thursday
Security updates have been issued by Arch Linux (firefox, openjpeg2, openssl, qemu, tensorflow, and thunderbird) and Debian (highlight.js).
https://lwn.net/Articles/841498/
Security updates for the start of 2021
Security updates have been issued by Debian (libxstream-java and p11-kit), Mageia (curl and minidlna), and openSUSE (groovy).
https://lwn.net/Articles/841544/
Security updates for Monday
Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy).
https://lwn.net/Articles/841653/
Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201230-02-cloudengine-en
Apache Tomcat vulnerability CVE-2020-17527
https://support.f5.com/csp/article/K44415301