Tageszusammenfassung - 15.02.2021

End-of-Day report

Timeframe: Freitag 12-02-2021 18:00 - Montag 15-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner


Copycats imitate novel supply chain attack that hit tech giants

This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.


Sunbird und Hornbill: Neue Android-Spyware der Confucius-APT

Sicherheitsforscher entdecken zwei Schadprogramme, die sie einer pro-indischen APT-Gruppe zuordnen. Beide sollen auf kommerzieller Spyware basieren.


Using Logstash to Parse IPtables Firewall Logs, (Sat, Feb 13th)

One of our reader submitted some DSL Modem Firewall logs (iptables format) and I wrote a simple logstash parser to analyze and illustrate the activity, in this case it is all scanning activity against this modem. An iptables parser exist for Filebeat, but for this example, I wanted to show how to create a simple logstash parser using Grok to parse these logs and send them to Elastic.



VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle

Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.


Security updates for Monday

Security updates have been issued by Debian (busybox, linux-4.19, openvswitch, subversion, unbound1.9, and xterm), Fedora (audacity, community-mysql, kernel, libzypp, mysql-connector-odbc, python-django, python3.10, and zypper), openSUSE (librepo, openvswitch, subversion, and wpa_supplicant), Red Hat (subversion:1.10), SUSE (kernel, openvswitch, perl-File-Path, and wpa_supplicant), and Ubuntu (postgresql-12).


WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001

* Versions affected: WebKitGTK before 2.30.5 and WPE WebKit before 2.30.5. * Impact: Processing maliciously crafted web content may lead to arbitrary code execution. * Description: An use after free issue in the AudioSourceProviderGStreamer class was addressed with improved memory management.


Security Bulletin: Insecure HTTP Communication


Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956)


Security Bulletin: IBM Cognos Controller is vulnerable to privilege escalation (CVE-2020-4685)


Security Bulletin: Vulnerabilities in bind CVE-2020-8622, CVE-2020-8623 and CVE-2020-8624.


Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console (CVE-2020-1971).