Tageszusammenfassung - 10.02.2021

End-of-Day report

Timeframe: Dienstag 09-02-2021 18:00 - Mittwoch 10-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Rinfo Is Making A Comeback and Is Scanning and Mining in Full Speed

In 2018 we blogged about a scanning&mining botnet family that uses ngrok.io to propagate samples: "A New Mining Botnet Blends Its C2s into ngrok Service", and since mid-October 2020, our BotMon system started to see a new variant of this family [...]

https://blog.netlab.360.com/rinfo-is-making-a-comeback-and-is-scanning-and-mining-in-full-speed/

---

Kaufen Sie keine Paysafecard um Zollgebühren zu bezahlen!

Eine neue Massenmail landet derzeit im Posteingang zahlreicher InternetnutzerInnen. Die Nachricht wird angeblich vom Kundenservice des deutschen oder schweizerischen Zolls gesendet.

https://www.watchlist-internet.at/news/kaufen-sie-keine-paysafecard-um-zollgebuehren-zu-bezahlen/

Vulnerabilities

Apple fixes SUDO root privilege escalation flaw in macOS

Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.

https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/

---

Confusion Attack: Microsoft warnt vor einfacher Übernahme interner Pakete

Haben internes und externes Paket den gleichen Namen, lassen sich Trojaner einschleusen.

https://www.golem.de/news/confusion-attack-microsoft-warnt-vor-einfacher-uebernahme-interner-pakete-2102-154063-rss.html

---

Microsoft February 2021 Patch Tuesday, (Tue, Feb 9th)

This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed.

https://isc.sans.edu/diary/rss/27080

---

Patchday: Adobe kümmert sich um kritische Lücken in Acrobat, Photoshop & Co.

Derzeit haben es Angreifer auf Windows-Nutzer mit Adobe Reader abgesehen. Sicherheitsupdates stehen zum Download bereit.

https://heise.de/-5050997

---

Patchday: Intel stellt aktualisierte Treiber, Firm- und Software bereit

Von Intel diesmal meist als Downloads für Endnutzer verfügbare Updates beseitigen Schwachstellen mit teils hoher Gefahreneinstufung aus diversen Produkten.

https://heise.de/-5051084

---

Security updates for Wednesday

Security updates have been issued by Debian (connman, firejail, libzstd, slirp, and xcftools), Fedora (chromium, jackson-databind, and privoxy), openSUSE (chromium), Oracle (kernel and kernel-container), Slackware (dnsmasq), SUSE (java-11-openjdk, kernel, and python), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oem-5.6, linux-oracle, linux-raspi, linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3, openjdk-8, openjdk-lts, and snapd).

https://lwn.net/Articles/845602/

---

This old security vulnerability left millions of Internet of Things devices vulnerable to attacks

Historys repeating, warn security researchers, who find that a computer security issue thats been known about for decades could be used to manipulate IoT devices - so apply the patches now.

https://www.zdnet.com/article/this-old-security-vulnerability-left-millions-of-internet-of-things-devices-vulnerable-to-attacks/

---

GE Digital HMI/SCADA iFIX

This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource vulnerabilities in the GE Digital HMI/SCADA iFIX software component.

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01

---

Advantech iView

This advisory contains mitigations for SQL Injection, Path Traversal, and Missing Authentication for Critical Function vulnerabilities in the Advantech iView device management application.

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02

---

Security Advisory - Denial of Service Vulnerability in Some Products

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-02-dos-en

---

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210210-01-memoryleak-en

---

Security Bulletin: IBM MQ is vulnerable to an error within Eclipse Jetty (CVE-2020-27216)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-error-within-eclipse-jetty-cve-2020-27216/

---

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4996)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4996/

---

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4791)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4791/

---

Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/

---

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4995)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4995/

---

Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/

---

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4795)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4795/

---

Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2016-2183)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-a-security-vulnerability-cve-2016-2183/

---

Security Bulletin: IBM QRadar SIEM is vulnerable to Arbitrary File Read (CVE-2020-4789)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-arbitrary-file-read-cve-2020-4789-2/

---

Security Bulletin: IBM Security Guardium is affected by an "Apache CXF" jar vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-cxf-jar-vulnerability/

---

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4790)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4790/