End-of-Day report
Timeframe: Dienstag 19-01-2021 18:00 - Mittwoch 20-01-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Qakbot activity resumes after holiday break, (Wed, Jan 20th)
It had been relatively quiet for Qakbot until Tuesday 2021-01-19, when we started seeing malicious spam (malspam) pushing Qakbot again.
https://isc.sans.edu/diary/rss/27008
Google Poject Zero: The State of State Machines
On January 29, 2019, a serious vulnerability was discovered in Group FaceTime.
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations.
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Abuse.ch URLhaus als neue Datenquelle für unsere Aussendungen aufgenommen
Seit Mittwoch, 13. Jänner 2020 senden wir die Daten der URLhaus Feeds des abuse.ch-Projekts in unseren regelmäßigen Benachrichtigungen an Netzbetreiber aus. Die Feeds umfassen URLs, die Malwaredateien diverser Schadsoftwarefamilien hosten.
https://cert.at/de/blog/2021/1/abusech-urlhaus-als-neue-datenquelle-fur-unsere-aussendungen-aufgenommen
Vulnerabilities
Oracle Critical Patch Update Advisory - January 2021
This Critical Patch Update contains 329 new security patches.
https://www.oracle.com/security-alerts/cpujan2021.html
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452.
https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html
Cisco Security Advisories 2021-01-20
4 Critical, 9 High, 18 Medium severity
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F01%2F20&firstPublishedEndDate=2021%2F01%2F20&limit=50
Rechteausweitung: Kritische Lücke in älteren iOS- und macOS-Versionen
Der Bug in Apples XPC-Schnittstelle lässt sich ausnutzen, um erweiterte Rechte zu erlangen, warnt ein Sicherheitsforscher.
https://heise.de/-5030842
Security updates for Wednesday
Security updates have been issued by Fedora (coturn, dovecot, glibc, and sudo), Mageia (openldap and resource-agents), openSUSE (dnsmasq, python-jupyter_notebook, viewvc, and vlc), Oracle (dnsmasq and xstream), SUSE (perl-Convert-ASN1, postgresql, postgresql13, and xstream), and Ubuntu (nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server, pillow, pyxdg, and thunderbird).
https://lwn.net/Articles/843255/
Two Vulnerabilities in Bosch Fire Monitoring System (FSM)
BOSCH-SA-332072-BT: Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). The critical issue applies to FSM systems with versions 5.2 and lower.
https://psirt.bosch.com/security-advisories/bosch-sa-332072-bt.html
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g
Security Advisory - Inconsistent Interpretation of HTTP Requests Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210120-01-http-en
Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210120-02-privilege-en
Intel Ethernet 700 Series Controllers vulnerabilities CVE-2020-8690, CVE-2020-8691, CVE-2020-8692, and CVE-2020-8693
https://support.f5.com/csp/article/K28563873
MISP: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0057