End-of-Day report
Timeframe: Mittwoch 10-02-2021 18:00 - Donnerstag 11-02-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Dimitri Robl
News
TrickBots BazarBackdoor malware is now coded in Nim to evade antivirus
TrickBots stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software.
https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/
Hybrid, Older Users Most-Targeted by Gmail Attackers
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasnt a big factor.
https://threatpost.com/hybrid-older-users-gmail-attackers/163826/
Agent Tesla hidden in a historical anti-malware tool, (Thu, Feb 11th)
While going through attachments of e-mails, which were caught in my e-mail quarantine since the beginning of February, I found an ISO file with what turned out to be a sample of the Agent Tesla infostealer. That, by itself, would not be that unusual, but the Agent Tesla sample turned out to be unconventional in more ways than one [...]
https://isc.sans.edu/diary/rss/27088
Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)
Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant
https://us-cert.cisa.gov/ncas/current-activity/2021/02/10/microsoft-launches-phase-2-mitigation-netlogon-remote-code
Zeoticus 2.0: Ransomware With No C2 Required
Zeoticus ransomware first appeared for sale in various underground forums and markets in early 2020. The ransomware is currently Windows-specific and, according to the developers, functions on all -supported versions of Windows-.
https://labs.sentinelone.com/zeoticus-2-0-ransomware-with-no-c2-required/
FBI warnt vor Windows 7 und TeamViewer
Die US-Bundespolizei FBI hat anlässlich des Giftangriffes auf ein Wasserwerk in Florida eine offizielle Warnung vor dem Einsatz von Windows 7 und TeamViewer ausgesprochen.
https://www.zdnet.de/88393353/fbi-warnt-vor-windows-7-und-teamviewer/
Vulnerabilities
SAP Commerce Critical Security Bug Allows RCE
The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses.
https://threatpost.com/sap-commerce-critical-security-bug/163822/
DoS- und Schadcode-Attacken gegen McAfee Total Protection möglich
Es gibt ein wichtiges Sicherheitsupdate für McAfee Total Protection unter Windows.
https://heise.de/-5052175
WIndows Print Spooler Keeps Delivering Vulnerabilities, And We Keep Patching Them (CVE-2020-1030)
by Mitja Kolsek, the 0patch Team Security researcher Victor Mata of Accenture published a detailed analysis of a binary planting vulnerability in Windows Print Spooler (CVE-2020-1030), which they had previously reported to Microsoft in May 2020, and a fix for which was included in September 2020 Windows Updates.
https://blog.0patch.com/2021/02/print-spooler-keeps-delivering.html
Security updates for Thursday
Security updates have been issued by Debian (firejail and netty), Fedora (java-1.8.0-openjdk, java-11-openjdk, rubygem-mechanize, and xpdf), Mageia (gstreamer1.0-plugins-bad, nethack, and perl-Email-MIME and perl-Email-MIME-ContentType), openSUSE (firejail, java-11-openjdk, python, and rclone), Red Hat (dotnet, dotnet3.1, dotnet5.0, and rh-nodejs12-nodejs), SUSE (firefox, kernel, python, python36, and subversion), and Ubuntu (gnome-autoar, junit4, openvswitch, postsrsd, and sqlite3).
https://lwn.net/Articles/845750/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i - July 2020.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-developer-for-i-july-2020/
Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-does-not-properly-encode-error-messages-sent-to-web-users-cve-2021-20405/
Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with a cross-site scripting vulnerability (CVE-2020-7676)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-a-cross-site-scripting-vulnerability-cve-2020-7676/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Program Management
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-program-management/
Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with known vulnerabilities (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Sourcing
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-sourcing/
Security Bulletin: Cross Site Scripting may affect IBM Business Automation Workflow and IBM Case Manager (ICM) - CVE-2020-4768
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-may-affect-ibm-business-automation-workflow-and-ibm-case-manager-icm-cve-2020-4768/
Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (CVE-2020-4847)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-sufficiently-guard-against-unauthorized-api-calls-cve-2020-4847/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Contract Management
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-contract-management/
VMSA-2021-0001
https://www.vmware.com/security/advisories/VMSA-2021-0001.html
Squid: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0147
Trend Micro Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K21-0169
F5 BIG-IP: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0163