End-of-Day report
Timeframe: Donnerstag 07-01-2021 18:00 - Freitag 08-01-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Zwei-Faktor-Authentifizierung: Strahlung verrät Schlüssel von Googles Titan-Token
Der privaten Schlüssel eines Hardware-Sicherheitstokens von Google lässt sich anhand der Strahlung rekonstruieren.
https://www.golem.de/news/zwei-faktor-authentifizierung-strahlung-verraet-schluessel-von-googles-titan-token-2101-153245-rss.html
Using the NIST Database and API to Keep Up with Vulnerabilities and Patches - Playing with Code (Part 2 of 3), (Fri, Jan 8th)
Building on yesterday's story - now that we have an inventory built in CPE format, let's take an example CVE from that and write some code. What's in the NVD database (and API) that you can access, then use in your organization?
https://isc.sans.edu/diary/rss/26964
Evaluating Cookies to Hide Backdoors
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect. For example, an attacker can inject a single line of code containing less than 130 characters into a website file. While this may not seem like a lot of code, this short string can be used to load PHP web shells on your website [...]
https://blog.sucuri.net/2021/01/evaluating-cookies-to-hide-backdoors.html
Achtung bei der Schnäppchenjagd: Fake-Shop mydealz.live lockt mit Technik-Restposten
Schnäppchen-JägerInnen aufgepasst: Auf mydealz.live gibt es statt günstigen Angeboten nur teure Abzocke. Viele KonsumentInnen stoßen derzeit auf diese Webseite, da Sie glauben auf der Plattform mydealz.de zu sein. Doch tatsächlich handelt es sich bei mydealz.live um einen Fake-Shop, der günstige Technik-Restposten verspricht, aber nicht liefert.
https://www.watchlist-internet.at/news/achtung-bei-der-schnaeppchenjagd-fake-shop-mydealzlive-lockt-mit-technik-restposten/
A crypto-mining botnet is now stealing Docker and AWS credentials
After if began stealing AWS credentials last summer, the TeamTNT botnet is now also stealing Docker API logins, making the use of firewalls mandatory for all internet-exposed Docker interfaces.
https://www.zdnet.com/article/a-crypto-mining-botnet-is-now-stealing-docker-and-aws-credentials/
Vulnerabilities
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.
https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/
Sicherheitsupdates: Schadcode-Attacken auf Frühwarnsystem FortiDeceptor möglich
Fortinet hat wichtige Sicherheitspatches für FortiDeceptor, FortiWeb und FortiGate SSL VPN veröffentlicht.
https://heise.de/-5018396
Security updates for Friday
Security updates have been issued by Debian (firefox-esr and libxstream-java), Fedora (awstats and dia), Mageia (c-ares, dash, and dovecot), openSUSE (dovecot23, gimp, kitty, and python-notebook), Oracle (kernel), SUSE (python-paramiko and tomcat), and Ubuntu (edk2, firefox, ghostscript, and openjpeg2).
https://lwn.net/Articles/842093/
Innokas Yhtymä Oy Vital Signs Monitor
This advisory contains mitigations for Cross-site Scripting, and Improper Neutralization of Special Elements in Output Used by a Downstream Component vulnerabilities in the Innokas Yhtymä Oy Vital Signs Monitor.
https://us-cert.cisa.gov/ics/advisories/icsma-21-007-01
Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer
This advisory contains mitigations for an Improper Authentication vulnerability in the Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer device.
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-01
Omron CX-One
This advisory contains mitigations for Untrusted Pointer Dereference, Stack-based Buffer Overflow, and Type Confusion vulnerabilities in Omrons CX-One automation software suite.
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-02
Eaton EASYsoft
This advisory contains mitigations for Type Confusion, and Out-of-bounds Read vulnerabilities in Eatons EASYsoft controller software.
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
Delta Electronics CNCSoft-B
This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read, Untrusted Pointer Dereference, and Type Confusion vulnerabilities in the Delta Electronics CNCSoft-B software management platform.
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04
IBM Security Bulletins
https://www.ibm.com/blogs/psirt/