Tageszusammenfassung - 03.02.2021

End-of-Day report

Timeframe: Dienstag 02-02-2021 18:00 - Mittwoch 03-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd)

This Excel spreadsheet pushed what might be SystemBC malware when I tested it in my lab environment on Monday 2021-02-01.

https://isc.sans.edu/diary/rss/27060

Interview with a LockBit ransomware operator

In September 2020, Cisco Talos established contact with a self-described LockBit operator and experienced threat actor. Over the course of several weeks, we conducted multiple interviews.

https://blog.talosintelligence.com/2021/02/interview-with-lockbit-ransomware.html

Hildegard: New TeamTNT Malware Targeting Kubernetes

Hildegard is a new malware campaign believed to originate from TeamTNT. It targets Kubernetes clusters and launches cryptojacking operations.

https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/

Gefälschte Rechnung für Desinfektionsmittel im Umlauf!

Viele Unternehmen müssen aufgrund der Coronakrise stärkere Hygienemaßnahmen umsetzen. Dazu zählt auch die Bereitstellung von Desinfektionsmittel. Für viele ist es daher wohl wenig überraschend, wenn sich im E-Mail-Posteingang eine Rechnung für bestellte Desinfektionsmittel findet.

https://www.watchlist-internet.at/news/gefaelschte-rechnung-fuer-desinfektionsmittel-im-umlauf/

Vulnerabilities

Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities

In this blog, I will be discussing three new security issues that I recently found in several SolarWinds products. All three are severe bugs with the most critical one allowing remote code execution with high privileges.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/

Security updates for Wednesday

Security updates have been issued by Debian (open-build-service and openldap), Fedora (jasper, libebml, and tcmu-runner), openSUSE (segv_handler), Red Hat (thunderbird), Scientific Linux (kernel), SUSE (cups and openvswitch), and Ubuntu (apport and ca-certificates).

https://lwn.net/Articles/844948/

Recent root-giving Sudo bug also impacts macOS

A bug in the Sudo app can let attackers with access to a local system to elevate their access to a root-level account.

https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/

Cisco Security Advisories 2021-02-03

https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F02%2F03&firstPublishedEndDate=2021%2F02%2F03

Security Advisory - Improper Resource Management Vulnerability in eUDC660 Product

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-resourcemanagement-en

Security Advisory - Improper Information Processing Vulnerability in Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-informationleak-en

Security Advisory - Improper Permission Assignment Vulnerability in Huawei ManageOne Product

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-manageone-en

Security Advisory - Information Leakage Vulnerability in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210203-01-plaintextlog-en

Security Advisory - Information Leakage Vulnerability in Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210202-01-fw-en

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm-2/

Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a remote code execution vulnerability (CVE-2020-4682)

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/

Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-2/

Security Bulletin: IBM Network Performance Insight 1.3.1 affected by Apache Cassandra vulnerability (CVE-2020-13946)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-affected-by-apache-cassandra-vulnerability-cve-2020-13946/

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-node-js-cve-2020-8201-cve-2020-8251-cve-2020-8252/

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-denial-of-service-dos-via-etcd-cve-2020-15106-cve-2020-15112-cve-2020-15113/

Security Bulletin: Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sterling-connectdirect-browser-user-interface-2/

Security Bulletin: jackson-databind vulnerability CVE-2021-20190 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerability-cve-2021-20190-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-4/

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to arbitrary code excution in Drupal Core (CVE-2020-13671)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-vulnerable-to-arbitrary-code-excution-in-drupal-core-cve-2020-13671/

Security Bulletin: IBM Cloud Pak For Security vulnerable to potential information disclosure through HTTP headers (CVE-2020-4967)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-security-vulnerable-to-potential-information-disclosure-through-http-headers-cve-2020-4967/

Security Bulletin: A vulnerability in IBM Spectrum Scale allows to inject malicious content into command log files (CVE-2020-4889)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-allows-to-inject-malicious-content-into-command-log-files-cve-2020-4889/

Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-server-side-request-forgery-ssrf-cve-2020-4787/

Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Program Management

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-program-management/

Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-5/

Security Bulletin: IBM Security Guardium Insights is affected by a ClickJacking vulnerability (CVE-2020-4165)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-clickjacking-vulnerability-cve-2020-4165/

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2020 CPU that is bundled with IBM WebSphere Application Server Patterns

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-october-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns-2/

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-2/

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2020-4949/