End-of-Day report
Timeframe: Montag 08-02-2021 18:00 - Dienstag 09-02-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Android Devices Hunted by LodaRAT Windows Malware
The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign.
https://threatpost.com/android-devices-lodarat-windows/163769/
Florida: Hacker wollte Trinkwasser aus der Ferne vergiften
Kriminelle haben ein Trinkwasserwerk in Florida gehackt und die Natriumhydroxid-Zufuhr vervielfacht. Ein Mitarbeiter beobachtete die Tat und stoppte sie.
https://heise.de/-5049266
Arrest, Raids Tied to -U-Admin- Phishing Kit
Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what-s being called -one of the world-s largest phishing services.-
https://krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
The novel Chinese shellcode "BendyBear" is one of the most sophisticated, well-engineered and difficult-to-detect samples employed by an APT.
https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/
PyPI, GitLab dealing with spam attacks
Both sites have been flooded over the weekend with garbage content.
https://www.zdnet.com/article/pypi-gitlab-dealing-with-spam-attacks/
Vulnerabilities
Sicherheitsupdate: Kritische Lücke in WordPress-Plug-in NextGen Gallery
Ein Schlupfloch in NextGen Gallery könnte Schadcode auf 800.000 WordPress-Websites lassen.
https://heise.de/-5049401
Linux kernel CVE-2020-10769
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module.
https://support.f5.com/csp/article/K62532228
Security updates for Tuesday
Security updates have been issued by CentOS (flatpak), Debian (connman, golang-1.11, and openjpeg2), Fedora (pngcheck), Mageia (php, phppgadmin, and wpa_supplicant), openSUSE (privoxy), Oracle (flatpak and kernel), Red Hat (qemu-kvm-rhev), SUSE (kernel, python-urllib3, and python3), and Ubuntu (firefox).
https://lwn.net/Articles/845504/
ZDI-21-153: Micro Focus Operations Bridge Reporter userName Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-153/
SSA-379803: Vulnerabilities in RUGGEDCOM ROX II
https://cert-portal.siemens.com/productcert/txt/ssa-379803.txt
SSA-428051: Privilege Escalation Vulnerability in TIA Administrator
https://cert-portal.siemens.com/productcert/txt/ssa-428051.txt
SSA-686152: Denial-of-Service Vulnerability in ARP Protocol of SCALANCE W780 and W740
https://cert-portal.siemens.com/productcert/txt/ssa-686152.txt
SSA-663999: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1
https://cert-portal.siemens.com/productcert/txt/ssa-663999.txt
SSA-536315: Privilege escalation vulnerability in DIGSI 4
https://cert-portal.siemens.com/productcert/txt/ssa-536315.txt
SSA-944678: Potential Password Protection Bypass in SIMATIC WinCC
https://cert-portal.siemens.com/productcert/txt/ssa-944678.txt
SSA-794542: Insecure Folder Permissions in SIMARIS configuration
https://cert-portal.siemens.com/productcert/txt/ssa-794542.txt
SSA-362164: Predictable Initial Sequence Numbers in Mentor Nucleus TCP stack
https://cert-portal.siemens.com/productcert/txt/ssa-362164.txt
SSA-156833: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS
https://cert-portal.siemens.com/productcert/txt/ssa-156833.txt
SAP Patchday Februar 2021: Mehrere Schwachstellen ermöglichen Privilegieneskalation
http://www.cert-bund.de/advisoryshort/CB-K21-0139