End-of-Day report
Timeframe: Dienstag 26-01-2021 18:00 - Mittwoch 27-01-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Emotet Takedown: Wir informieren Betroffene in Österreich
In einer koordinierten Aktion von mehreren Strafverfolgungsbehörden wurde das Netzwerk rund um die Malware Emotet ausgeschaltet und übernommen.
https://cert.at/de/aktuelles/2021/1/emotet-takedown-wir-informieren-betroffene-in-osterreich
Heres how a researcher broke into Microsoft VS Codes GitHub
This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code.
https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/
Linux malware uses open-source tool to evade detection
AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities.
https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/
Phishing & Malspam with Leaf PHPMailer
It-s common knowledge that attackers often use email as a delivery mechanism for their malicious activity - which can range from enticing victims to click a phishing URL or download a malicious attachment.
https://blog.sucuri.net/2021/01/phishing-malspam-with-leaf-phpmailer.html
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains.
https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html
Vorsicht beim Online-Kauf von FFP2-Masken!
Auf den Webseiten givenic.com und quantheco.com werden günstige FFP2-Masken und weitere -COVID-19 Gesundheitstools- angeboten.
https://www.watchlist-internet.at/news/vorsicht-beim-online-kauf-von-ffp2-masken/
LogoKit: Simple, Effective, and Deceptive
As sophisticated attacks dominate the headlines, its important to remember that the vast majority of cybercrime results from simple, effective, and tested tools.
https://www.riskiq.com/blog/external-threat-management/logokit-phishing/
Vulnerabilities
Apple critical patches fix in-the-wild iPhone exploits - update now!
Apple says. "Additional details available soon", which you can translate as "this one took us by surprise". So patch now!
https://nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/
New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research.
https://thehackernews.com/2021/01/new-attack-could-let-remote-hackers.html
New Docker Container Escape Bug Affects Microsoft Azure Functions
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them.
https://thehackernews.com/2021/01/new-docker-container-escape-bug-affects.html
Sicherheitsupdate: Tor Browser vor möglichen Schadcode-Attacken geschützt
Wer weiterhin anonym und sicher mit dem Tor Browser im Internet surfen möchte, sollte die aktuelle Version installieren.
https://heise.de/-5037561
Jetzt updaten: Kritische sudo-Lücke gewährt lokalen Angreifern Root-Rechte
Über die zehn Jahre alte Lücke CVE-2021-3156 können lokale Angreifer Root-Rechte via sudo ohne sudo-Berechtigungen erlangen.
https://heise.de/-5037687
Security updates for Wednesday
Security updates have been issued by Arch Linux (sudo), CentOS (sudo), Debian (sudo), Fedora (kernel, php-pear, and sudo), Gentoo (cacti, mutt, and sudo), Mageia (sudo), openSUSE (sudo), Oracle (sudo), Red Hat (sudo), Scientific Linux (sudo), Slackware (sudo), SUSE (go1.14, go1.15, nodejs8, and sudo), and Ubuntu (libsndfile and sudo).
https://lwn.net/Articles/844184/
OS command injection vulnerability in multiple Infoscience Corporation log management tools
https://jvn.jp/en/jp/JVN41853173/
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Mobile Phones
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210127-01-buffer-en
Mozilla Firefox und Thunderbird: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0093
MISP: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K21-0097
Trend Micro ServerProtect: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K21-0095
Fuji Electric Tellus Lite V-Simulator and V-Server Lite
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01
Eaton EASYsoft (Update A)
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
Mitsubishi Electric Multiple Products (Update A)
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol
https://psirt.bosch.com/security-advisories/bosch-sa-775371.html