Tageszusammenfassung - 04.01.2021

End-of-Day report

Timeframe: Mittwoch 30-12-2020 18:00 - Montag 04-01-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Citrix adds NetScaler ADC setting to block recent DDoS attacks

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks. [...] https://support.citrix.com/article/CTX289674

https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/


Malware: Wurm macht Windows- und Linux-Server zu Monero-Minern

Die Schadsoftware nutzt offene Ports von Diensten wie MySQL aus und setzt darauf, dass sie mit schwachen Passwörtern gesichert sind.

https://www.golem.de/news/malware-wurm-macht-windows-und-linux-server-zu-monero-minern-2101-153114-rss.html


From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th)

Since another year went by, Ive decided to once again check all of the malicious files, which were caught in my e-mail quarantine during its course. Last year, when I went through the batch of files from 2019, I found couple of very large samples[1] and I wanted to see whether I- find something similar in the 2020 batch.

https://isc.sans.edu/diary/rss/26946


Cyber-Attacke über SolarWinds: Angreifer hatten Zugriff auf Microsoft-Quellcode

Microsoft hat eingeräumt, dass die Angreifer im Fall SolarWinds sehr tief in die konzerninternen Netzwerke eingedrungen und bis zum Quellcode gelangt sind.

https://heise.de/-5001678


IntelOwl 2.0: Freies Tool für Threat-Intelligence-Analysen

In der neuen Major Release 2.0 erhält das Threat-Intelligence-Werkzeug IntelOwl mehrere neue Analysatoren. Das Tool erscheint als Open-Source-Software.

https://heise.de/-5002685

Vulnerabilities

Zend Framework remote code execution vulnerability revealed

An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007.

https://www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/


Zyxel hat Backdoor in Firewalls einprogrammiert

Zyxel Networks hat in Firewalls und Access-Point-Controller Hintertüren eingebaut und das Passwort verraten. Für die Firewalls gibt es ein Update.

https://heise.de/-5002067


Security updates for Thursday

Security updates have been issued by Arch Linux (firefox, openjpeg2, openssl, qemu, tensorflow, and thunderbird) and Debian (highlight.js).

https://lwn.net/Articles/841498/


Security updates for the start of 2021

Security updates have been issued by Debian (libxstream-java and p11-kit), Mageia (curl and minidlna), and openSUSE (groovy).

https://lwn.net/Articles/841544/


Security updates for Monday

Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy).

https://lwn.net/Articles/841653/


Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201230-02-cloudengine-en


Apache Tomcat vulnerability CVE-2020-17527

https://support.f5.com/csp/article/K44415301