End-of-Day report
Timeframe: Freitag 12-02-2021 18:00 - Montag 15-02-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Copycats imitate novel supply chain attack that hit tech giants
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.
https://www.bleepingcomputer.com/news/security/copycats-imitate-novel-supply-chain-attack-that-hit-tech-giants/
Sunbird und Hornbill: Neue Android-Spyware der Confucius-APT
Sicherheitsforscher entdecken zwei Schadprogramme, die sie einer pro-indischen APT-Gruppe zuordnen. Beide sollen auf kommerzieller Spyware basieren.
https://www.golem.de/news/sunbird-und-hornbill-neue-android-spyware-der-confucius-apt-2102-154192-rss.html
Using Logstash to Parse IPtables Firewall Logs, (Sat, Feb 13th)
One of our reader submitted some DSL Modem Firewall logs (iptables format) and I wrote a simple logstash parser to analyze and illustrate the activity, in this case it is all scanning activity against this modem. An iptables parser exist for Filebeat, but for this example, I wanted to show how to create a simple logstash parser using Grok to parse these logs and send them to Elastic.
https://isc.sans.edu/diary/rss/27096
Vulnerabilities
VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle
Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.
https://heise.de/-5055247
Security updates for Monday
Security updates have been issued by Debian (busybox, linux-4.19, openvswitch, subversion, unbound1.9, and xterm), Fedora (audacity, community-mysql, kernel, libzypp, mysql-connector-odbc, python-django, python3.10, and zypper), openSUSE (librepo, openvswitch, subversion, and wpa_supplicant), Red Hat (subversion:1.10), SUSE (kernel, openvswitch, perl-File-Path, and wpa_supplicant), and Ubuntu (postgresql-12).
https://lwn.net/Articles/846318/
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001
* Versions affected: WebKitGTK before 2.30.5 and WPE WebKit before 2.30.5.
* Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
* Description: An use after free issue in the AudioSourceProviderGStreamer class was addressed with improved memory management.
https://webkitgtk.org/security/WSA-2021-0001.html
Security Bulletin: Insecure HTTP Communication
https://www.ibm.com/blogs/psirt/security-bulletin-insecure-http-communication-2/
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-operations-center-cve-2020-4954-cve-2020-4955-cve-2020-4956/
Security Bulletin: IBM Cognos Controller is vulnerable to privilege escalation (CVE-2020-4685)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-is-vulnerable-to-privilege-escalation-cve-2020-4685-3/
Security Bulletin: Vulnerabilities in bind CVE-2020-8622, CVE-2020-8623 and CVE-2020-8624.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-bind-cve-2020-8622-cve-2020-8623-and-cve-2020-8624/
Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console (CVE-2020-1971).
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2020-1971/