Tageszusammenfassung - 05.02.2021

End-of-Day report

Timeframe: Donnerstag 04-02-2021 18:00 - Freitag 05-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl


Hackers steal StormShield firewall source code in data breach

Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the companys support ticket system and steal source code for Stormshield Network Security firewall software.


Free coffee! Belgian researcher hacks prepaid vending machines

Only try this at home, folks! As easy as it might look, its illegal in the wild, with good reason.


Stack Canaries - Gingerly Sidestepping the Cage

Tell-tale values added to binaries during compilation to protect critical stack values like the Return Pointer against buffer overflow attacks.


[SANS ISC] VBA Macro Trying to Alter the Application Menus

I published the following diary on isc.sans.edu: -VBA Macro Trying to Alter the Application Menus--: Who remembers the worm Melissa? It started to spread in March 1999! In information security, it looks like speaking about prehistory but I spotted a VBA macro that tried to use the same defensive techniqueThe post [SANS ISC] VBA Macro Trying to Alter the Application Menus appeared first on /dev/random.


Abusing Google Chrome extension syncing for data exfiltration and C&C

I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication.


besondereprasente.com: Fordern Sie Ihr Geld zurück!

Obwohl die Webseite besondereprasente.com gar nicht mehr existiert, erhält die Watchlist Internet nach wie vor zahlreiche Meldungen zu diesem Fake-Shop. Der Grund: Wer bei besondereprasente.com bestellt, tappt in eine teure Abo-Falle.


Plex Media servers are being abused for DDoS attacks

Cyber-security firm Netscout warns of new DDoS attack vector.


Kasperksy warnt vor Krypto-Scam

Kapersky hat ein neues Scam-System entdeckt, das es mit verlockenden Angeboten von angeblichen neuen Kryptobörsen auf Anwender von Discord abgesehen hat.



Zero-Day im Chrome-Browser: Jetzt Update einspielen

Eine aktiv ausgenutzte Schwachstelle im Chrome-Browser gefährdet die meisten Betriebssysteme. Google hat ein Update.


Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style

On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites.


Security updates for Friday

Security updates have been issued by Fedora (java-11-openjdk, kernel, and monitorix), Mageia (mutt, nodejs, and nodejs-ini), Oracle (flatpak, glibc, and kernel), Red Hat (rh-nodejs14-nodejs), Scientific Linux (flatpak), and Ubuntu (flatpak and minidlna).


WordPress Plugin "Name Directory" vulnerable to cross-site request forgery


Security Bulletin: Watson Machine Learning Community Edition docker containers have been updated to fix a security issue in libcurl


Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect Connect:Direct Web Services


Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for various security issues in nanopb.


Security Bulletin: IBM API Connect is impacted by insecure web server configuration (CVE-2020-4825)


Security Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.


Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server Admin Console


Security Bulletin: Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights


Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.


Security Bulletin: PowerHA System Mirror for AIX vulnerability


Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7754)